Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33362e3233392e302f32342d3234203d3e20313336373837.roa
File:                     3139332e33362e3233392e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          wa3tbMdtOOxsEwzjzEJxu71crlb2SN0YSPBQVo4bUA0=
Subject key identifier:   C6:AD:1A:6E:29:B7:96:B7:31:1B:82:A3:4E:C4:FE:F2:93:8B:2B:21
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       04D6DDED0C79A301544B2E4B60796DE2D5A3C0E7
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33362e3233392e302f32342d3234203d3e20313336373837.roa
Signing time:             Sat 02 Mar 2024 21:53:57 +0000
ROA not before:           Sat 02 Mar 2024 21:48:57 +0000
ROA not after:            Sat 01 Mar 2025 21:53:57 +0000
asID:                     136787
IP address blocks:        193.36.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:d6:dd:ed:0c:79:a3:01:54:4b:2e:4b:60:79:6d:e2:d5:a3:c0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Mar  2 21:48:57 2024 GMT
            Not After : Mar  1 21:53:57 2025 GMT
        Subject: CN=C6AD1A6E29B796B7311B82A34EC4FEF2938B2B21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a6:ca:c3:55:5c:f8:97:72:23:6d:c7:c8:02:
                    31:ce:70:f2:a7:13:ad:25:28:7f:60:8f:83:87:f4:
                    b8:e4:25:6f:88:19:7f:04:5b:b5:02:3b:8d:ed:39:
                    41:c5:b7:cc:03:b4:e9:13:08:13:fe:f0:d6:c5:18:
                    65:60:58:53:7e:9e:52:cc:3b:fb:95:54:d8:c7:bb:
                    3e:37:d8:84:41:5d:15:76:49:27:3b:9b:e1:ac:b8:
                    9e:cb:cc:c5:db:39:85:d1:d8:c7:32:31:d2:7a:5a:
                    21:3f:cc:80:78:a8:69:cb:30:cb:e8:2f:da:45:d4:
                    19:9c:f8:98:d2:09:ef:d8:f0:5e:98:18:d0:b9:5d:
                    d0:bd:db:3f:9e:09:ac:3e:77:d3:cb:60:6b:34:6b:
                    00:67:33:3a:19:9e:2f:3a:92:e6:d1:eb:b3:c3:94:
                    29:5a:af:8f:18:68:97:8d:45:b0:af:47:03:2e:1e:
                    ba:6b:3f:af:fe:b2:b9:d5:f9:91:81:bf:4f:85:4a:
                    69:7a:88:43:2c:b0:a7:50:a1:64:61:1f:4d:34:1d:
                    ce:68:7d:cf:e7:d5:0f:1e:45:45:bb:5e:99:a0:ad:
                    0a:0e:f5:dd:22:aa:a1:d2:44:64:1b:b7:f8:aa:93:
                    9a:a0:0a:cd:9f:2c:fb:21:da:e8:28:1c:49:cc:de:
                    7f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:AD:1A:6E:29:B7:96:B7:31:1B:82:A3:4E:C4:FE:F2:93:8B:2B:21
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139332e33362e3233392e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:77:f1:b5:0d:ff:b3:0a:f3:2d:89:51:d4:e1:5e:52:f0:59:
         40:47:98:ad:67:4e:f2:74:92:f3:12:34:bc:97:66:66:07:aa:
         50:54:0d:c6:4d:92:b0:cc:f0:b4:2c:bf:22:3c:1a:6b:de:61:
         9d:24:58:b2:8f:68:64:63:86:53:6b:c3:4f:fa:3e:b1:6c:ec:
         78:5d:1a:06:15:0e:d1:3e:a3:c8:22:dd:51:0d:15:5f:17:87:
         61:d1:6a:aa:be:43:d4:70:fa:5d:83:27:dd:20:86:48:cb:99:
         0d:12:8b:d7:15:50:7a:a8:4a:8f:16:0c:bc:b6:82:ee:b9:57:
         f0:cd:e5:dd:ae:14:3a:b8:39:28:d4:ef:e6:59:a2:3c:f9:07:
         52:72:86:91:df:d4:a0:14:fd:90:59:69:4b:7a:50:ea:e5:7e:
         f0:0b:a7:a9:fe:a4:f9:ff:e8:9a:a6:69:10:62:88:19:26:db:
         43:bd:2e:62:77:28:dc:42:6c:56:4f:12:70:e6:b0:d3:52:aa:
         8a:99:29:f8:25:5e:57:77:83:bc:17:57:32:be:36:36:b0:6f:
         7e:57:70:cc:e2:21:b7:c9:6f:ef:01:3e:79:af:45:27:8a:23:
         98:b1:e0:32:1b:de:2b:75:d5:f1:ae:62:52:a9:0f:75:1c:60:
         05:f0:59:dd
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUBNbd7Qx5owFUSy5LYHlt4tWjwOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAzMDIyMTQ4NTdaFw0yNTAzMDEyMTUzNTdaMDMxMTAvBgNV
BAMTKEM2QUQxQTZFMjlCNzk2QjczMTFCODJBMzRFQzRGRUYyOTM4QjJCMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJpsrDVVz4l3IjbcfIAjHOcPKn
E60lKH9gj4OH9LjkJW+IGX8EW7UCO43tOUHFt8wDtOkTCBP+8NbFGGVgWFN+nlLM
O/uVVNjHuz432IRBXRV2SSc7m+GsuJ7LzMXbOYXR2McyMdJ6WiE/zIB4qGnLMMvo
L9pF1Bmc+JjSCe/Y8F6YGNC5XdC92z+eCaw+d9PLYGs0awBnMzoZni86kubR67PD
lClar48YaJeNRbCvRwMuHrprP6/+srnV+ZGBv0+FSml6iEMssKdQoWRhH000Hc5o
fc/n1Q8eRUW7XpmgrQoO9d0iqqHSRGQbt/iqk5qgCs2fLPsh2ugoHEnM3n91AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUxq0abim3lrcxG4KjTsT+8pOLKyEwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTMzMmUzMzM2MmUzMjMz
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBJO8wDQYJKoZIhvcNAQELBQADggEBABl38bUN/7MK8y2JUdThXlLwWUBHmK1n
TvJ0kvMSNLyXZmYHqlBUDcZNkrDM8LQsvyI8GmveYZ0kWLKPaGRjhlNrw0/6PrFs
7HhdGgYVDtE+o8gi3VENFV8Xh2HRaqq+Q9Rw+l2DJ90ghkjLmQ0Si9cVUHqoSo8W
DLy2gu65V/DN5d2uFDq4OSjU7+ZZojz5B1JyhpHf1KAU/ZBZaUt6UOrlfvALp6n+
pPn/6JqmaRBiiBkm20O9LmJ3KNxCbFZPEnDmsNNSqoqZKfglXld3g7wXVzK+Njaw
b35XcMziIbfJb+8BPnmvRSeKI5ix4DIb3it11fGuYlKpD3UcYAXwWd0=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org