Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33322e3137322e302f32342d3234203d3e20323031333431.roa
File:                     3139332e33322e3137322e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          yWdCs/r9Py8TOqycl4xLoBeEB8bP50ItRx3mQq7veTw=
Subject key identifier:   BE:13:6C:F0:55:82:38:26:DF:28:EA:AF:A6:B1:2D:B3:DB:9E:C3:97
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       555BF89E7802ED5C0930B9A2FCDBD4541238C15D
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33322e3137322e302f32342d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:37 +0000
ROA not before:           Mon 26 Feb 2024 08:48:37 +0000
ROA not after:            Mon 24 Feb 2025 08:53:37 +0000
asID:                     201341
IP address blocks:        193.32.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:5b:f8:9e:78:02:ed:5c:09:30:b9:a2:fc:db:d4:54:12:38:c1:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:37 2024 GMT
            Not After : Feb 24 08:53:37 2025 GMT
        Subject: CN=BE136CF055823826DF28EAAFA6B12DB3DB9EC397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:43:69:b4:e0:cf:17:81:d9:a9:7c:c2:73:7b:
                    19:74:22:f1:b0:86:6e:a2:c9:ae:f3:61:af:bb:86:
                    8f:5c:6d:56:06:a1:4a:b2:ac:08:50:73:29:e4:80:
                    2e:7c:9a:88:f4:ac:0c:41:7b:d5:05:04:dd:a3:72:
                    80:26:dc:7f:2a:02:b9:e4:05:fa:65:58:48:8d:ba:
                    76:be:b3:43:86:dd:f8:99:f4:c5:eb:28:92:82:39:
                    b0:a4:fb:80:69:55:05:b8:29:ee:7f:51:f3:65:8b:
                    af:73:52:0f:54:65:be:e5:08:ef:0d:1f:d7:10:88:
                    af:63:ae:7a:76:0b:69:af:70:3f:8c:3c:e2:a4:cd:
                    5d:e5:1b:e7:96:0f:da:34:1c:9f:9d:af:0b:91:18:
                    1f:04:62:79:60:96:61:85:81:c9:d6:a5:10:24:85:
                    61:6b:c3:8a:57:dc:d1:c8:6c:54:52:bf:28:05:2b:
                    b0:53:9b:5f:d0:8b:51:c8:a1:64:6c:f8:a6:ef:cf:
                    63:cd:48:23:75:ea:32:1d:49:14:88:ba:c4:c2:04:
                    f2:55:44:a4:b3:e9:76:fc:6a:53:ee:0b:97:41:13:
                    28:35:0d:ab:1a:16:be:77:bc:d6:cd:3a:50:4e:8a:
                    d7:58:08:79:15:35:a2:20:92:cf:35:39:97:90:38:
                    4c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:13:6C:F0:55:82:38:26:DF:28:EA:AF:A6:B1:2D:B3:DB:9E:C3:97
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33322e3137322e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:60:5c:6d:64:26:10:e7:1d:b5:19:7e:49:c5:79:18:fd:a1:
         35:55:9b:49:da:55:46:08:1f:3d:4c:bb:da:c5:01:a7:7d:bb:
         5f:af:68:9b:0c:2c:f6:9e:e0:53:53:a9:ba:6c:04:70:ec:b8:
         f0:29:5f:01:39:46:31:52:17:6d:4b:bb:9b:3f:6d:07:3b:6a:
         e9:d3:eb:6b:89:88:40:6c:b2:ae:8f:39:a5:fc:68:28:2e:ec:
         67:f2:9b:b8:10:3c:7f:67:38:b3:91:1f:53:fd:dd:3c:70:cc:
         7a:3a:88:a8:ec:62:5e:84:76:7b:82:03:90:73:7e:02:14:48:
         3c:cd:ee:9d:bf:b2:53:08:f9:9f:32:c2:b7:3c:7f:0e:06:e9:
         51:a2:66:b3:7d:92:55:33:45:d0:b4:03:a9:72:24:1e:97:c7:
         44:e3:69:07:40:3a:20:38:76:f4:8a:b1:b3:a3:6d:26:08:a5:
         2b:4b:2c:3a:70:ce:ad:19:8d:63:13:d0:dd:84:57:85:84:04:
         78:d9:6d:ab:a5:e6:91:27:e1:59:60:6a:5d:09:5f:8a:4a:35:
         8d:a0:2d:40:f5:c1:6b:88:c4:92:a8:b7:bb:8c:a9:39:91:6d:
         7d:80:5e:ab:31:fb:64:22:60:f8:18:06:85:ba:fd:97:ee:60:
         d4:f1:31:60
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUVVv4nngC7VwJMLmi/NvUVBI4wV0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzdaFw0yNTAyMjQwODUzMzdaMDMxMTAvBgNV
BAMTKEJFMTM2Q0YwNTU4MjM4MjZERjI4RUFBRkE2QjEyREIzREI5RUMzOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcQ2m04M8XgdmpfMJzexl0IvGw
hm6iya7zYa+7ho9cbVYGoUqyrAhQcynkgC58moj0rAxBe9UFBN2jcoAm3H8qArnk
BfplWEiNuna+s0OG3fiZ9MXrKJKCObCk+4BpVQW4Ke5/UfNli69zUg9UZb7lCO8N
H9cQiK9jrnp2C2mvcD+MPOKkzV3lG+eWD9o0HJ+drwuRGB8EYnlglmGFgcnWpRAk
hWFrw4pX3NHIbFRSvygFK7BTm1/Qi1HIoWRs+Kbvz2PNSCN16jIdSRSIusTCBPJV
RKSz6Xb8alPuC5dBEyg1DasaFr53vNbNOlBOitdYCHkVNaIgks81OZeQOEzxAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUvhNs8FWCOCbfKOqvprEts9uew5cwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTMzMmUzMzMyMmUzMTM3
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBIKwwDQYJKoZIhvcNAQELBQADggEBAGtgXG1kJhDnHbUZfknFeRj9oTVVm0na
VUYIHz1Mu9rFAad9u1+vaJsMLPae4FNTqbpsBHDsuPApXwE5RjFSF21Lu5s/bQc7
aunT62uJiEBssq6POaX8aCgu7Gfym7gQPH9nOLORH1P93TxwzHo6iKjsYl6EdnuC
A5BzfgIUSDzN7p2/slMI+Z8ywrc8fw4G6VGiZrN9klUzRdC0A6lyJB6Xx0TjaQdA
OiA4dvSKsbOjbSYIpStLLDpwzq0ZjWMT0N2EV4WEBHjZbaul5pEn4Vlgal0JX4pK
NY2gLUD1wWuIxJKot7uMqTmRbX2AXqsx+2QiYPgYBoW6/ZfuYNTxMWA=
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:27 2024 by rpki-client on console-ams.rpki-client.org