Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3135312e302f32342d3234203d3e20313336373837.roa
File:                     3139342e33312e3135312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          iTb889eH69uYC7grLoKpHTsDjOin/+vQxvzFgGw7Ep0=
Subject key identifier:   71:56:3F:37:40:EC:30:EE:B4:01:5D:41:CE:DF:24:47:67:8C:34:1F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       079D2303033C825068F65B40D9ACD4EF35DED2A1
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3135312e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:54:44 +0000
ROA not before:           Sat 02 Mar 2024 21:49:44 +0000
ROA not after:            Sat 01 Mar 2025 21:54:44 +0000
asID:                     136787
IP address blocks:        194.31.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:9d:23:03:03:3c:82:50:68:f6:5b:40:d9:ac:d4:ef:35:de:d2:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar  2 21:49:44 2024 GMT
            Not After : Mar  1 21:54:44 2025 GMT
        Subject: CN=71563F3740EC30EEB4015D41CEDF2447678C341F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:90:05:bd:18:94:d5:8e:9e:1e:51:54:95:74:
                    50:44:90:44:3c:e9:c0:44:26:fb:50:62:52:42:62:
                    c0:f1:9e:82:c9:e9:d1:bd:3c:4f:07:a1:f8:a3:09:
                    2f:a6:bc:bc:4b:10:51:c2:6d:2b:e9:a5:bf:63:ab:
                    60:3a:c9:45:7a:8f:e4:98:89:2c:3f:f5:a3:aa:79:
                    68:e8:6e:7e:33:d7:91:9c:76:e3:b8:63:ee:fe:49:
                    7c:1b:71:23:c3:e9:0d:04:20:5b:cb:d4:ce:f1:3f:
                    87:62:81:af:d5:07:75:b7:a6:7d:91:bd:b7:00:9f:
                    ab:25:d3:d9:ef:c4:7d:fb:85:1d:51:e7:e9:bf:f6:
                    e0:14:fe:94:bd:89:32:c3:b0:fe:0a:52:bb:66:19:
                    19:34:fa:39:3e:a9:5c:43:3c:e9:bc:a7:b1:98:1e:
                    3a:12:19:4e:ea:b8:59:30:52:35:16:ce:54:51:54:
                    24:d7:a7:1c:3e:be:47:c7:5b:86:33:3b:ae:8d:04:
                    ee:d7:27:f0:e2:33:50:56:06:bd:ed:f2:c2:c9:e7:
                    8a:97:66:91:db:05:a1:e4:91:0f:83:5b:a6:e4:f9:
                    94:28:99:88:2e:f3:b0:c3:52:c5:78:95:f7:f5:e7:
                    14:8e:8b:5d:0c:dc:ab:be:ab:b4:8b:60:13:76:e2:
                    06:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:56:3F:37:40:EC:30:EE:B4:01:5D:41:CE:DF:24:47:67:8C:34:1F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3135312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:e2:a2:25:ef:c4:bf:5b:a4:d2:53:0a:de:ed:25:65:fd:e0:
         f3:0e:b4:a9:c6:c4:e0:e8:2a:7b:74:c4:5d:dd:53:f6:4c:2f:
         7e:bd:c7:37:c3:e3:d1:ca:df:2b:59:3d:e8:fa:59:0a:5d:38:
         97:4c:63:b8:a7:67:6c:33:1d:61:5f:4b:ca:76:90:22:e9:05:
         c8:71:a5:55:56:7b:72:2b:6e:a6:3e:c1:45:ff:f1:80:ca:aa:
         9e:48:4f:94:64:40:cc:7e:41:17:30:36:c2:c0:ee:19:ed:2d:
         de:74:43:2f:04:fe:22:1b:00:89:7c:3b:3b:f2:fe:27:ee:08:
         fd:95:3b:75:13:0f:6c:5b:2a:75:05:da:08:ef:de:22:e3:9c:
         f7:9d:f1:f3:ef:db:7f:3f:39:64:d0:0d:08:d1:63:b3:1b:c3:
         d9:19:f3:de:fe:0d:3b:f1:0d:d4:c2:42:06:92:ba:25:de:e0:
         ba:ce:5e:5a:7b:94:71:7e:c8:e8:72:0f:41:be:b1:06:08:69:
         e8:cf:0e:b5:54:be:6f:69:46:e4:83:c6:d0:e5:4f:d8:85:85:
         ca:9f:32:49:fb:f9:34:70:f5:4c:58:b8:70:54:3b:ad:08:5f:
         93:d8:62:30:3f:f6:81:b4:4a:78:40:bf:e3:86:c5:8e:d4:42:
         1e:85:99:fe
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUB50jAwM8glBo9ltA2azU7zXe0qEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAzMDIyMTQ5NDRaFw0yNTAzMDEyMTU0NDRaMDMxMTAvBgNV
BAMTKDcxNTYzRjM3NDBFQzMwRUVCNDAxNUQ0MUNFREYyNDQ3Njc4QzM0MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1kAW9GJTVjp4eUVSVdFBEkEQ8
6cBEJvtQYlJCYsDxnoLJ6dG9PE8HofijCS+mvLxLEFHCbSvppb9jq2A6yUV6j+SY
iSw/9aOqeWjobn4z15GcduO4Y+7+SXwbcSPD6Q0EIFvL1M7xP4diga/VB3W3pn2R
vbcAn6sl09nvxH37hR1R5+m/9uAU/pS9iTLDsP4KUrtmGRk0+jk+qVxDPOm8p7GY
HjoSGU7quFkwUjUWzlRRVCTXpxw+vkfHW4YzO66NBO7XJ/DiM1BWBr3t8sLJ54qX
ZpHbBaHkkQ+DW6bk+ZQomYgu87DDUsV4lff15xSOi10M3Ku+q7SLYBN24gaRAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUcVY/N0DsMO60AV1Bzt8kR2eMNB8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzMTM1
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCH5cwDQYJKoZIhvcNAQELBQADggEBAEvioiXvxL9bpNJTCt7tJWX94PMOtKnG
xODoKnt0xF3dU/ZML369xzfD49HK3ytZPej6WQpdOJdMY7inZ2wzHWFfS8p2kCLp
BchxpVVWe3IrbqY+wUX/8YDKqp5IT5RkQMx+QRcwNsLA7hntLd50Qy8E/iIbAIl8
Ozvy/ifuCP2VO3UTD2xbKnUF2gjv3iLjnPed8fPv238/OWTQDQjRY7Mbw9kZ897+
DTvxDdTCQgaSuiXe4LrOXlp7lHF+yOhyD0G+sQYIaejPDrVUvm9pRuSDxtDlT9iF
hcqfMkn7+TRw9UxYuHBUO60IX5PYYjA/9oG0SnhAv+OGxY7UQh6Fmf4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org