Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32332d3233203d3e203631333137.roa
File:                     3139342e33312e3134382e302f32332d3233203d3e203631333137.roa (raw, json)
Hash identifier:          JaOwNnynGDvjuO7INcmaDWTgcM2/MhSL5ildePzhDZo=
Subject key identifier:   49:0C:E3:FB:8A:6F:2B:29:3F:E9:48:49:1D:59:2D:85:C9:36:74:F1
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       0F247547A07509413F67C4C8854B577D9736852B
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32332d3233203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:44 +0000
ROA not before:           Mon 26 Feb 2024 08:47:44 +0000
ROA not after:            Mon 24 Feb 2025 08:52:44 +0000
asID:                     61317
IP address blocks:        194.31.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:24:75:47:a0:75:09:41:3f:67:c4:c8:85:4b:57:7d:97:36:85:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:44 2024 GMT
            Not After : Feb 24 08:52:44 2025 GMT
        Subject: CN=490CE3FB8A6F2B293FE948491D592D85C93674F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bb:81:2c:17:43:8e:e0:f1:63:af:0f:49:0d:
                    1f:37:0e:22:1b:b7:a2:4a:6e:64:1c:81:0c:ea:ce:
                    e1:93:dc:07:07:1c:bb:ce:51:c8:22:2d:65:dc:4b:
                    60:e6:3d:85:5c:c3:b2:f5:36:86:98:e4:b4:16:cb:
                    57:68:c9:7f:eb:0b:4d:ef:70:f3:50:68:b3:b4:0c:
                    cf:f7:1c:c9:77:96:da:c1:f9:65:44:bb:4c:0b:7b:
                    ea:73:62:64:4a:60:9e:77:e2:e6:0b:00:ce:21:32:
                    a1:a7:8c:cf:72:af:ae:56:5c:03:df:0b:8d:8b:ea:
                    32:3a:ac:a5:57:5a:50:05:55:f8:cb:6f:c0:a4:23:
                    d2:de:57:58:55:3b:8e:52:e4:66:a4:5c:27:d5:98:
                    6a:94:0e:79:a5:36:ff:92:ea:26:3b:55:67:42:cf:
                    6c:e9:c9:ed:d7:e5:b6:5c:d0:9a:44:ea:a4:b3:42:
                    b8:1e:0d:8d:03:e6:70:ac:bc:66:23:d0:14:21:8b:
                    12:e9:70:04:b4:00:ee:cb:c3:53:9d:41:2f:c0:a7:
                    a7:0f:22:1a:e3:c1:44:f9:70:9a:0c:c3:9d:94:70:
                    84:ff:b8:a6:65:90:eb:a3:fc:ff:29:62:02:36:3a:
                    47:f1:54:fc:34:5b:cf:60:78:a6:79:43:f6:df:5d:
                    4a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:0C:E3:FB:8A:6F:2B:29:3F:E9:48:49:1D:59:2D:85:C9:36:74:F1
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32332d3233203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:36:14:b6:6f:bc:8c:41:4d:70:74:67:84:37:8b:68:fe:e5:
         5a:b0:12:29:c5:b5:ef:86:a0:86:24:a7:10:af:14:84:3b:a2:
         2b:48:dc:94:c5:b5:e0:3c:b0:c0:f4:eb:09:2f:06:ad:52:c5:
         85:ae:ab:6e:7a:05:75:4d:2b:55:91:26:6e:1e:80:2b:f7:95:
         8d:8e:c8:a5:39:d0:8e:e3:de:d5:5d:ab:12:18:05:98:30:4b:
         05:2d:28:0c:bd:dc:43:8b:de:4a:a6:9d:33:40:f9:b6:70:16:
         fa:80:17:75:1a:c1:0b:49:9c:b5:1e:07:2a:2e:48:38:b0:29:
         24:18:de:a5:9a:93:06:af:9b:bb:91:cd:48:1e:b5:a5:2b:a9:
         bd:77:9a:06:1b:89:9b:55:82:2c:96:cc:d7:93:26:29:8f:df:
         40:90:b9:f7:31:13:05:12:bb:e2:fd:19:ed:a6:6a:bd:f6:e0:
         56:99:ca:fe:81:54:ad:9c:53:83:3e:c5:7f:aa:17:5f:7e:b5:
         23:60:16:86:4a:79:ca:e3:5a:cd:bd:91:66:16:cb:8d:28:1e:
         78:58:3b:2e:40:cc:c9:6d:7c:2c:54:c2:d9:7b:8a:21:e0:0b:
         c7:65:5d:a5:90:ea:61:87:bd:af:6e:c5:55:af:d0:23:05:f6:
         29:2f:d7:2b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUDyR1R6B1CUE/Z8TIhUtXfZc2hSswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDRaFw0yNTAyMjQwODUyNDRaMDMxMTAvBgNV
BAMTKDQ5MENFM0ZCOEE2RjJCMjkzRkU5NDg0OTFENTkyRDg1QzkzNjc0RjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCu4EsF0OO4PFjrw9JDR83DiIb
t6JKbmQcgQzqzuGT3AcHHLvOUcgiLWXcS2DmPYVcw7L1NoaY5LQWy1doyX/rC03v
cPNQaLO0DM/3HMl3ltrB+WVEu0wLe+pzYmRKYJ534uYLAM4hMqGnjM9yr65WXAPf
C42L6jI6rKVXWlAFVfjLb8CkI9LeV1hVO45S5GakXCfVmGqUDnmlNv+S6iY7VWdC
z2zpye3X5bZc0JpE6qSzQrgeDY0D5nCsvGYj0BQhixLpcAS0AO7Lw1OdQS/Ap6cP
IhrjwUT5cJoMw52UcIT/uKZlkOuj/P8pYgI2OkfxVPw0W89geKZ5Q/bfXUoXAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUSQzj+4pvKyk/6UhJHVkthck2dPEwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzMTM0
MzgyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
wh+UMA0GCSqGSIb3DQEBCwUAA4IBAQC0NhS2b7yMQU1wdGeEN4to/uVasBIpxbXv
hqCGJKcQrxSEO6IrSNyUxbXgPLDA9OsJLwatUsWFrqtuegV1TStVkSZuHoAr95WN
jsilOdCO497VXasSGAWYMEsFLSgMvdxDi95Kpp0zQPm2cBb6gBd1GsELSZy1Hgcq
Lkg4sCkkGN6lmpMGr5u7kc1IHrWlK6m9d5oGG4mbVYIslszXkyYpj99AkLn3MRMF
Ervi/Rntpmq99uBWmcr+gVStnFODPsV/qhdffrUjYBaGSnnK41rNvZFmFsuNKB54
WDsuQMzJbXwsVMLZe4oh4AvHZV2lkOphh72vbsVVr9AjBfYpL9cr
-----END CERTIFICATE-----
Generated at Fri Mar 29 03:07:54 2024 by rpki-client on console-fra.rpki-client.org