Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139322e3134352e3131372e302f32342d3234203d3e20313431303339.roa
File:                     3139322e3134352e3131372e302f32342d3234203d3e20313431303339.roa (raw, json)
Hash identifier:          SxNMldFshJa46G1nPKM3VOzIlmw+V+BFZtH6Xt/gVQY=
Subject key identifier:   EA:75:19:3A:A7:9A:4F:34:C2:36:70:04:B4:4F:0E:2B:B5:51:0F:DA
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       1EDEE096FBB2AD444593B18CE3C095EE112BB400
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139322e3134352e3131372e302f32342d3234203d3e20313431303339.roa
Signing time:             Mon 26 Feb 2024 08:53:42 +0000
ROA not before:           Mon 26 Feb 2024 08:48:42 +0000
ROA not after:            Mon 24 Feb 2025 08:53:42 +0000
asID:                     141039
IP address blocks:        192.145.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:de:e0:96:fb:b2:ad:44:45:93:b1:8c:e3:c0:95:ee:11:2b:b4:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:42 2024 GMT
            Not After : Feb 24 08:53:42 2025 GMT
        Subject: CN=EA75193AA79A4F34C2367004B44F0E2BB5510FDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fc:e6:25:d8:4f:c8:6a:f2:14:02:5a:76:84:
                    c0:36:fe:53:f0:ae:93:63:30:da:39:10:d6:16:a1:
                    37:4b:eb:26:ae:6b:17:4d:a5:7e:58:c2:f7:97:50:
                    a2:f5:2b:a5:0d:1a:5c:b9:10:71:f4:25:16:be:13:
                    1d:0f:68:5e:a2:3e:00:82:c1:c1:55:86:84:04:0a:
                    b9:54:2f:4b:f7:f2:4e:e0:8b:6d:c4:65:20:74:80:
                    cd:c0:77:49:2d:ed:25:4b:33:9e:c9:63:71:1a:b9:
                    28:90:11:3e:d6:32:b1:de:3b:c3:58:50:da:19:9b:
                    aa:04:8e:7b:cb:06:69:4e:a6:60:fc:de:83:9b:a7:
                    0f:19:91:c9:63:a5:ca:fe:93:27:bc:32:57:19:5a:
                    a4:73:a2:a3:ab:31:7f:52:57:cf:33:58:e3:c2:77:
                    e4:aa:09:44:77:66:1d:2d:ec:d2:37:d6:43:e8:45:
                    7f:56:3d:f1:ac:82:c4:ed:ce:97:46:a4:15:f7:af:
                    53:9b:0b:94:6f:92:8c:a9:ee:f0:50:41:36:df:e9:
                    37:19:b8:cc:63:0b:f5:51:32:85:43:a1:a8:da:25:
                    4d:9d:0a:36:74:a5:1b:1b:24:78:13:43:df:05:6e:
                    00:84:d7:b4:cb:67:13:00:87:d8:42:7e:e5:ba:e0:
                    53:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:75:19:3A:A7:9A:4F:34:C2:36:70:04:B4:4F:0E:2B:B5:51:0F:DA
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139322e3134352e3131372e302f32342d3234203d3e20313431303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:88:8d:a4:9c:2d:46:58:3a:b3:5c:e5:b5:96:9d:a9:9b:a8:
         c5:4a:96:5a:ce:f1:4b:b1:d0:71:e7:6e:9e:2c:b5:20:c7:8f:
         57:8d:6b:27:4a:e0:08:be:a2:eb:eb:11:b8:33:d7:3b:86:1d:
         25:67:c7:1f:ea:ac:70:07:9a:72:4f:ee:e0:2a:cb:40:c3:8c:
         cd:98:3d:1c:90:cf:2b:3b:05:20:35:6d:da:e0:02:24:95:e4:
         9e:22:ab:2a:2b:d9:24:ca:68:a7:d3:a4:d6:7e:e8:eb:ba:15:
         2a:fa:a8:2f:65:ee:1a:a1:1e:f9:4d:1a:e2:72:d5:24:ab:32:
         f3:b6:aa:bb:4c:9a:c3:38:d8:66:6d:f3:95:54:bf:f9:11:3b:
         ce:fa:a3:f8:d4:7f:9b:2f:d6:30:cc:93:aa:eb:6b:13:e3:eb:
         1f:02:a2:00:63:b5:81:b0:7c:4d:fe:a8:85:74:15:a3:e9:c2:
         df:d9:8a:6d:5d:a9:65:7e:2b:11:54:67:04:d0:6d:cd:1d:13:
         a7:2a:d6:c7:81:69:9e:66:04:d8:b0:85:32:5c:b9:b4:56:16:
         8a:39:37:c0:2e:83:db:38:68:db:e2:8b:00:2c:83:d6:bb:13:
         e0:d4:48:a4:69:1c:96:16:cd:5c:c6:5b:cf:3b:aa:da:45:8a:
         b3:91:85:c4
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUHt7glvuyrURFk7GM48CV7hErtAAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDJaFw0yNTAyMjQwODUzNDJaMDMxMTAvBgNV
BAMTKEVBNzUxOTNBQTc5QTRGMzRDMjM2NzAwNEI0NEYwRTJCQjU1MTBGREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV/OYl2E/IavIUAlp2hMA2/lPw
rpNjMNo5ENYWoTdL6yauaxdNpX5YwveXUKL1K6UNGly5EHH0JRa+Ex0PaF6iPgCC
wcFVhoQECrlUL0v38k7gi23EZSB0gM3Ad0kt7SVLM57JY3EauSiQET7WMrHeO8NY
UNoZm6oEjnvLBmlOpmD83oObpw8Zkcljpcr+kye8MlcZWqRzoqOrMX9SV88zWOPC
d+SqCUR3Zh0t7NI31kPoRX9WPfGsgsTtzpdGpBX3r1ObC5Rvkoyp7vBQQTbf6TcZ
uMxjC/VRMoVDoajaJU2dCjZ0pRsbJHgTQ98FbgCE17TLZxMAh9hCfuW64FOjAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU6nUZOqeaTzTCNnAEtE8OK7VRD9owHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTMyMmUzMTM0MzUyZTMx
MzEzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzMTMwMzMzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMCRdTANBgkqhkiG9w0BAQsFAAOCAQEAP4iNpJwtRlg6s1zltZadqZuoxUqW
Ws7xS7HQceduniy1IMePV41rJ0rgCL6i6+sRuDPXO4YdJWfHH+qscAeack/u4CrL
QMOMzZg9HJDPKzsFIDVt2uACJJXkniKrKivZJMpop9Ok1n7o67oVKvqoL2XuGqEe
+U0a4nLVJKsy87aqu0yawzjYZm3zlVS/+RE7zvqj+NR/my/WMMyTqutrE+PrHwKi
AGO1gbB8Tf6ohXQVo+nC39mKbV2pZX4rEVRnBNBtzR0TpyrWx4FpnmYE2LCFMly5
tFYWijk3wC6D2zho2+KLACyD1rsT4NRIpGkclhbNXMZbzzuq2kWKs5GFxA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org