Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135362e302f32342d3234203d3e203437353833.roa
File:                     3139342e352e3135362e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          cSM4O4y+fLw+VH374jSeAzwJpRXvoZYQlqnza89z+fs=
Subject key identifier:   4B:78:AE:18:90:5E:0E:71:5C:60:0E:01:D4:09:96:13:1D:D9:1D:4E
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       5FCF89A34849F55157520A89D0DE73B1E07E0CF7
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135362e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:44 +0000
ROA not before:           Mon 26 Feb 2024 08:47:44 +0000
ROA not after:            Mon 24 Feb 2025 08:52:44 +0000
asID:                     47583
IP address blocks:        194.5.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:cf:89:a3:48:49:f5:51:57:52:0a:89:d0:de:73:b1:e0:7e:0c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:44 2024 GMT
            Not After : Feb 24 08:52:44 2025 GMT
        Subject: CN=4B78AE18905E0E715C600E01D40996131DD91D4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b1:39:ce:72:d6:9f:f5:98:f3:cc:25:a9:2b:
                    fd:8e:11:83:34:aa:41:0d:88:34:67:0e:ba:f6:9a:
                    b5:19:3e:cb:98:20:5a:73:56:f2:8a:d6:df:09:04:
                    a8:18:0a:8d:79:da:ce:0a:2d:12:d0:b1:8e:26:2a:
                    dc:8e:96:f1:aa:6f:5b:c4:a4:28:6f:d6:82:20:40:
                    12:82:d3:da:e4:f6:b5:b1:a5:d6:e1:89:e1:37:bc:
                    65:ab:c6:0e:18:e4:b6:ba:84:03:4a:a8:7e:e2:cc:
                    db:32:dc:cd:56:61:6e:dd:5d:09:b7:2b:a9:2e:99:
                    a0:71:9f:be:0e:54:0d:94:88:03:44:fc:3d:5c:b5:
                    85:ad:2f:dc:d5:3b:9d:06:4a:eb:ee:74:be:38:77:
                    de:b1:21:85:cf:93:a8:f2:80:e4:e4:33:27:d5:8d:
                    5f:09:2f:3b:a1:fd:c9:93:46:33:3d:6a:82:69:96:
                    45:60:71:33:5e:46:70:fc:21:fe:63:3c:e6:ef:32:
                    d1:82:ec:2f:a7:1a:e1:b8:31:98:ea:5e:7e:53:fa:
                    a3:60:6d:e7:b9:3d:21:d3:36:43:a2:98:f8:2c:ec:
                    bf:01:2c:da:7c:cc:d9:ab:fa:71:ec:40:9b:1e:c3:
                    46:1c:8e:ca:c1:1c:13:a7:6f:b0:42:86:5a:39:09:
                    0b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:78:AE:18:90:5E:0E:71:5C:60:0E:01:D4:09:96:13:1D:D9:1D:4E
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135362e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:9c:ad:9c:e2:82:75:76:e0:f4:72:b7:92:77:06:72:5a:ba:
         c6:ef:e7:e6:dc:ea:e9:35:e1:a9:a8:9f:49:e7:0d:b4:63:25:
         13:84:f9:8d:7b:d2:6b:12:f3:ed:4f:9e:95:5b:ae:1f:f3:23:
         1a:33:32:b7:b9:90:7e:48:6f:36:c1:6e:07:0c:d9:31:3a:d2:
         f1:a1:39:f2:24:9e:64:b7:4b:20:aa:d1:fc:be:3b:4c:cf:e2:
         94:b8:a3:d7:be:2a:42:5a:da:38:bf:68:54:35:02:f1:9f:3c:
         a7:3f:c0:9a:91:fd:8a:cd:8d:dd:4d:cd:1a:4d:18:70:6b:a3:
         20:57:89:6c:ec:42:38:fb:0f:fa:96:37:55:22:8c:3c:28:76:
         ee:88:16:09:4c:14:5c:70:e4:4d:13:44:c5:eb:c3:ab:40:e3:
         a7:21:f8:51:89:c5:20:e4:0d:c1:df:8b:b8:fb:46:ef:55:19:
         ea:0d:2a:4e:77:af:36:a3:ab:50:8e:bf:8a:37:56:6b:22:aa:
         34:9b:a7:4b:90:32:c5:45:c4:a0:86:9b:d7:62:a0:99:8a:97:
         27:5d:e5:23:38:2e:d3:5f:e1:03:72:90:f8:8b:9d:b7:b9:e2:
         fc:8b:f0:c1:b5:2b:70:ce:90:53:8f:ed:d1:87:55:d2:5d:51:
         43:bb:e1:bf
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUX8+Jo0hJ9VFXUgqJ0N5zseB+DPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDRaFw0yNTAyMjQwODUyNDRaMDMxMTAvBgNV
BAMTKDRCNzhBRTE4OTA1RTBFNzE1QzYwMEUwMUQ0MDk5NjEzMUREOTFENEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDisTnOctaf9ZjzzCWpK/2OEYM0
qkENiDRnDrr2mrUZPsuYIFpzVvKK1t8JBKgYCo152s4KLRLQsY4mKtyOlvGqb1vE
pChv1oIgQBKC09rk9rWxpdbhieE3vGWrxg4Y5La6hANKqH7izNsy3M1WYW7dXQm3
K6kumaBxn74OVA2UiANE/D1ctYWtL9zVO50GSuvudL44d96xIYXPk6jygOTkMyfV
jV8JLzuh/cmTRjM9aoJplkVgcTNeRnD8If5jPObvMtGC7C+nGuG4MZjqXn5T+qNg
bee5PSHTNkOimPgs7L8BLNp8zNmr+nHsQJsew0YcjsrBHBOnb7BChlo5CQuzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUS3iuGJBeDnFcYA4B1AmWEx3ZHU4wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzNTJlMzEzNTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIF
nDANBgkqhkiG9w0BAQsFAAOCAQEAQ5ytnOKCdXbg9HK3kncGclq6xu/n5tzq6TXh
qaifSecNtGMlE4T5jXvSaxLz7U+elVuuH/MjGjMyt7mQfkhvNsFuBwzZMTrS8aE5
8iSeZLdLIKrR/L47TM/ilLij174qQlraOL9oVDUC8Z88pz/AmpH9is2N3U3NGk0Y
cGujIFeJbOxCOPsP+pY3VSKMPCh27ogWCUwUXHDkTRNExevDq0DjpyH4UYnFIOQN
wd+LuPtG71UZ6g0qTnevNqOrUI6/ijdWayKqNJunS5AyxUXEoIab12KgmYqXJ13l
Izgu01/hA3KQ+Iudt7ni/IvwwbUrcM6QU4/t0YdV0l1RQ7vhvw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org