Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3135362e3232372e302f32342d3234203d3e20323039383534.roa
File:                     3139342e3135362e3232372e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier:          2jI/Y2UaOuFLAFcs9gxXMylah87lX8MmVRMH6VFnluQ=
Subject key identifier:   F8:CB:D3:F2:8C:A4:18:6C:CF:E9:E3:E0:7A:03:D3:70:32:47:A8:B7
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       220A152C14901484650B3A6827E0791D224639D8
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3135362e3232372e302f32342d3234203d3e20323039383534.roa
Signing time:             Tue 19 Mar 2024 19:50:03 +0000
ROA not before:           Tue 19 Mar 2024 19:45:03 +0000
ROA not after:            Tue 18 Mar 2025 19:50:03 +0000
asID:                     209854
IP address blocks:        194.156.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:0a:15:2c:14:90:14:84:65:0b:3a:68:27:e0:79:1d:22:46:39:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Mar 19 19:45:03 2024 GMT
            Not After : Mar 18 19:50:03 2025 GMT
        Subject: CN=F8CBD3F28CA4186CCFE9E3E07A03D3703247A8B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:76:dc:b3:33:37:37:98:16:c0:ef:ad:d7:5c:
                    78:90:ba:bc:86:53:2d:dc:73:16:e5:e4:b1:ce:98:
                    fb:a0:ee:ed:ac:02:a7:3e:f3:f3:23:e9:90:18:d4:
                    4b:84:91:dc:73:b3:a5:da:5d:7b:90:53:fc:c7:bc:
                    d9:29:71:6c:08:a9:7a:b6:03:51:02:a4:93:50:12:
                    d0:f5:75:d4:d7:0f:69:75:12:e2:c7:76:49:14:c3:
                    6c:30:62:cf:ef:c3:fd:92:da:74:f9:84:f5:37:ea:
                    dc:62:4a:e2:48:d9:38:ac:e0:8f:c9:1d:3e:af:ae:
                    be:5e:d6:21:1f:4c:64:f7:20:9e:45:d2:62:3f:ad:
                    64:0d:e9:d4:19:2a:24:ba:ce:10:14:75:80:a7:82:
                    3b:82:51:dc:79:bc:2b:83:fd:98:1a:bf:52:2c:ca:
                    ea:55:32:45:3e:23:77:45:b4:d2:c6:1f:1e:78:40:
                    6c:66:c5:76:c4:fe:1c:5b:dd:9d:db:f4:64:25:15:
                    c0:7a:a8:35:14:1c:bd:0d:c7:93:3f:eb:e9:bb:26:
                    72:4c:0d:a0:8d:b3:a1:82:ff:c3:3b:7a:9f:5d:d5:
                    74:52:bb:2a:e7:27:d5:91:f5:c3:02:38:99:e1:ad:
                    0a:7f:29:6f:7a:28:0e:b8:68:ce:44:ec:6c:0a:4e:
                    56:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:CB:D3:F2:8C:A4:18:6C:CF:E9:E3:E0:7A:03:D3:70:32:47:A8:B7
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e3135362e3232372e302f32342d3234203d3e20323039383534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:56:59:25:e6:f9:01:8a:61:b9:25:65:89:9b:77:e6:0a:11:
         d5:27:93:9b:15:b0:32:72:a1:4a:55:ad:ae:d1:5b:1a:6e:39:
         77:bd:6b:b8:b9:95:83:a0:f7:7d:8e:80:7a:15:8d:09:9b:e2:
         ad:ab:05:06:0d:59:64:6f:17:96:d0:97:f1:3e:cf:48:ff:8f:
         6e:9b:3a:0d:ea:cc:59:ed:cb:46:59:f9:d8:f9:fa:91:b4:3a:
         cc:73:03:0b:62:84:97:7f:18:a9:ab:15:d9:af:c5:3d:d0:c1:
         9f:f1:45:fb:3c:68:dc:b2:45:a3:86:b5:a9:4f:99:25:16:fa:
         58:65:21:16:cb:58:43:2f:7d:75:4f:7e:08:de:b9:6e:96:41:
         ca:2f:68:73:23:8a:c3:ef:7b:e1:8e:7c:0e:49:bd:27:f9:b7:
         34:9f:e3:e8:46:24:b8:35:10:c3:1d:82:00:cc:39:6a:96:c3:
         cd:73:de:6b:34:c5:4c:e1:3f:65:a0:70:92:f9:6b:06:60:88:
         9a:54:16:56:c5:b3:0f:ff:9e:06:97:a6:28:20:a0:10:c1:3f:
         9d:f0:c0:8e:84:8e:6f:ca:1e:25:44:61:fc:29:a3:a7:e2:26:
         1b:3d:fd:86:26:bf:cd:38:e5:b9:f9:42:61:47:c5:be:52:6c:
         79:30:62:41
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUIgoVLBSQFIRlCzpoJ+B5HSJGOdgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAzMTkxOTQ1MDNaFw0yNTAzMTgxOTUwMDNaMDMxMTAvBgNV
BAMTKEY4Q0JEM0YyOENBNDE4NkNDRkU5RTNFMDdBMDNEMzcwMzI0N0E4QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVdtyzMzc3mBbA763XXHiQuryG
Uy3ccxbl5LHOmPug7u2sAqc+8/Mj6ZAY1EuEkdxzs6XaXXuQU/zHvNkpcWwIqXq2
A1ECpJNQEtD1ddTXD2l1EuLHdkkUw2wwYs/vw/2S2nT5hPU36txiSuJI2Tis4I/J
HT6vrr5e1iEfTGT3IJ5F0mI/rWQN6dQZKiS6zhAUdYCngjuCUdx5vCuD/Zgav1Is
yupVMkU+I3dFtNLGHx54QGxmxXbE/hxb3Z3b9GQlFcB6qDUUHL0Nx5M/6+m7JnJM
DaCNs6GC/8M7ep9d1XRSuyrnJ9WR9cMCOJnhrQp/KW96KA64aM5E7GwKTlZlAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU+MvT8oykGGzP6ePgegPTcDJHqLcwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTM0MmUzMTM1MzYyZTMy
MzIzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTM4MzUzNC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMKc4zANBgkqhkiG9w0BAQsFAAOCAQEAoFZZJeb5AYphuSVliZt35goR1SeT
mxWwMnKhSlWtrtFbGm45d71ruLmVg6D3fY6AehWNCZvirasFBg1ZZG8XltCX8T7P
SP+Pbps6DerMWe3LRln52Pn6kbQ6zHMDC2KEl38YqasV2a/FPdDBn/FF+zxo3LJF
o4a1qU+ZJRb6WGUhFstYQy99dU9+CN65bpZByi9ocyOKw+974Y58Dkm9J/m3NJ/j
6EYkuDUQwx2CAMw5apbDzXPeazTFTOE/ZaBwkvlrBmCImlQWVsWzD/+eBpemKCCg
EME/nfDAjoSOb8oeJURh/Cmjp+ImGz39hia/zTjluflCYUfFvlJseTBiQQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org