Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e3136382e3139322e302f32332d3234203d3e203437353833.roa
File:                     3139332e3136382e3139322e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          orJdZCGgDn3j4xVIJbG/5aFdxCsxBBkwNp0pQgLJ/vE=
Subject key identifier:   17:7D:A9:FD:D5:85:C5:11:B9:09:73:A8:CC:BF:D9:CE:95:02:3E:AA
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       6295174448B7CC375B07B67387810717C8CC4EB5
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e3136382e3139322e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:45 +0000
ROA not before:           Mon 26 Feb 2024 08:47:45 +0000
ROA not after:            Mon 24 Feb 2025 08:52:45 +0000
asID:                     47583
IP address blocks:        193.168.192.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:95:17:44:48:b7:cc:37:5b:07:b6:73:87:81:07:17:c8:cc:4e:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:45 2024 GMT
            Not After : Feb 24 08:52:45 2025 GMT
        Subject: CN=177DA9FDD585C511B90973A8CCBFD9CE95023EAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6a:d7:28:ca:d9:85:4f:fe:05:db:c6:07:96:
                    9c:ba:fb:36:60:53:bb:fb:6b:27:4c:79:bd:38:c1:
                    df:94:80:76:d0:6b:90:51:2f:be:42:ec:f6:bc:a5:
                    e4:ea:82:d4:c7:55:a0:fd:f9:24:a0:3d:33:1c:23:
                    18:a4:52:d3:2c:91:aa:fa:38:ac:d0:3c:fa:40:c8:
                    92:69:92:9f:0b:34:2d:3a:dd:60:13:36:90:93:17:
                    cc:d9:f7:8b:aa:95:26:3d:8c:ca:94:b8:7a:e1:09:
                    50:be:9a:60:97:0e:79:81:21:dc:d7:b8:e1:ed:61:
                    1f:4f:13:86:b2:17:74:60:2c:4b:1c:a6:ee:2c:6d:
                    8b:fc:2c:7c:5b:e2:e2:e5:6e:6a:87:29:d4:05:bd:
                    ad:1b:f7:41:3c:c3:3b:69:d7:8a:35:9a:68:a7:4b:
                    cf:68:93:00:d9:9c:b4:b8:01:8e:1f:39:36:11:d7:
                    2e:41:c8:9a:8e:82:2e:38:f3:b1:ca:83:4b:6b:7f:
                    53:30:8b:73:d7:25:96:28:e9:84:9c:e9:0a:ac:e4:
                    7d:0a:f6:a5:fe:93:3d:d6:fa:da:61:f2:b2:3f:b4:
                    bb:41:48:75:4e:b3:2c:61:0c:33:e7:db:ee:a5:c4:
                    0c:64:df:59:8b:92:5d:af:c8:f0:fe:8e:81:e0:db:
                    b3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:7D:A9:FD:D5:85:C5:11:B9:09:73:A8:CC:BF:D9:CE:95:02:3E:AA
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e3136382e3139322e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:2b:8a:12:8b:d4:37:bb:bd:da:56:cc:cb:7a:85:16:84:d8:
         ba:45:5e:4f:c1:94:bb:7d:4d:75:c1:54:b9:1b:72:96:28:b6:
         a9:f1:20:67:ec:55:f3:f5:1a:a4:c3:40:d0:14:5e:7c:bf:bc:
         35:13:3d:c4:d6:ca:6e:14:08:0e:38:d3:42:b6:b5:fd:41:75:
         50:99:98:f6:93:99:76:db:8d:5c:56:b4:2f:7c:e3:69:75:47:
         11:ad:a3:b4:21:e2:70:e8:c1:f3:9e:31:98:34:69:d0:52:29:
         4c:0b:6d:75:01:7d:ba:42:e0:71:53:51:17:8e:53:01:ca:6e:
         b0:2c:13:b5:a4:e8:c0:b9:f3:f7:d5:fa:90:42:0e:d9:b6:35:
         c9:df:52:40:22:55:73:55:8e:2a:d5:15:2a:90:c8:f5:13:6b:
         3c:c2:92:6b:f6:55:ba:47:7f:0b:d3:6a:77:b4:c6:f4:38:9d:
         01:30:12:b9:8f:05:a8:ad:3a:4e:29:38:5a:c4:5a:4f:f8:10:
         52:91:c5:80:04:12:b8:98:4e:56:71:8e:73:7a:ee:6b:40:ff:
         20:3b:49:59:be:2d:ce:27:f9:aa:a9:9a:51:ad:20:ec:68:74:
         43:9a:54:68:db:2b:f8:45:12:1a:bc:ff:99:a5:6a:e0:8a:ec:
         ff:59:0a:15
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUYpUXREi3zDdbB7Zzh4EHF8jMTrUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDVaFw0yNTAyMjQwODUyNDVaMDMxMTAvBgNV
BAMTKDE3N0RBOUZERDU4NUM1MTFCOTA5NzNBOENDQkZEOUNFOTUwMjNFQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0atcoytmFT/4F28YHlpy6+zZg
U7v7aydMeb04wd+UgHbQa5BRL75C7Pa8peTqgtTHVaD9+SSgPTMcIxikUtMskar6
OKzQPPpAyJJpkp8LNC063WATNpCTF8zZ94uqlSY9jMqUuHrhCVC+mmCXDnmBIdzX
uOHtYR9PE4ayF3RgLEscpu4sbYv8LHxb4uLlbmqHKdQFva0b90E8wztp14o1mmin
S89okwDZnLS4AY4fOTYR1y5ByJqOgi4487HKg0trf1Mwi3PXJZYo6YSc6Qqs5H0K
9qX+kz3W+tph8rI/tLtBSHVOsyxhDDPn2+6lxAxk31mLkl2vyPD+joHg27OvAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUF32p/dWFxRG5CXOozL/ZzpUCPqowHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTMzMmUzMTM2MzgyZTMx
MzkzMjJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAHBqMAwDQYJKoZIhvcNAQELBQADggEBAGMrihKL1De7vdpWzMt6hRaE2LpFXk/B
lLt9TXXBVLkbcpYotqnxIGfsVfP1GqTDQNAUXny/vDUTPcTWym4UCA4400K2tf1B
dVCZmPaTmXbbjVxWtC9842l1RxGto7Qh4nDowfOeMZg0adBSKUwLbXUBfbpC4HFT
UReOUwHKbrAsE7Wk6MC58/fV+pBCDtm2NcnfUkAiVXNVjirVFSqQyPUTazzCkmv2
VbpHfwvTane0xvQ4nQEwErmPBaitOk4pOFrEWk/4EFKRxYAEEriYTlZxjnN67mtA
/yA7SVm+Lc4n+aqpmlGtIOxodEOaVGjbK/hFEhq8/5mlauCK7P9ZChU=
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:26 2024 by rpki-client on console-ams.rpki-client.org