Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e3136302e3234372e302f32342d3234203d3e20313336373837.roa
File:                     3139332e3136302e3234372e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          s7yD2cLcs3x0c02vu1TQH38Jh61km5HJcLCt84fj/cc=
Subject key identifier:   FC:E3:04:18:4B:FE:D4:F2:55:A8:89:65:C8:DA:22:7A:17:5E:50:E5
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       1DC8524C0370F1A28292ED0C664C39BD658B4717
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e3136302e3234372e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:23 +0000
ROA not before:           Mon 01 Apr 2024 13:58:23 +0000
ROA not after:            Mon 31 Mar 2025 14:03:23 +0000
asID:                     136787
IP address blocks:        193.160.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:c8:52:4c:03:70:f1:a2:82:92:ed:0c:66:4c:39:bd:65:8b:47:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:23 2024 GMT
            Not After : Mar 31 14:03:23 2025 GMT
        Subject: CN=FCE304184BFED4F255A88965C8DA227A175E50E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3b:29:71:8a:01:4d:bf:b3:6c:72:bf:4d:3a:
                    c0:39:47:bb:f3:6e:e8:71:30:96:49:d3:4a:fd:42:
                    95:74:d9:4e:16:8c:82:e1:76:bd:ff:89:f5:a4:87:
                    27:48:b1:b7:d6:0b:73:72:87:26:34:e0:dc:06:bb:
                    86:13:99:8e:ac:6b:0c:29:8e:27:19:12:79:aa:2f:
                    1e:f8:cf:35:91:7a:1a:25:08:03:e6:a7:c8:70:71:
                    82:00:d2:a0:6d:ad:75:c9:9a:75:24:87:d4:2e:9d:
                    6a:0b:55:72:36:57:d7:78:3a:61:ff:00:86:23:3a:
                    36:85:f2:10:14:33:5f:ad:cf:85:37:c8:0b:a4:6c:
                    0f:3a:fd:b0:e2:06:04:f6:43:be:b5:48:20:db:00:
                    fd:b2:98:44:75:52:32:63:57:be:1d:87:90:7e:97:
                    c5:76:9c:0d:d9:6b:23:12:fa:a2:e4:3d:b4:3d:ab:
                    82:64:7e:ac:a5:25:e7:93:fb:78:be:9b:d7:0e:bf:
                    cd:a3:60:99:a1:7a:82:8f:b7:08:d0:30:6d:65:6c:
                    c7:8a:c7:46:03:01:b4:66:c6:69:59:58:56:ae:ae:
                    13:61:8e:b2:7a:c3:b2:f7:7f:52:c4:de:af:a9:cb:
                    5a:54:13:3f:1e:9a:ff:99:49:ac:67:2b:8d:7c:de:
                    d0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:E3:04:18:4B:FE:D4:F2:55:A8:89:65:C8:DA:22:7A:17:5E:50:E5
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e3136302e3234372e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:24:cf:db:87:96:d3:b5:ff:a4:1d:e3:61:93:3e:b6:ce:29:
         19:04:e3:89:b2:c0:4a:0a:3a:56:bf:94:22:24:35:64:61:b5:
         ff:e1:2a:d5:1d:dd:bb:4e:63:d1:bf:9c:b6:7c:b8:c6:94:46:
         f7:49:80:d9:ae:2d:91:4b:db:17:45:5e:f0:79:f2:e8:5e:16:
         0a:a5:ec:26:70:94:d2:11:62:bb:c4:3c:4c:1b:ae:3d:7b:d1:
         67:0c:7b:a6:ce:de:a0:f1:d7:c3:8f:a5:b1:56:67:d0:ff:c8:
         07:97:8a:f7:f7:8c:c2:2f:4c:e1:15:01:94:25:fc:7e:c8:d3:
         06:84:1c:74:0a:09:3a:21:0f:b8:d3:5b:6f:f5:6c:03:f7:b8:
         ee:53:4a:01:0f:7c:81:62:3e:14:86:3b:fe:07:80:f3:b8:56:
         0d:b4:5a:8c:ee:ae:d6:1b:5e:10:3b:ec:84:81:da:23:b3:8d:
         8e:53:db:39:da:54:8a:d2:73:11:0d:3e:ff:84:7f:69:75:f4:
         5c:e9:0d:2b:df:cb:db:c8:09:67:de:21:99:cf:da:6e:c9:ce:
         06:63:82:b2:b3:07:e2:f0:4f:0a:84:c3:11:10:85:43:37:81:
         07:3a:2b:0d:3d:61:54:b9:b7:4b:fb:12:78:53:b9:62:99:1c:
         91:4f:72:ad
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUHchSTANw8aKCku0MZkw5vWWLRxcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjNaFw0yNTAzMzExNDAzMjNaMDMxMTAvBgNV
BAMTKEZDRTMwNDE4NEJGRUQ0RjI1NUE4ODk2NUM4REEyMjdBMTc1RTUwRTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTOylxigFNv7Nscr9NOsA5R7vz
buhxMJZJ00r9QpV02U4WjILhdr3/ifWkhydIsbfWC3NyhyY04NwGu4YTmY6sawwp
jicZEnmqLx74zzWReholCAPmp8hwcYIA0qBtrXXJmnUkh9QunWoLVXI2V9d4OmH/
AIYjOjaF8hAUM1+tz4U3yAukbA86/bDiBgT2Q761SCDbAP2ymER1UjJjV74dh5B+
l8V2nA3ZayMS+qLkPbQ9q4JkfqylJeeT+3i+m9cOv82jYJmheoKPtwjQMG1lbMeK
x0YDAbRmxmlZWFaurhNhjrJ6w7L3f1LE3q+py1pUEz8emv+ZSaxnK4183tAVAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU/OMEGEv+1PJVqIllyNoiehdeUOUwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTMzMmUzMTM2MzAyZTMy
MzQzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMGg9zANBgkqhkiG9w0BAQsFAAOCAQEAkSTP24eW07X/pB3jYZM+ts4pGQTj
ibLASgo6Vr+UIiQ1ZGG1/+Eq1R3du05j0b+ctny4xpRG90mA2a4tkUvbF0Ve8Hny
6F4WCqXsJnCU0hFiu8Q8TBuuPXvRZwx7ps7eoPHXw4+lsVZn0P/IB5eK9/eMwi9M
4RUBlCX8fsjTBoQcdAoJOiEPuNNbb/VsA/e47lNKAQ98gWI+FIY7/geA87hWDbRa
jO6u1hteEDvshIHaI7ONjlPbOdpUitJzEQ0+/4R/aXX0XOkNK9/L28gJZ94hmc/a
bsnOBmOCsrMH4vBPCoTDERCFQzeBBzorDT1hVLm3S/sSeFO5YpkckU9yrQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org