Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139322e3134352e3131362e302f32342d3234203d3e20313431303339.roa
File:                     3139322e3134352e3131362e302f32342d3234203d3e20313431303339.roa (raw, json)
Hash identifier:          30O1RKmJ8vhRhKk51ynjH4MxlMRm8YN6AFYymwJZKk0=
Subject key identifier:   4C:57:DB:9B:51:CC:FF:44:E5:DA:F4:31:FF:45:41:2F:3F:79:B5:4A
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       5AFF9594E6141944293E8B1A93E1737BCA003532
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139322e3134352e3131362e302f32342d3234203d3e20313431303339.roa
Signing time:             Mon 26 Feb 2024 08:53:42 +0000
ROA not before:           Mon 26 Feb 2024 08:48:42 +0000
ROA not after:            Mon 24 Feb 2025 08:53:42 +0000
asID:                     141039
IP address blocks:        192.145.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:ff:95:94:e6:14:19:44:29:3e:8b:1a:93:e1:73:7b:ca:00:35:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:42 2024 GMT
            Not After : Feb 24 08:53:42 2025 GMT
        Subject: CN=4C57DB9B51CCFF44E5DAF431FF45412F3F79B54A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:13:16:32:4d:62:97:47:0e:44:15:1a:f2:20:
                    51:92:c7:c6:81:76:7c:1c:cb:ed:64:e9:c8:8c:7d:
                    1f:f0:21:e8:2b:54:0f:22:53:3e:93:36:38:77:d4:
                    ed:f8:64:1c:e6:89:b8:03:d4:61:70:2f:67:8e:60:
                    8f:7e:86:66:d5:aa:10:a7:3c:ee:b9:e6:e7:8d:5c:
                    54:cc:65:8f:91:be:b6:17:99:9d:cf:55:11:50:4e:
                    de:22:3e:7d:37:fd:3c:72:5a:b4:45:6f:cb:d5:f7:
                    30:a5:ba:bb:f7:68:f2:14:24:fc:1a:99:10:15:a1:
                    f2:e2:09:cf:ad:3e:51:c4:0d:58:84:6a:9c:40:0c:
                    8f:8c:46:09:f3:53:8b:6e:74:d6:1a:e1:dc:24:32:
                    2a:49:05:04:47:44:04:2b:92:8a:e0:f3:fb:e0:ae:
                    16:26:a9:4a:93:15:2e:02:14:ba:fb:82:10:a3:84:
                    94:b0:1a:60:5d:d7:d8:2e:2d:b7:fb:13:84:a8:e6:
                    5a:c2:7c:8f:3c:bd:8a:04:27:b9:b7:79:99:c6:41:
                    16:c3:26:7b:25:0f:20:28:f7:15:f6:c6:4e:b7:e6:
                    59:fa:84:6a:a8:e0:ac:bb:8e:67:d0:59:4a:90:23:
                    52:95:a6:92:9c:ac:c2:54:f2:d1:23:36:1a:88:a5:
                    80:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:57:DB:9B:51:CC:FF:44:E5:DA:F4:31:FF:45:41:2F:3F:79:B5:4A
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139322e3134352e3131362e302f32342d3234203d3e20313431303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:79:b2:b7:6e:bc:95:3e:1b:b8:e8:2b:17:52:ff:c1:11:c5:
         e8:3f:42:8d:00:fa:66:e1:8c:25:70:0d:5c:0c:3a:a6:e2:b3:
         fe:f4:a0:d6:dd:29:a5:d3:03:0e:8f:80:6c:42:34:6e:54:1c:
         33:11:4c:fd:26:59:af:a1:b2:9c:29:2b:6c:48:cc:21:52:2a:
         76:df:90:e2:5d:0e:50:f8:d1:6b:fe:ab:29:26:55:ba:4c:27:
         2a:51:64:04:13:f1:0b:0d:81:bc:fe:25:6c:ba:db:f6:63:b6:
         2b:dd:42:16:cf:b2:8d:cb:6b:ce:9b:0c:59:55:97:54:69:d3:
         af:54:ef:46:96:57:6e:30:79:e8:aa:df:5e:77:03:96:b9:49:
         6c:e1:03:51:19:6f:23:1e:41:8e:14:5c:7e:be:1d:38:68:d0:
         f5:34:c6:29:42:16:84:98:8b:b3:1d:b4:c9:73:89:89:47:d2:
         80:df:5a:3d:cc:7d:1f:63:c4:e2:6c:a4:00:73:f7:ea:fb:47:
         30:3b:34:16:fb:d7:21:92:42:1d:39:c3:51:bb:e5:61:98:a2:
         42:ab:9e:fe:9d:d3:f3:30:83:ac:e8:79:8a:30:b1:82:3a:18:
         62:52:b1:2a:58:5f:cc:a0:18:60:dd:31:d9:9a:b0:12:3c:70:
         eb:9f:63:76
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUWv+VlOYUGUQpPosak+Fze8oANTIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDJaFw0yNTAyMjQwODUzNDJaMDMxMTAvBgNV
BAMTKDRDNTdEQjlCNTFDQ0ZGNDRFNURBRjQzMUZGNDU0MTJGM0Y3OUI1NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9ExYyTWKXRw5EFRryIFGSx8aB
dnwcy+1k6ciMfR/wIegrVA8iUz6TNjh31O34ZBzmibgD1GFwL2eOYI9+hmbVqhCn
PO655ueNXFTMZY+RvrYXmZ3PVRFQTt4iPn03/TxyWrRFb8vV9zClurv3aPIUJPwa
mRAVofLiCc+tPlHEDViEapxADI+MRgnzU4tudNYa4dwkMipJBQRHRAQrkorg8/vg
rhYmqUqTFS4CFLr7ghCjhJSwGmBd19guLbf7E4So5lrCfI88vYoEJ7m3eZnGQRbD
JnslDyAo9xX2xk635ln6hGqo4Ky7jmfQWUqQI1KVppKcrMJU8tEjNhqIpYBpAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUTFfbm1HM/0Tl2vQx/0VBLz95tUowHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTMyMmUzMTM0MzUyZTMx
MzEzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzMTMwMzMzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMCRdDANBgkqhkiG9w0BAQsFAAOCAQEAcXmyt268lT4buOgrF1L/wRHF6D9C
jQD6ZuGMJXANXAw6puKz/vSg1t0ppdMDDo+AbEI0blQcMxFM/SZZr6GynCkrbEjM
IVIqdt+Q4l0OUPjRa/6rKSZVukwnKlFkBBPxCw2BvP4lbLrb9mO2K91CFs+yjctr
zpsMWVWXVGnTr1TvRpZXbjB56KrfXncDlrlJbOEDURlvIx5BjhRcfr4dOGjQ9TTG
KUIWhJiLsx20yXOJiUfSgN9aPcx9H2PE4mykAHP36vtHMDs0FvvXIZJCHTnDUbvl
YZiiQque/p3T8zCDrOh5ijCxgjoYYlKxKlhfzKAYYN0x2ZqwEjxw659jdg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:11 2024 by rpki-client on console-fra.rpki-client.org