Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134392e302f32342d3234203d3e20313432313436.roa
File:                     3139342e33312e3134392e302f32342d3234203d3e20313432313436.roa (raw, json)
Hash identifier:          Y8mcmbkhRkJDakkFqIX80L1L0asgcnlhi58QTc8gd0g=
Subject key identifier:   99:0F:67:C3:45:6B:8D:F2:29:2A:27:E1:FA:D2:C6:37:EF:28:55:F2
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       2C6BCE98307D086329F3376A67AC7C680440466D
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134392e302f32342d3234203d3e20313432313436.roa
Signing time:             Wed 19 Jun 2024 11:24:27 +0000
ROA not before:           Wed 19 Jun 2024 11:19:27 +0000
ROA not after:            Wed 18 Jun 2025 11:24:27 +0000
asID:                     142146
IP address blocks:        194.31.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:6b:ce:98:30:7d:08:63:29:f3:37:6a:67:ac:7c:68:04:40:46:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jun 19 11:19:27 2024 GMT
            Not After : Jun 18 11:24:27 2025 GMT
        Subject: CN=990F67C3456B8DF2292A27E1FAD2C637EF2855F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6d:fa:e8:1f:d9:9a:ce:87:2b:c6:ba:71:ce:
                    41:94:f3:ca:8a:f2:ff:68:4c:d9:c2:64:4a:90:f2:
                    82:ef:49:1f:b1:9c:c2:09:32:a9:68:90:09:ba:dc:
                    49:59:e1:20:9f:8a:5a:ed:38:a5:2c:a8:0c:c6:18:
                    28:19:fc:3c:56:70:53:87:58:bd:b0:7b:95:fe:4b:
                    95:14:ee:32:20:7a:2f:39:d2:37:c1:c9:67:3f:d2:
                    88:fc:49:ec:2f:8f:e2:f0:f7:25:4b:f1:cb:68:d1:
                    a1:d4:3b:ba:86:6e:5b:af:29:f9:31:0c:df:15:69:
                    21:41:e9:30:a9:a7:8f:25:af:8c:64:81:f0:aa:25:
                    48:6c:ac:78:89:e7:20:c3:23:ec:fc:6c:76:46:0e:
                    90:a0:28:75:62:42:59:6a:35:84:f6:da:f0:e9:af:
                    b0:25:fc:93:64:f7:d1:b5:81:50:5a:e9:27:32:cd:
                    e6:ea:04:65:4c:bc:5a:34:2e:59:09:5e:d1:f5:16:
                    89:88:5d:d6:d0:a9:90:8f:ea:ab:84:64:98:cf:12:
                    0b:6c:db:10:93:fe:f0:6f:fb:89:d9:05:c8:09:c8:
                    b6:c0:91:f5:77:b3:c4:df:46:b7:e4:e4:cd:58:0d:
                    f8:5f:cc:b2:7e:37:3b:3f:bd:88:82:fe:f9:99:48:
                    de:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:0F:67:C3:45:6B:8D:F2:29:2A:27:E1:FA:D2:C6:37:EF:28:55:F2
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134392e302f32342d3234203d3e20313432313436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:41:47:a1:65:2a:da:23:f1:40:1e:b8:2f:09:e1:d5:c6:65:
         0f:d9:80:df:71:6d:9a:c0:66:4a:76:33:30:c1:1c:2a:37:53:
         00:b6:00:3c:8d:c2:da:4f:b3:a8:64:48:c9:d8:63:3c:e9:56:
         57:e6:4c:ef:24:6d:b2:d9:0f:3d:ef:1d:06:93:6d:af:a5:1a:
         c6:45:12:ab:fc:b4:4f:1f:3b:0a:5f:dd:45:cd:73:ee:ef:70:
         f4:65:46:a1:70:06:14:ad:99:89:e9:02:06:35:cb:9c:7b:a1:
         6d:25:a7:dc:03:e0:be:aa:cd:83:b5:0f:94:cf:36:66:8b:14:
         65:a7:c4:95:5b:6a:93:5a:f9:b0:78:fa:50:86:d3:01:46:22:
         4b:cb:fc:b1:28:5d:f2:9c:be:94:16:ae:26:2c:e1:6f:41:60:
         a4:02:54:00:c6:77:b4:b2:fb:c3:9c:e5:fd:e3:6c:ce:7b:37:
         e3:85:c1:ce:c1:ac:82:9e:16:ab:cf:ce:e7:af:23:8a:91:72:
         ff:bd:8a:ec:f7:cd:f2:55:ee:a3:27:33:44:d8:cc:0e:4b:4b:
         05:eb:1e:46:95:df:43:ea:7a:3e:80:ab:ed:60:3a:b2:ba:0d:
         b5:e5:a8:c2:b8:4c:35:77:4d:c7:19:d6:d2:26:74:34:2d:38:
         5e:54:7e:b2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIULGvOmDB9CGMp8zdqZ6x8aARARm0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA2MTkxMTE5MjdaFw0yNTA2MTgxMTI0MjdaMDMxMTAvBgNV
BAMTKDk5MEY2N0MzNDU2QjhERjIyOTJBMjdFMUZBRDJDNjM3RUYyODU1RjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGbfroH9mazocrxrpxzkGU88qK
8v9oTNnCZEqQ8oLvSR+xnMIJMqlokAm63ElZ4SCfilrtOKUsqAzGGCgZ/DxWcFOH
WL2we5X+S5UU7jIgei850jfByWc/0oj8Sewvj+Lw9yVL8cto0aHUO7qGbluvKfkx
DN8VaSFB6TCpp48lr4xkgfCqJUhsrHiJ5yDDI+z8bHZGDpCgKHViQllqNYT22vDp
r7Al/JNk99G1gVBa6ScyzebqBGVMvFo0LlkJXtH1FomIXdbQqZCP6quEZJjPEgts
2xCT/vBv+4nZBcgJyLbAkfV3s8TfRrfk5M1YDfhfzLJ+Nzs/vYiC/vmZSN67AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUmQ9nw0VrjfIpKifh+tLGN+8oVfIwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzMTM0
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzIzMTM0MzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCH5UwDQYJKoZIhvcNAQELBQADggEBAHNBR6FlKtoj8UAeuC8J4dXGZQ/ZgN9x
bZrAZkp2MzDBHCo3UwC2ADyNwtpPs6hkSMnYYzzpVlfmTO8kbbLZDz3vHQaTba+l
GsZFEqv8tE8fOwpf3UXNc+7vcPRlRqFwBhStmYnpAgY1y5x7oW0lp9wD4L6qzYO1
D5TPNmaLFGWnxJVbapNa+bB4+lCG0wFGIkvL/LEoXfKcvpQWriYs4W9BYKQCVADG
d7Sy+8Oc5f3jbM57N+OFwc7BrIKeFqvPzuevI4qRcv+9iuz3zfJV7qMnM0TYzA5L
SwXrHkaV30Pqej6Aq+1gOrK6DbXlqMK4TDV3TccZ1tImdDQtOF5UfrI=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org