Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3135362e3232362e302f32342d3234203d3e20323034313730.roa
File:                     3139342e3135362e3232362e302f32342d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          81m/4UGEK77+oiQvc1hViJdN9k2jVP4yYIhKMrAwVbg=
Subject key identifier:   CD:D4:AC:A6:74:B7:EE:06:6C:14:6B:E0:60:03:F7:2E:4F:40:BC:75
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       15BA690EC96DB95FF4DCE9C7D442307E507C6CD3
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3135362e3232362e302f32342d3234203d3e20323034313730.roa
Signing time:             Mon 26 Feb 2024 08:53:40 +0000
ROA not before:           Mon 26 Feb 2024 08:48:40 +0000
ROA not after:            Mon 24 Feb 2025 08:53:40 +0000
asID:                     204170
IP address blocks:        194.156.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ba:69:0e:c9:6d:b9:5f:f4:dc:e9:c7:d4:42:30:7e:50:7c:6c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:40 2024 GMT
            Not After : Feb 24 08:53:40 2025 GMT
        Subject: CN=CDD4ACA674B7EE066C146BE06003F72E4F40BC75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:74:1a:48:37:1b:4e:6d:08:15:a9:b1:60:8e:
                    b5:60:31:9f:8f:06:d0:89:fb:1e:31:c9:2a:22:c2:
                    a0:0e:71:c3:83:b0:ce:3b:ff:df:71:b5:f1:25:7b:
                    0e:d0:13:ed:e9:ea:e5:47:9d:17:f4:8f:d2:35:ee:
                    de:44:8d:c0:33:45:fd:5c:bf:50:c7:4a:94:fa:88:
                    d8:9a:09:a9:35:3e:67:f8:33:9d:4b:a6:85:3a:ab:
                    43:ed:aa:d8:f7:30:03:8e:05:6d:5a:cb:b2:64:fc:
                    ae:ab:58:a8:37:7b:5c:15:36:41:30:de:f3:00:45:
                    f4:c5:be:f8:e8:1d:82:98:51:24:98:83:74:b3:a2:
                    42:d0:78:97:fe:55:bd:c6:4e:ca:49:18:70:7b:88:
                    cc:57:fc:c8:00:b3:59:77:56:cf:e9:ae:e8:d4:55:
                    76:37:d7:a6:fa:2c:cf:c8:69:5a:fa:05:d8:ac:d0:
                    56:9b:0c:eb:fb:2a:51:e3:b9:86:ac:95:a2:5f:fe:
                    89:75:88:4c:00:f1:ef:8a:40:15:15:fe:6d:52:86:
                    22:cf:f6:d5:43:45:d6:27:3b:96:bb:1b:8e:e8:11:
                    94:62:f1:db:b1:d8:00:82:6c:9a:6f:4d:6b:04:cf:
                    04:25:6f:6b:e3:76:08:34:ec:31:fb:1a:f1:ec:c2:
                    f9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:D4:AC:A6:74:B7:EE:06:6C:14:6B:E0:60:03:F7:2E:4F:40:BC:75
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3135362e3232362e302f32342d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:da:bf:8e:73:90:41:7f:9e:18:8e:43:cf:e4:b9:3c:a6:d1:
         b9:01:03:1f:df:83:5d:28:bb:ca:7e:ab:d0:8b:06:a0:2f:51:
         95:af:92:1c:11:86:ef:c2:1e:3e:07:6b:48:63:d8:54:f9:e1:
         cf:25:2f:f7:25:99:b0:a9:17:7a:57:28:ed:f2:3f:ee:6d:55:
         12:88:1d:73:b6:6a:c0:bf:68:90:d3:66:ca:c1:09:52:5c:e1:
         fb:1d:16:5f:d4:3b:f6:20:0d:b1:fb:b6:02:b3:4b:cc:a2:8c:
         71:fc:50:84:49:85:06:00:dd:37:91:ba:af:0c:a6:8d:c0:7f:
         e5:77:ed:95:a7:c9:65:55:18:c2:c9:12:df:84:e2:c5:90:06:
         cb:4a:4b:fd:9f:1d:35:4f:33:20:f9:1e:6d:1e:f8:35:81:89:
         49:6f:63:e4:06:47:5f:83:5b:d6:6b:f9:cf:f2:dc:a8:5a:6c:
         79:5e:1a:6f:fc:8a:f6:db:fd:26:c2:1c:32:f0:6a:ab:a4:45:
         51:c9:90:7a:83:53:0b:85:92:c7:ac:dd:0c:4c:0b:97:51:c9:
         0a:9c:f3:be:3b:f3:f4:fe:cb:54:c6:cc:2a:e8:17:de:41:60:
         2c:51:1d:de:ad:10:9f:64:6b:2c:1f:d2:c8:b8:c6:4c:27:40:
         3e:b6:7b:bf
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUFbppDsltuV/03OnH1EIwflB8bNMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDBaFw0yNTAyMjQwODUzNDBaMDMxMTAvBgNV
BAMTKENERDRBQ0E2NzRCN0VFMDY2QzE0NkJFMDYwMDNGNzJFNEY0MEJDNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmdBpINxtObQgVqbFgjrVgMZ+P
BtCJ+x4xySoiwqAOccODsM47/99xtfElew7QE+3p6uVHnRf0j9I17t5EjcAzRf1c
v1DHSpT6iNiaCak1Pmf4M51LpoU6q0Ptqtj3MAOOBW1ay7Jk/K6rWKg3e1wVNkEw
3vMARfTFvvjoHYKYUSSYg3SzokLQeJf+Vb3GTspJGHB7iMxX/MgAs1l3Vs/prujU
VXY316b6LM/IaVr6Bdis0FabDOv7KlHjuYaslaJf/ol1iEwA8e+KQBUV/m1ShiLP
9tVDRdYnO5a7G47oEZRi8dux2ACCbJpvTWsEzwQlb2vjdgg07DH7GvHswvk/AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUzdSspnS37gZsFGvgYAP3Lk9AvHUwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTM0MmUzMTM1MzYyZTMy
MzIzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNDMxMzczMC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMKc4jANBgkqhkiG9w0BAQsFAAOCAQEAh9q/jnOQQX+eGI5Dz+S5PKbRuQED
H9+DXSi7yn6r0IsGoC9Rla+SHBGG78IePgdrSGPYVPnhzyUv9yWZsKkXelco7fI/
7m1VEogdc7ZqwL9okNNmysEJUlzh+x0WX9Q79iANsfu2ArNLzKKMcfxQhEmFBgDd
N5G6rwymjcB/5XftlafJZVUYwskS34TixZAGy0pL/Z8dNU8zIPkebR74NYGJSW9j
5AZHX4Nb1mv5z/LcqFpseV4ab/yK9tv9JsIcMvBqq6RFUcmQeoNTC4WSx6zdDEwL
l1HJCpzzvjvz9P7LVMbMKugX3kFgLFEd3q0Qn2RrLB/SyLjGTCdAPrZ7vw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org