Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3131332e36342e302f32342d3234203d3e203437353833.roa
File:                     3139342e3131332e36342e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          ZdOvcLF+14is2+eoEHG5FkGXU1CqzB9lxmUnoig7O20=
Subject key identifier:   53:8A:AF:28:C8:7D:68:1A:D2:E0:34:9D:1C:4F:1C:BF:1F:3C:CB:17
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       4384659B9116A06FAD59AFF144E3D46767959040
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3131332e36342e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:43 +0000
ROA not before:           Mon 26 Feb 2024 08:48:43 +0000
ROA not after:            Mon 24 Feb 2025 08:53:43 +0000
asID:                     47583
IP address blocks:        194.113.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:84:65:9b:91:16:a0:6f:ad:59:af:f1:44:e3:d4:67:67:95:90:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:43 2024 GMT
            Not After : Feb 24 08:53:43 2025 GMT
        Subject: CN=538AAF28C87D681AD2E0349D1C4F1CBF1F3CCB17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:ba:de:98:c8:68:e0:68:45:35:c1:3f:45:4c:
                    ae:04:e4:54:f8:4a:67:b3:8b:5a:16:55:0a:04:1f:
                    d4:a3:6f:04:ec:2c:69:3f:66:7e:80:2b:48:59:15:
                    68:a5:f4:8e:a8:41:d1:b4:a7:68:e4:c0:79:85:b5:
                    e4:95:63:d4:a6:98:8c:b3:b2:fa:39:65:33:6b:21:
                    d7:b7:13:61:f4:0b:c0:d7:9e:75:48:f1:30:a8:d6:
                    13:4e:54:d0:f4:07:5a:93:e7:91:e5:c2:6e:64:71:
                    44:ff:43:da:ea:ac:b4:33:5b:1a:d3:a4:26:04:6c:
                    45:9f:36:90:e4:d2:1f:07:b1:d6:27:d4:a4:22:82:
                    e5:e9:8e:da:c6:19:07:45:76:0e:a0:48:f8:d8:2c:
                    c3:17:a3:41:26:35:19:88:52:78:c0:4b:91:3d:ff:
                    98:a1:2c:a3:76:e1:bb:5c:63:97:fc:4e:18:4d:71:
                    b7:df:d1:d3:00:f0:5c:7b:d6:ed:fa:6c:9c:72:c1:
                    d8:eb:6e:60:bb:37:52:26:56:f4:3b:39:a3:c7:0e:
                    a4:16:24:66:4b:62:e3:99:8d:67:a2:6b:28:fd:18:
                    3f:f4:f7:cc:fe:62:0f:aa:95:19:2d:d0:bc:c0:33:
                    b9:26:a3:58:75:e5:f0:72:43:f9:91:89:c3:78:61:
                    0a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:8A:AF:28:C8:7D:68:1A:D2:E0:34:9D:1C:4F:1C:BF:1F:3C:CB:17
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3131332e36342e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:92:c6:0f:92:0c:31:d9:94:41:c8:6d:44:4b:7b:9f:db:bb:
         cf:19:3a:1d:7d:5d:cf:b0:ee:f8:3e:b7:a7:30:bc:a5:2c:26:
         8b:e5:05:d4:73:97:4a:76:16:36:ce:7e:8a:8d:f6:29:19:f1:
         a7:19:8a:ee:8e:cf:f1:18:f4:67:b6:59:66:c8:92:a9:d5:20:
         98:e1:14:57:ea:57:dc:20:ec:d1:48:71:4a:ac:44:06:12:7a:
         6e:eb:28:82:6a:ba:15:2a:c5:a6:d4:95:82:a6:85:b2:d9:94:
         40:42:f9:c1:bf:eb:69:ba:df:65:e4:88:8c:7c:23:f1:72:26:
         26:f4:c0:21:9a:e8:4b:77:76:2f:6b:08:18:c4:89:7f:b8:d7:
         c4:3d:31:ac:71:b7:4a:dd:ca:d4:33:d9:87:bb:57:89:e2:41:
         cb:4a:6e:34:17:ce:d8:84:52:26:5c:9f:07:23:61:53:b0:8b:
         03:7e:5d:fa:0b:90:7c:42:b2:d3:f9:30:f7:c0:d5:0a:8b:70:
         e1:28:c3:55:f6:85:07:cb:ec:ce:ef:fe:f7:3f:8f:e1:02:9c:
         aa:f5:c3:f1:11:d6:79:7c:b0:86:97:a4:fd:9e:7a:da:af:f5:
         3e:ce:2d:dc:e1:36:79:76:2c:0f:9b:64:8d:e2:10:b6:d9:38:
         c6:8f:80:3e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUQ4Rlm5EWoG+tWa/xROPUZ2eVkEAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDNaFw0yNTAyMjQwODUzNDNaMDMxMTAvBgNV
BAMTKDUzOEFBRjI4Qzg3RDY4MUFEMkUwMzQ5RDFDNEYxQ0JGMUYzQ0NCMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ut6YyGjgaEU1wT9FTK4E5FT4
Smezi1oWVQoEH9SjbwTsLGk/Zn6AK0hZFWil9I6oQdG0p2jkwHmFteSVY9SmmIyz
svo5ZTNrIde3E2H0C8DXnnVI8TCo1hNOVND0B1qT55Hlwm5kcUT/Q9rqrLQzWxrT
pCYEbEWfNpDk0h8HsdYn1KQiguXpjtrGGQdFdg6gSPjYLMMXo0EmNRmIUnjAS5E9
/5ihLKN24btcY5f8ThhNcbff0dMA8Fx71u36bJxywdjrbmC7N1ImVvQ7OaPHDqQW
JGZLYuOZjWeiayj9GD/098z+Yg+qlRkt0LzAM7kmo1h15fByQ/mRicN4YQrHAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUU4qvKMh9aBrS4DSdHE8cvx88yxcwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTM0MmUzMTMxMzMyZTM2
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wnFAMA0GCSqGSIb3DQEBCwUAA4IBAQA/ksYPkgwx2ZRByG1ES3uf27vPGTodfV3P
sO74PrenMLylLCaL5QXUc5dKdhY2zn6KjfYpGfGnGYrujs/xGPRntllmyJKp1SCY
4RRX6lfcIOzRSHFKrEQGEnpu6yiCaroVKsWm1JWCpoWy2ZRAQvnBv+tput9l5IiM
fCPxciYm9MAhmuhLd3YvawgYxIl/uNfEPTGscbdK3crUM9mHu1eJ4kHLSm40F87Y
hFImXJ8HI2FTsIsDfl36C5B8QrLT+TD3wNUKi3DhKMNV9oUHy+zO7/73P4/hApyq
9cPxEdZ5fLCGl6T9nnrar/U+zi3c4TZ5diwPm2SN4hC22TjGj4A+
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org