Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3131332e36372e302f32342d3332203d3e203430303231.roa
File:                     3139342e3131332e36372e302f32342d3332203d3e203430303231.roa (raw, json)
Hash identifier:          dg2/Jsj6E+z1ZwoaL5kBd308sHDSaz2Tw9eCK7XK7Jc=
Subject key identifier:   E3:88:7D:04:8B:06:8D:3E:C4:A7:7E:E7:05:E5:74:26:D2:83:50:3F
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       44705BCAE523FB5C59A3E5F85A36C1CA7DBF9663
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3131332e36372e302f32342d3332203d3e203430303231.roa
Signing time:             Mon 26 Feb 2024 08:53:40 +0000
ROA not before:           Mon 26 Feb 2024 08:48:40 +0000
ROA not after:            Mon 24 Feb 2025 08:53:40 +0000
asID:                     40021
IP address blocks:        194.113.67.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:70:5b:ca:e5:23:fb:5c:59:a3:e5:f8:5a:36:c1:ca:7d:bf:96:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:40 2024 GMT
            Not After : Feb 24 08:53:40 2025 GMT
        Subject: CN=E3887D048B068D3EC4A77EE705E57426D283503F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a5:07:36:9d:9a:cf:11:0e:5a:9f:e2:15:3f:
                    5d:14:5d:80:d8:12:45:32:14:33:bc:b0:43:dd:9b:
                    22:6f:8b:90:9f:19:09:fc:52:cd:b9:37:c4:14:0b:
                    d2:6a:66:b1:fa:04:2b:77:3d:0b:0c:1c:3b:ec:ae:
                    ee:49:91:e8:04:62:f5:c4:a5:e3:a4:fe:7f:83:8c:
                    fc:dc:0d:04:32:e4:8e:94:15:33:31:07:25:9f:92:
                    32:67:35:e3:89:b4:26:78:75:b8:96:08:55:9b:31:
                    09:77:e3:ad:74:62:3e:03:44:83:52:4c:7b:0e:a8:
                    ac:01:1d:ab:91:3a:87:47:28:3f:3e:2a:00:a7:44:
                    55:9e:ea:8e:70:3e:8a:34:4b:0e:10:40:55:d9:82:
                    53:7e:96:ab:88:fc:1b:7c:ba:47:4b:4b:75:54:54:
                    be:05:00:15:87:16:de:ad:4d:fb:4d:7d:c3:b1:e5:
                    1a:cd:a7:ce:4c:f5:74:e8:3f:3d:49:d3:be:7b:3a:
                    2e:76:c1:d5:40:66:c7:9c:ea:8f:81:d5:c4:c4:b0:
                    48:4b:fc:cc:7e:e9:e6:b1:65:40:31:fa:c2:8e:df:
                    b6:4c:5e:35:88:f7:ff:0f:57:f8:96:2d:8d:0f:f6:
                    a7:de:ba:3a:60:4c:1f:d6:6e:9e:fb:20:ab:7d:c9:
                    02:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:88:7D:04:8B:06:8D:3E:C4:A7:7E:E7:05:E5:74:26:D2:83:50:3F
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3131332e36372e302f32342d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:9d:ea:62:d1:2f:0c:a5:d0:ef:31:0f:55:f2:a4:93:c2:91:
         6c:78:82:ab:1f:55:22:ec:25:39:3e:47:3a:d7:38:c8:77:cd:
         5f:ae:47:07:7a:07:fb:c0:c5:02:24:9f:66:a4:f7:9d:5d:1d:
         ad:1d:e8:a5:8f:67:a3:58:ca:58:5b:d5:c5:8c:fb:56:a2:11:
         c1:1e:76:4c:0c:8e:5a:75:7e:0d:3a:89:32:35:2a:5b:f5:4b:
         42:4f:57:1e:b9:1d:9d:b6:5e:bb:d6:42:d5:b2:81:9d:3e:20:
         50:62:13:dd:c9:fe:65:ca:f3:99:48:81:eb:fe:be:7e:91:63:
         a8:89:35:7f:41:a2:d2:ab:b7:7d:39:55:5f:6a:15:49:2e:6b:
         08:89:a8:cf:35:9a:60:8a:d2:20:6c:d1:bb:67:af:41:53:5f:
         dc:0f:53:fa:d6:c0:a3:20:d8:07:df:4b:4c:c9:f3:e1:74:47:
         81:88:3f:9d:d9:1f:48:c1:1b:9d:b2:b9:7d:4a:a9:3b:d8:e2:
         2f:00:39:30:af:eb:31:90:4a:78:14:d3:6e:91:57:d5:db:fd:
         fe:22:e0:b8:10:45:04:11:03:41:9e:0d:73:0a:b8:50:e8:83:
         bd:e9:ba:e5:d2:30:56:73:3c:12:35:54:fe:ed:37:ca:19:d7:
         df:46:f3:23
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIURHBbyuUj+1xZo+X4WjbByn2/lmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDBaFw0yNTAyMjQwODUzNDBaMDMxMTAvBgNV
BAMTKEUzODg3RDA0OEIwNjhEM0VDNEE3N0VFNzA1RTU3NDI2RDI4MzUwM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChpQc2nZrPEQ5an+IVP10UXYDY
EkUyFDO8sEPdmyJvi5CfGQn8Us25N8QUC9JqZrH6BCt3PQsMHDvsru5JkegEYvXE
peOk/n+DjPzcDQQy5I6UFTMxByWfkjJnNeOJtCZ4dbiWCFWbMQl34610Yj4DRINS
THsOqKwBHauROodHKD8+KgCnRFWe6o5wPoo0Sw4QQFXZglN+lquI/Bt8ukdLS3VU
VL4FABWHFt6tTftNfcOx5RrNp85M9XToPz1J0757Oi52wdVAZsec6o+B1cTEsEhL
/Mx+6eaxZUAx+sKO37ZMXjWI9/8PV/iWLY0P9qfeujpgTB/Wbp77IKt9yQILAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU44h9BIsGjT7Ep37nBeV0JtKDUD8wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTM0MmUzMTMxMzMyZTM2
MzcyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzNDMwMzAzMjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wnFDMA0GCSqGSIb3DQEBCwUAA4IBAQBdnepi0S8MpdDvMQ9V8qSTwpFseIKrH1Ui
7CU5Pkc61zjId81frkcHegf7wMUCJJ9mpPedXR2tHeilj2ejWMpYW9XFjPtWohHB
HnZMDI5adX4NOokyNSpb9UtCT1ceuR2dtl671kLVsoGdPiBQYhPdyf5lyvOZSIHr
/r5+kWOoiTV/QaLSq7d9OVVfahVJLmsIiajPNZpgitIgbNG7Z69BU1/cD1P61sCj
INgH30tMyfPhdEeBiD+d2R9IwRudsrl9Sqk72OIvADkwr+sxkEp4FNNukVfV2/3+
IuC4EEUEEQNBng1zCrhQ6IO96brl0jBWczwSNVT+7TfKGdffRvMj
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org