Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39322e3131382e35312e302f32342d3234203d3e20313336373837.roa
File:                     39322e3131382e35312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          tMtJp00Zrg60R/i2PrbVfqW3f3kkJ5RyFclOPL5362c=
Subject key identifier:   C4:18:6C:E2:FA:A5:91:AF:53:02:F9:F0:45:10:70:41:FB:1B:12:2E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1FC3BE80362821456B4C35D942674662A7FF2F92
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39322e3131382e35312e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:54:29 +0000
ROA not before:           Sat 02 Mar 2024 21:49:29 +0000
ROA not after:            Sat 01 Mar 2025 21:54:29 +0000
asID:                     136787
IP address blocks:        92.118.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:c3:be:80:36:28:21:45:6b:4c:35:d9:42:67:46:62:a7:ff:2f:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  2 21:49:29 2024 GMT
            Not After : Mar  1 21:54:29 2025 GMT
        Subject: CN=C4186CE2FAA591AF5302F9F045107041FB1B122E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:63:c0:94:39:ab:1a:d4:07:27:3b:57:58:e3:
                    1f:c4:7b:cb:09:e9:f2:98:8c:4b:70:26:1e:96:b0:
                    b2:39:87:5d:8c:5f:e7:55:2d:51:45:b4:99:34:12:
                    1b:ae:ab:d3:5d:fe:a6:52:d2:5f:24:b6:9b:03:5f:
                    ce:33:1c:37:c6:10:57:8e:fb:10:f8:59:80:8f:2d:
                    91:48:f0:14:91:7c:be:52:1c:ad:32:22:dc:15:51:
                    36:ed:2b:6e:67:2b:0c:b0:d2:e1:09:86:1b:e8:0a:
                    3b:c5:a6:44:4b:73:4f:7c:34:f8:6c:e1:ec:ab:3d:
                    3b:f2:09:31:14:19:14:3b:42:3f:1c:cd:c5:5a:cb:
                    c8:00:f0:ba:38:40:a8:af:69:a2:59:91:12:70:df:
                    94:74:18:58:aa:c4:1b:be:77:2c:f0:c8:7d:0a:68:
                    f7:7e:39:d2:30:1d:10:67:33:06:8b:1b:02:2b:e7:
                    0f:f5:ae:f0:c6:00:ca:ec:f4:17:f3:71:66:af:fa:
                    8c:42:c9:fd:6e:bf:f1:93:9f:1f:64:b1:6a:e0:dd:
                    f6:6d:39:00:bd:ad:34:93:32:63:2e:6d:a0:40:15:
                    87:1e:2f:19:5c:5b:69:d1:ed:20:6d:08:d1:e0:27:
                    6c:2c:eb:85:63:d6:f5:2c:43:cc:24:00:cb:f8:8d:
                    42:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:18:6C:E2:FA:A5:91:AF:53:02:F9:F0:45:10:70:41:FB:1B:12:2E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39322e3131382e35312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:ca:3d:ee:ee:9f:13:52:dd:65:01:f3:73:f7:5d:74:51:af:
         97:9b:c3:f0:76:1e:10:35:9a:68:28:73:36:77:96:1c:58:a0:
         5e:c2:f2:bc:b0:32:f8:05:67:30:de:19:a7:1b:f2:b5:ad:56:
         ee:cb:38:60:38:15:79:08:b0:af:b8:c3:50:74:eb:c4:90:b4:
         76:0e:83:0b:7b:26:66:d5:ea:25:0f:14:df:07:c2:fb:ac:d7:
         ea:25:1e:b4:6e:95:73:0c:5d:12:a3:94:1e:92:65:9f:11:ec:
         c4:1c:94:ac:28:b2:8c:91:36:59:84:0b:6a:ba:7d:66:50:4a:
         4e:eb:c4:d5:ed:69:a6:6b:a8:43:3d:b9:c1:7b:90:8c:fe:c2:
         9e:57:b0:fc:04:3a:22:66:1c:4f:73:fa:5d:5f:39:81:f7:48:
         f1:b4:97:e2:86:b0:c3:15:0b:ac:22:13:33:b0:e1:6d:de:9b:
         1a:89:3e:37:3b:54:dc:8c:51:9e:fc:fd:cd:ea:15:6e:ad:87:
         43:88:e3:54:69:fb:49:d8:78:ab:8c:c9:c2:90:54:bd:97:b6:
         3f:bd:48:c1:ec:ab:72:05:5c:72:c6:77:62:e8:19:c7:09:f0:
         f4:4f:50:55:a9:30:b6:a5:8b:d0:8d:70:b4:01:d9:74:6f:3d:
         44:92:8b:8e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUH8O+gDYoIUVrTDXZQmdGYqf/L5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMDIyMTQ5MjlaFw0yNTAzMDEyMTU0MjlaMDMxMTAvBgNV
BAMTKEM0MTg2Q0UyRkFBNTkxQUY1MzAyRjlGMDQ1MTA3MDQxRkIxQjEyMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfY8CUOasa1AcnO1dY4x/Ee8sJ
6fKYjEtwJh6WsLI5h12MX+dVLVFFtJk0Ehuuq9Nd/qZS0l8ktpsDX84zHDfGEFeO
+xD4WYCPLZFI8BSRfL5SHK0yItwVUTbtK25nKwyw0uEJhhvoCjvFpkRLc098NPhs
4eyrPTvyCTEUGRQ7Qj8czcVay8gA8Lo4QKivaaJZkRJw35R0GFiqxBu+dyzwyH0K
aPd+OdIwHRBnMwaLGwIr5w/1rvDGAMrs9BfzcWav+oxCyf1uv/GTnx9ksWrg3fZt
OQC9rTSTMmMubaBAFYceLxlcW2nR7SBtCNHgJ2ws64Vj1vUsQ8wkAMv4jUKjAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUxBhs4vqlka9TAvnwRRBwQfsbEi4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzkzMjJlMzEzMTM4MmUzNTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
XHYzMA0GCSqGSIb3DQEBCwUAA4IBAQBdyj3u7p8TUt1lAfNz9110Ua+Xm8Pwdh4Q
NZpoKHM2d5YcWKBewvK8sDL4BWcw3hmnG/K1rVbuyzhgOBV5CLCvuMNQdOvEkLR2
DoMLeyZm1eolDxTfB8L7rNfqJR60bpVzDF0So5QekmWfEezEHJSsKLKMkTZZhAtq
un1mUEpO68TV7Wmma6hDPbnBe5CM/sKeV7D8BDoiZhxPc/pdXzmB90jxtJfihrDD
FQusIhMzsOFt3psaiT43O1TcjFGe/P3N6hVurYdDiONUaftJ2HirjMnCkFS9l7Y/
vUjB7KtyBVxyxndi6BnHCfD0T1BVqTC2pYvQjXC0Adl0bz1EkouO
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org