Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39322e3131382e35302e302f32342d3234203d3e20313336373837.roa
File:                     39322e3131382e35302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          GxOBpoFwOimdaB15wRV/EkvDk8fO/zx/qK3F5I7/dRQ=
Subject key identifier:   B0:45:0F:ED:29:86:44:7C:73:1E:DC:F2:65:30:5D:3C:50:62:F8:5D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       24D4246958AE4C9EE8AA9AD5DFEDCD1CAC647713
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39322e3131382e35302e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:54:28 +0000
ROA not before:           Sat 02 Mar 2024 21:49:28 +0000
ROA not after:            Sat 01 Mar 2025 21:54:28 +0000
asID:                     136787
IP address blocks:        92.118.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:d4:24:69:58:ae:4c:9e:e8:aa:9a:d5:df:ed:cd:1c:ac:64:77:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  2 21:49:28 2024 GMT
            Not After : Mar  1 21:54:28 2025 GMT
        Subject: CN=B0450FED2986447C731EDCF265305D3C5062F85D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:08:7a:53:34:70:70:5a:50:cf:ac:20:78:54:
                    f9:a5:c7:2f:d4:2f:b1:0a:35:ba:c2:0c:4c:1a:43:
                    c4:aa:28:1a:bb:4f:30:ff:40:2d:52:68:bc:c2:a9:
                    db:2a:c5:95:74:49:38:56:85:dd:57:40:bd:b0:79:
                    3d:c9:25:17:1b:9b:61:69:8e:cd:7a:55:6c:61:45:
                    ba:bc:40:dc:5d:dc:a5:03:df:a8:86:69:90:95:20:
                    44:05:91:a4:94:0f:54:61:12:73:28:c6:94:c1:e7:
                    a8:9c:bd:be:30:be:a1:08:72:60:73:38:31:b1:93:
                    99:b6:3c:77:c2:61:fd:53:40:fd:69:a4:9d:69:51:
                    a5:30:50:b0:32:a5:35:6d:a3:16:93:a1:3b:77:d3:
                    51:04:82:94:86:65:1f:6b:51:3d:9b:e9:a2:4d:86:
                    c2:36:e6:fd:13:39:5e:27:57:54:d3:2a:4c:e5:88:
                    40:34:89:8c:64:d0:ee:b6:03:30:39:6c:52:d8:1f:
                    8a:e7:c7:cf:c5:da:49:a8:5f:ae:b2:41:41:ce:2f:
                    45:d8:3d:f1:5e:37:83:8b:f4:38:2f:ab:cc:d8:29:
                    16:72:a5:9e:bb:4a:6a:8d:f1:e4:d9:51:15:6b:e3:
                    17:9e:62:f6:75:81:f8:36:8a:c8:15:ec:7d:6f:77:
                    6c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:45:0F:ED:29:86:44:7C:73:1E:DC:F2:65:30:5D:3C:50:62:F8:5D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39322e3131382e35302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:fb:7c:97:64:c3:ac:37:ea:11:de:b8:95:07:b1:cd:67:cd:
         9b:8f:24:e6:8e:e4:80:d3:eb:18:17:28:d5:1c:e1:f4:a4:78:
         47:7b:2d:f3:56:09:79:4a:0f:88:eb:4c:18:7f:3f:ba:81:0a:
         a2:86:fb:79:8f:5f:63:6f:be:b5:74:68:2a:01:43:25:ee:03:
         a9:21:c2:30:31:99:73:94:79:3a:ed:a2:9f:b0:10:8b:17:2d:
         be:54:61:34:10:51:6a:60:fc:ac:96:d6:f5:1c:17:7e:93:de:
         c7:8f:1d:0b:65:42:54:f8:03:21:22:c4:3d:73:77:73:49:a9:
         93:8f:f2:8b:dc:1f:95:1f:69:0b:61:ea:ff:46:b5:a0:3f:be:
         72:60:6b:be:df:ba:3f:70:73:91:7b:3b:73:89:36:4b:7f:77:
         b6:87:ef:3a:00:0f:f4:4b:cc:ce:cd:b0:a8:4f:00:f5:2b:04:
         38:7f:d6:e4:41:4a:d8:bd:35:ef:a0:ae:31:c2:0c:a0:bf:ee:
         61:f5:f6:e4:e9:66:3c:33:d5:c0:66:55:e2:87:2b:25:a9:11:
         0e:12:71:64:ad:69:57:9e:f6:bd:ef:be:05:22:ad:7b:8d:62:
         6d:44:d6:5c:1b:30:cf:54:5e:50:48:10:ae:f8:f9:99:ff:91:
         59:b3:08:ba
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUJNQkaViuTJ7oqprV3+3NHKxkdxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMDIyMTQ5MjhaFw0yNTAzMDEyMTU0MjhaMDMxMTAvBgNV
BAMTKEIwNDUwRkVEMjk4NjQ0N0M3MzFFRENGMjY1MzA1RDNDNTA2MkY4NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3CHpTNHBwWlDPrCB4VPmlxy/U
L7EKNbrCDEwaQ8SqKBq7TzD/QC1SaLzCqdsqxZV0SThWhd1XQL2weT3JJRcbm2Fp
js16VWxhRbq8QNxd3KUD36iGaZCVIEQFkaSUD1RhEnMoxpTB56icvb4wvqEIcmBz
ODGxk5m2PHfCYf1TQP1ppJ1pUaUwULAypTVtoxaToTt301EEgpSGZR9rUT2b6aJN
hsI25v0TOV4nV1TTKkzliEA0iYxk0O62AzA5bFLYH4rnx8/F2kmoX66yQUHOL0XY
PfFeN4OL9Dgvq8zYKRZypZ67SmqN8eTZURVr4xeeYvZ1gfg2isgV7H1vd2zpAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUsEUP7SmGRHxzHtzyZTBdPFBi+F0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzkzMjJlMzEzMTM4MmUzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
XHYyMA0GCSqGSIb3DQEBCwUAA4IBAQCM+3yXZMOsN+oR3riVB7HNZ82bjyTmjuSA
0+sYFyjVHOH0pHhHey3zVgl5Sg+I60wYfz+6gQqihvt5j19jb761dGgqAUMl7gOp
IcIwMZlzlHk67aKfsBCLFy2+VGE0EFFqYPysltb1HBd+k97Hjx0LZUJU+AMhIsQ9
c3dzSamTj/KL3B+VH2kLYer/RrWgP75yYGu+37o/cHOReztziTZLf3e2h+86AA/0
S8zOzbCoTwD1KwQ4f9bkQUrYvTXvoK4xwgygv+5h9fbk6WY8M9XAZlXihyslqREO
EnFkrWlXnva9774FIq17jWJtRNZcGzDPVF5QSBCu+PmZ/5FZswi6
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:04 2024 by rpki-client on console-fra.rpki-client.org