Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e3136302e3234352e302f32342d3234203d3e20313336373837.roa
File:                     3139332e3136302e3234352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          iw31cifgNqnkF/gugfmc40nF0R15kfmvug8aa9PKE80=
Subject key identifier:   F7:41:24:44:79:28:FA:AE:EF:F3:E2:FD:18:0F:47:01:1B:EB:52:38
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       761F58792948C48DD1A0D48B8E46EF27516A35F1
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e3136302e3234352e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:24 +0000
ROA not before:           Mon 01 Apr 2024 13:58:24 +0000
ROA not after:            Mon 31 Mar 2025 14:03:24 +0000
asID:                     136787
IP address blocks:        193.160.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:1f:58:79:29:48:c4:8d:d1:a0:d4:8b:8e:46:ef:27:51:6a:35:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:24 2024 GMT
            Not After : Mar 31 14:03:24 2025 GMT
        Subject: CN=F74124447928FAAEEFF3E2FD180F47011BEB5238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:67:0d:cc:ca:04:c3:0e:f3:98:be:27:43:45:
                    e0:b6:8b:d1:34:a0:e0:a9:a3:74:2f:c3:0a:9c:3d:
                    29:91:e8:77:38:ff:08:db:04:e1:ec:21:54:39:a1:
                    57:ab:22:34:51:34:39:30:c5:e2:42:c7:1b:64:d4:
                    aa:24:f0:a9:1f:fb:5b:c1:05:27:73:d2:72:96:18:
                    a8:19:36:b7:b8:b0:88:6a:f8:35:9a:47:03:a2:61:
                    2e:e2:5a:d8:50:af:99:e6:95:c1:0c:b7:88:99:dd:
                    e6:4f:ed:72:ad:96:26:89:0a:44:3b:51:71:10:9f:
                    fd:27:5d:db:d5:9f:b4:1b:39:2e:56:00:32:dc:28:
                    7e:46:71:a1:85:46:6c:37:a6:19:48:37:f2:ef:8f:
                    12:d6:1a:ba:ef:2a:88:df:a2:92:d8:d3:db:23:c1:
                    6a:e2:b6:f4:54:c1:86:e8:f6:a2:a1:27:18:6b:52:
                    3a:bc:35:5b:1a:2a:39:bd:bb:96:b6:26:67:87:6c:
                    9c:33:74:83:0d:18:69:90:f6:59:53:97:60:61:a5:
                    65:4c:c6:f5:9b:f2:6d:4f:92:8c:50:95:96:33:56:
                    b9:02:22:61:20:9e:b4:46:21:ee:9c:de:a6:bd:50:
                    c4:71:f0:4b:ea:c1:e8:c8:c8:f5:a0:b3:54:ac:ee:
                    c2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:41:24:44:79:28:FA:AE:EF:F3:E2:FD:18:0F:47:01:1B:EB:52:38
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e3136302e3234352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:0a:38:e1:9e:03:01:06:fa:19:6f:ff:a2:96:5a:d3:93:5f:
         bc:6c:20:e8:5c:df:44:9f:39:40:ec:ee:fd:54:f9:09:61:84:
         36:f1:fe:5e:63:29:2d:49:a8:32:af:df:c0:66:17:3e:28:00:
         48:23:b2:df:b3:49:75:f5:8f:43:90:5b:79:56:c2:b2:ff:e5:
         5e:03:83:f9:7b:13:e6:39:80:2f:df:1b:8d:31:8b:cb:b8:80:
         c0:1b:e2:05:90:0b:c8:58:52:58:f1:ac:74:18:a5:4f:79:37:
         c6:e0:84:8b:a4:32:74:d4:dc:72:f0:6c:3a:8f:ce:93:05:33:
         cb:70:1a:69:19:d6:d0:60:44:7d:9e:9d:aa:64:e3:94:04:80:
         9d:eb:4b:ad:6b:af:e3:15:54:a5:aa:98:2a:6b:07:46:62:6d:
         db:0c:95:38:b2:f1:53:bb:8e:16:11:56:02:7e:36:ce:14:f7:
         48:c9:18:56:1a:c5:64:64:c4:ee:47:e5:7f:36:6f:1e:9b:4e:
         6b:09:b9:da:6b:a9:c7:d1:3d:7f:cf:23:e3:d0:13:b3:e8:4d:
         7a:fb:59:8a:dd:87:b4:09:cc:6e:ed:77:ed:d8:3b:12:fb:12:
         3f:cc:43:d9:20:5c:e6:58:ab:3b:33:4d:bf:42:b0:34:40:1f:
         62:65:a4:ff
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUdh9YeSlIxI3RoNSLjkbvJ1FqNfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjRaFw0yNTAzMzExNDAzMjRaMDMxMTAvBgNV
BAMTKEY3NDEyNDQ0NzkyOEZBQUVFRkYzRTJGRDE4MEY0NzAxMUJFQjUyMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTZw3MygTDDvOYvidDReC2i9E0
oOCpo3QvwwqcPSmR6Hc4/wjbBOHsIVQ5oVerIjRRNDkwxeJCxxtk1Kok8Kkf+1vB
BSdz0nKWGKgZNre4sIhq+DWaRwOiYS7iWthQr5nmlcEMt4iZ3eZP7XKtliaJCkQ7
UXEQn/0nXdvVn7QbOS5WADLcKH5GcaGFRmw3phlIN/LvjxLWGrrvKojfopLY09sj
wWritvRUwYbo9qKhJxhrUjq8NVsaKjm9u5a2JmeHbJwzdIMNGGmQ9llTl2BhpWVM
xvWb8m1PkoxQlZYzVrkCImEgnrRGIe6c3qa9UMRx8EvqwejIyPWgs1Ss7sKHAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU90EkRHko+q7v8+L9GA9HARvrUjgwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTMzMmUzMTM2MzAyZTMy
MzQzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMGg9TANBgkqhkiG9w0BAQsFAAOCAQEAnAo44Z4DAQb6GW//opZa05NfvGwg
6FzfRJ85QOzu/VT5CWGENvH+XmMpLUmoMq/fwGYXPigASCOy37NJdfWPQ5BbeVbC
sv/lXgOD+XsT5jmAL98bjTGLy7iAwBviBZALyFhSWPGsdBilT3k3xuCEi6QydNTc
cvBsOo/OkwUzy3AaaRnW0GBEfZ6dqmTjlASAnetLrWuv4xVUpaqYKmsHRmJt2wyV
OLLxU7uOFhFWAn42zhT3SMkYVhrFZGTE7kflfzZvHptOawm52mupx9E9f88j49AT
s+hNevtZit2HtAnMbu137dg7EvsSP8xD2SBc5lirOzNNv0KwNEAfYmWk/w==
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:11 2024 by rpki-client on console-fra.rpki-client.org