Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e33352e3132312e302f32342d3234203d3e20313336373837.roa
File:                     3139342e33352e3132312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          x8jWZPhuL/vTCK0KTy131T4u74SxabuhYXQzo7qCYqg=
Subject key identifier:   0A:19:3F:3E:46:BB:D2:9A:38:C9:B4:64:CC:25:8A:2E:AE:4D:C7:5C
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       541F8E63D828860E0912F3799F228A1B361F8D22
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e33352e3132312e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:23 +0000
ROA not before:           Mon 01 Apr 2024 13:58:23 +0000
ROA not after:            Mon 31 Mar 2025 14:03:23 +0000
asID:                     136787
IP address blocks:        194.35.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:1f:8e:63:d8:28:86:0e:09:12:f3:79:9f:22:8a:1b:36:1f:8d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:23 2024 GMT
            Not After : Mar 31 14:03:23 2025 GMT
        Subject: CN=0A193F3E46BBD29A38C9B464CC258A2EAE4DC75C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:73:64:1c:1b:65:47:3e:73:80:8e:02:66:7d:
                    b9:ec:12:dc:09:d5:5c:7e:87:16:11:46:03:71:e9:
                    2a:1a:92:49:fe:69:04:24:75:41:a5:91:52:1e:5d:
                    4b:bd:fb:55:99:bc:b7:89:3e:d0:de:c9:93:4c:ed:
                    c1:05:bb:04:bb:6c:37:0f:80:0b:c0:5b:85:18:2a:
                    12:18:8e:b4:1b:1a:fb:11:4d:1c:92:91:ff:fc:c7:
                    c3:a9:8e:11:3b:7c:30:ab:49:f3:d5:b7:fb:31:0c:
                    cd:10:29:13:ce:ca:d5:cb:7f:1d:67:a5:33:65:a3:
                    45:50:a9:1d:ca:29:f7:25:7b:f4:cf:6c:86:08:97:
                    d7:9d:39:5a:d3:9c:a8:d9:88:3f:0f:bf:9e:63:87:
                    64:f0:ac:8b:5b:51:67:c9:b4:25:ac:e9:cc:47:47:
                    80:52:54:78:34:2f:af:9a:06:f4:cf:f3:53:77:3f:
                    f4:cc:05:4c:aa:76:07:47:74:04:91:3c:34:66:52:
                    74:5e:8d:a9:61:e2:30:5e:67:16:b0:a5:fc:cf:a9:
                    04:73:c7:63:38:20:72:1f:62:40:79:62:86:c4:56:
                    e9:34:9b:d7:61:4e:69:6a:05:22:b6:1e:01:85:78:
                    bc:6c:22:fc:e6:4c:cb:b9:64:f5:e1:9f:e2:ec:80:
                    af:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:19:3F:3E:46:BB:D2:9A:38:C9:B4:64:CC:25:8A:2E:AE:4D:C7:5C
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e33352e3132312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:30:e2:e0:d5:10:a6:71:42:8b:2d:5c:91:e9:11:4e:d7:ef:
         25:e2:ab:ff:c8:c2:e8:a1:c7:9d:ae:38:d5:72:a6:2d:11:b8:
         a1:c4:f6:8c:18:e3:56:85:b5:cf:92:5b:71:53:e2:cb:de:6c:
         6d:16:0a:c2:b7:1a:f2:24:cd:7f:46:82:4a:d9:50:1c:f4:6a:
         59:9e:71:2a:96:56:1d:2c:94:e6:5e:28:f6:b8:d9:23:98:69:
         16:09:1f:42:b0:79:e1:02:b5:aa:98:72:75:16:f7:7f:3e:ee:
         81:86:b5:38:f3:fd:00:e2:58:10:54:d8:90:a7:d4:2f:82:2b:
         7a:2e:ed:7f:7e:bc:c5:d1:12:d8:78:44:c6:49:1d:dd:5c:d4:
         d6:05:9b:57:6f:4e:0e:29:f7:4d:da:84:6b:79:48:d0:ac:29:
         1b:32:99:df:82:c9:42:7d:18:1e:12:c5:c6:24:c2:a9:89:3a:
         8b:75:a6:aa:49:65:11:9c:1c:bb:b7:9d:eb:82:7b:29:59:f1:
         03:9d:76:de:5b:c1:ba:7a:8c:88:57:0d:a0:50:ec:6c:66:9f:
         fc:21:d7:f1:b1:a8:3c:00:02:53:ba:1b:0a:02:f4:53:a3:e2:
         e4:be:fb:34:50:1f:a3:02:19:e2:19:1e:94:c6:85:06:5b:57:
         eb:52:9c:fe
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUVB+OY9gohg4JEvN5nyKKGzYfjSIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjNaFw0yNTAzMzExNDAzMjNaMDMxMTAvBgNV
BAMTKDBBMTkzRjNFNDZCQkQyOUEzOEM5QjQ2NENDMjU4QTJFQUU0REM3NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqc2QcG2VHPnOAjgJmfbnsEtwJ
1Vx+hxYRRgNx6Soakkn+aQQkdUGlkVIeXUu9+1WZvLeJPtDeyZNM7cEFuwS7bDcP
gAvAW4UYKhIYjrQbGvsRTRySkf/8x8OpjhE7fDCrSfPVt/sxDM0QKRPOytXLfx1n
pTNlo0VQqR3KKfcle/TPbIYIl9edOVrTnKjZiD8Pv55jh2TwrItbUWfJtCWs6cxH
R4BSVHg0L6+aBvTP81N3P/TMBUyqdgdHdASRPDRmUnRejalh4jBeZxawpfzPqQRz
x2M4IHIfYkB5YobEVuk0m9dhTmlqBSK2HgGFeLxsIvzmTMu5ZPXhn+LsgK+XAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUChk/Pka70po4ybRkzCWKLq5Nx1wwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTM0MmUzMzM1MmUzMTMy
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCI3kwDQYJKoZIhvcNAQELBQADggEBACUw4uDVEKZxQostXJHpEU7X7yXiq//I
wuihx52uONVypi0RuKHE9owY41aFtc+SW3FT4svebG0WCsK3GvIkzX9GgkrZUBz0
almecSqWVh0slOZeKPa42SOYaRYJH0KweeECtaqYcnUW938+7oGGtTjz/QDiWBBU
2JCn1C+CK3ou7X9+vMXREth4RMZJHd1c1NYFm1dvTg4p903ahGt5SNCsKRsymd+C
yUJ9GB4SxcYkwqmJOot1pqpJZRGcHLu3neuCeylZ8QOddt5bwbp6jIhXDaBQ7Gxm
n/wh1/GxqDwAAlO6GwoC9FOj4uS++zRQH6MCGeIZHpTGhQZbV+tSnP4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org