Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e36392e302f32342d3234203d3e20313336373837.roa
File:                     3139332e34332e36392e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          6oiEiCrYUlNvUAyezJgH0JvHQk1iEQefiinK8kQzXS0=
Subject key identifier:   72:12:81:FC:62:09:23:E4:9B:BA:BA:35:25:45:B4:0D:97:81:48:2A
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1A388EB0A124279632D6823A710729CC127027A5
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e36392e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 03 Apr 2024 19:03:27 +0000
ROA not before:           Wed 03 Apr 2024 18:58:27 +0000
ROA not after:            Wed 02 Apr 2025 19:03:27 +0000
asID:                     136787
IP address blocks:        193.43.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:38:8e:b0:a1:24:27:96:32:d6:82:3a:71:07:29:cc:12:70:27:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Apr  3 18:58:27 2024 GMT
            Not After : Apr  2 19:03:27 2025 GMT
        Subject: CN=721281FC620923E49BBABA352545B40D9781482A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:da:9b:8a:43:8a:e7:ee:09:6a:9f:cc:d9:28:
                    e0:83:87:d6:5d:66:04:7b:a4:d0:da:79:c3:b7:ec:
                    11:f2:88:a2:32:c5:09:78:7b:da:64:0e:99:71:40:
                    21:c7:69:27:09:c6:dd:ec:43:be:3d:2b:a3:d9:e2:
                    1a:7e:d8:30:07:c2:53:83:4c:2c:0c:b3:33:b4:a5:
                    61:81:4f:12:1d:78:93:2e:b7:cf:3f:11:ef:54:16:
                    94:90:22:8c:bb:b1:b9:a8:50:bf:44:4f:29:ab:08:
                    f2:bd:5d:cd:9b:ee:cd:a9:56:8e:fc:2c:41:92:e7:
                    93:ec:93:73:c5:4a:a0:68:4d:e1:ac:37:e0:a6:48:
                    7a:fd:2c:07:42:5b:c7:04:27:98:96:bb:f7:b4:02:
                    80:46:4e:df:74:10:0f:12:f4:63:7b:d6:6f:22:e9:
                    46:fb:6e:72:62:b5:0c:3b:2b:a7:65:7f:82:e6:0b:
                    27:3f:86:3a:80:ef:9e:09:d5:3d:76:88:71:fb:d8:
                    74:be:2c:46:46:fb:6f:bc:5a:b8:df:1c:1f:6d:67:
                    d7:4f:8d:5c:79:e5:18:71:d0:e8:09:b7:0a:b5:a3:
                    bd:a0:b8:c4:e7:f4:5a:ed:6a:58:ee:b7:50:ad:92:
                    43:03:03:b9:02:a4:a6:5b:d9:07:83:a0:95:66:67:
                    f5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:12:81:FC:62:09:23:E4:9B:BA:BA:35:25:45:B4:0D:97:81:48:2A
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e36392e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:50:f0:47:c9:86:bf:b2:34:3f:3b:43:ca:a8:f6:c8:09:8f:
         fa:02:3c:e7:d0:17:0a:50:9d:e7:16:f5:d3:7e:86:63:28:b8:
         57:1e:d2:6d:11:64:75:aa:c2:b1:a2:9b:d1:5a:a4:89:93:3f:
         b2:7d:92:cf:ee:e8:fc:96:2f:0c:21:cb:88:fd:c9:cf:b4:63:
         e6:3d:be:7b:82:29:69:ba:97:1a:00:be:c1:e0:fc:e8:6b:22:
         03:68:6c:ce:7c:ca:7a:0a:bd:8d:b1:7a:d2:1a:2f:91:b3:e6:
         b6:91:44:81:05:ad:63:39:6e:db:98:85:87:66:cc:9b:fe:e8:
         94:a1:25:94:04:e2:b8:a3:fc:ed:10:0b:5c:e2:2a:ef:5e:e0:
         42:9d:6c:4d:79:02:4c:9c:b2:20:ba:44:7c:ef:bc:e7:7a:a1:
         b5:8d:09:2d:be:9b:71:72:40:c0:c8:8c:ae:93:96:42:ac:72:
         d5:4f:e6:da:c5:6a:67:0c:78:29:d7:e1:28:73:45:64:e7:6d:
         80:31:84:8d:9d:84:ca:f4:52:69:be:c9:11:f4:09:03:04:da:
         51:50:d4:aa:29:a5:60:c4:38:d6:ea:a2:62:1d:0f:4f:dc:2c:
         87:e0:66:0c:57:1a:04:83:ee:9f:bb:b5:b7:82:15:aa:02:b1:
         aa:89:d4:d0
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGjiOsKEkJ5Yy1oI6cQcpzBJwJ6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA0MDMxODU4MjdaFw0yNTA0MDIxOTAzMjdaMDMxMTAvBgNV
BAMTKDcyMTI4MUZDNjIwOTIzRTQ5QkJBQkEzNTI1NDVCNDBEOTc4MTQ4MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC02puKQ4rn7glqn8zZKOCDh9Zd
ZgR7pNDaecO37BHyiKIyxQl4e9pkDplxQCHHaScJxt3sQ749K6PZ4hp+2DAHwlOD
TCwMszO0pWGBTxIdeJMut88/Ee9UFpSQIoy7sbmoUL9ETymrCPK9Xc2b7s2pVo78
LEGS55Psk3PFSqBoTeGsN+CmSHr9LAdCW8cEJ5iWu/e0AoBGTt90EA8S9GN71m8i
6Ub7bnJitQw7K6dlf4LmCyc/hjqA754J1T12iHH72HS+LEZG+2+8WrjfHB9tZ9dP
jVx55Rhx0OgJtwq1o72guMTn9Frtaljut1CtkkMDA7kCpKZb2QeDoJVmZ/UHAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUchKB/GIJI+Sburo1JUW0DZeBSCowHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTMzMmUzNDMzMmUzNjM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wStFMA0GCSqGSIb3DQEBCwUAA4IBAQAHUPBHyYa/sjQ/O0PKqPbICY/6Ajzn0BcK
UJ3nFvXTfoZjKLhXHtJtEWR1qsKxopvRWqSJkz+yfZLP7uj8li8MIcuI/cnPtGPm
Pb57gilpupcaAL7B4PzoayIDaGzOfMp6Cr2NsXrSGi+Rs+a2kUSBBa1jOW7bmIWH
Zsyb/uiUoSWUBOK4o/ztEAtc4irvXuBCnWxNeQJMnLIgukR877zneqG1jQktvptx
ckDAyIyuk5ZCrHLVT+baxWpnDHgp1+Eoc0Vk522AMYSNnYTK9FJpvskR9AkDBNpR
UNSqKaVgxDjW6qJiHQ9P3CyH4GYMVxoEg+6fu7W3ghWqArGqidTQ
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org