Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33322e3137352e302f32342d3234203d3e20323031333431.roa
File:                     3139332e33322e3137352e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          wDoZPX+4D+tCG3D4ZSERYxd1QNur2W0kvX1jYVpi2B4=
Subject key identifier:   09:D7:CA:46:A7:B9:09:FD:D1:80:13:EA:A6:7A:91:66:B0:C2:A0:8B
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       6C91D891C6471D932CCB7287A8A1F5217C738E46
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33322e3137352e302f32342d3234203d3e20323031333431.roa
Signing time:             Mon 26 Feb 2024 08:53:40 +0000
ROA not before:           Mon 26 Feb 2024 08:48:40 +0000
ROA not after:            Mon 24 Feb 2025 08:53:40 +0000
asID:                     201341
IP address blocks:        193.32.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:91:d8:91:c6:47:1d:93:2c:cb:72:87:a8:a1:f5:21:7c:73:8e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:40 2024 GMT
            Not After : Feb 24 08:53:40 2025 GMT
        Subject: CN=09D7CA46A7B909FDD18013EAA67A9166B0C2A08B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f2:f5:85:bb:d6:c8:d0:00:c4:68:59:99:da:
                    7e:a2:a5:ac:b1:76:53:24:95:51:6e:56:bf:a6:c5:
                    c1:ca:08:38:d0:b6:1d:c5:fb:81:56:65:4e:57:00:
                    33:ba:55:b6:c1:40:e9:1f:18:aa:8a:e7:90:f4:ea:
                    0c:dd:e4:08:dc:ff:ff:a0:0d:3a:97:d8:49:79:6e:
                    39:fa:4d:1e:a7:16:d2:db:09:c2:75:dd:31:21:17:
                    93:a2:50:86:2c:8c:b8:1f:b9:03:0f:31:60:aa:5c:
                    34:c2:c8:b4:43:7a:02:47:c2:67:35:c7:c5:62:55:
                    98:55:da:21:3a:9b:36:b5:1e:f1:10:ca:d0:25:0e:
                    b8:6a:dd:cf:b0:75:4f:66:4d:34:6a:ca:11:d0:80:
                    dd:06:cc:bf:e0:9c:7b:48:2e:44:89:bb:23:25:66:
                    88:19:6a:bb:3a:e0:8d:18:1c:00:91:13:54:ae:02:
                    4e:62:cc:a7:2b:a9:d3:41:0c:73:39:c1:db:ec:a5:
                    4c:0e:7e:10:3a:c7:3a:97:f6:7b:dc:2a:c2:62:f1:
                    63:56:7d:d7:e5:2f:b5:b5:a6:60:09:f8:c3:eb:2c:
                    42:1f:3b:65:b5:2f:7a:5d:47:ef:55:66:db:93:25:
                    fe:3c:14:07:03:f2:7d:a4:fa:a2:92:dc:cb:4a:36:
                    b7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D7:CA:46:A7:B9:09:FD:D1:80:13:EA:A6:7A:91:66:B0:C2:A0:8B
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33322e3137352e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:5c:1f:3b:d3:05:ef:ad:00:df:4c:31:f3:1c:60:02:6c:d6:
         f5:57:81:20:61:44:36:7c:34:39:e0:29:44:30:e4:c9:c6:0d:
         3b:8f:d1:cb:e0:8f:b3:a6:69:c7:f3:72:93:50:ff:97:65:9b:
         d6:9c:99:9c:5d:a0:98:72:ea:cb:26:d4:25:f4:1a:d7:81:2c:
         31:62:fc:e7:4b:8e:1b:c1:be:e9:86:95:03:7e:5c:6d:cf:de:
         89:75:3f:3d:61:44:20:a2:dd:05:3d:7e:93:87:6f:80:db:f9:
         b4:78:2d:55:7e:e5:ea:f7:eb:5d:10:0c:8b:34:5a:f8:e8:3a:
         63:00:8b:7b:2a:51:bc:fe:31:93:76:60:2b:cb:7c:ba:33:5c:
         a1:5a:8b:c6:94:f9:6b:f5:d4:7d:fd:9f:34:80:95:a7:b4:1f:
         1d:b5:f6:66:cf:ca:05:f4:22:6a:77:6e:ef:76:60:10:70:2a:
         eb:b4:df:7d:97:32:ff:97:20:88:36:29:31:b9:32:5e:62:e6:
         20:1c:5c:9f:ec:28:f7:3a:07:0f:33:a3:77:1c:ba:ff:e9:23:
         00:0c:b9:ec:eb:aa:7b:e7:9d:b3:ae:23:80:0c:57:e4:e2:a9:
         c8:4b:95:60:f5:3f:5d:c1:79:59:29:b6:d3:3e:34:7b:78:45:
         e6:c7:07:45
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUbJHYkcZHHZMsy3KHqKH1IXxzjkYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDBaFw0yNTAyMjQwODUzNDBaMDMxMTAvBgNV
BAMTKDA5RDdDQTQ2QTdCOTA5RkREMTgwMTNFQUE2N0E5MTY2QjBDMkEwOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV8vWFu9bI0ADEaFmZ2n6ipayx
dlMklVFuVr+mxcHKCDjQth3F+4FWZU5XADO6VbbBQOkfGKqK55D06gzd5Ajc//+g
DTqX2El5bjn6TR6nFtLbCcJ13TEhF5OiUIYsjLgfuQMPMWCqXDTCyLRDegJHwmc1
x8ViVZhV2iE6mza1HvEQytAlDrhq3c+wdU9mTTRqyhHQgN0GzL/gnHtILkSJuyMl
ZogZars64I0YHACRE1SuAk5izKcrqdNBDHM5wdvspUwOfhA6xzqX9nvcKsJi8WNW
fdflL7W1pmAJ+MPrLEIfO2W1L3pdR+9VZtuTJf48FAcD8n2k+qKS3MtKNrcLAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUCdfKRqe5Cf3RgBPqpnqRZrDCoIswHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTMzMmUzMzMyMmUzMTM3
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBIK8wDQYJKoZIhvcNAQELBQADggEBAFxcHzvTBe+tAN9MMfMcYAJs1vVXgSBh
RDZ8NDngKUQw5MnGDTuP0cvgj7OmacfzcpNQ/5dlm9acmZxdoJhy6ssm1CX0GteB
LDFi/OdLjhvBvumGlQN+XG3P3ol1Pz1hRCCi3QU9fpOHb4Db+bR4LVV+5er3610Q
DIs0WvjoOmMAi3sqUbz+MZN2YCvLfLozXKFai8aU+Wv11H39nzSAlae0Hx219mbP
ygX0Imp3bu92YBBwKuu0332XMv+XIIg2KTG5Ml5i5iAcXJ/sKPc6Bw8zo3ccuv/p
IwAMuezrqnvnnbOuI4AMV+TiqchLlWD1P13BeVkpttM+NHt4RebHB0U=
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:27 2024 by rpki-client on console-ams.rpki-client.org