Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38362e302f32342d3234203d3e20323039383534.roa
File:                     3139342e36302e38362e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier:          mADIBUo+bJpyrPOoVBGg3dp46d4IECfLbAARAmTcELw=
Subject key identifier:   90:90:4D:B9:0C:8B:98:D3:AA:EF:97:84:BC:21:A1:70:76:A5:AE:9D
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       543A8427C97431966456E8C0998A37DDAE6A30D1
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38362e302f32342d3234203d3e20323039383534.roa
Signing time:             Tue 19 Mar 2024 19:49:04 +0000
ROA not before:           Tue 19 Mar 2024 19:44:04 +0000
ROA not after:            Tue 18 Mar 2025 19:49:04 +0000
asID:                     209854
IP address blocks:        194.60.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:3a:84:27:c9:74:31:96:64:56:e8:c0:99:8a:37:dd:ae:6a:30:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Mar 19 19:44:04 2024 GMT
            Not After : Mar 18 19:49:04 2025 GMT
        Subject: CN=90904DB90C8B98D3AAEF9784BC21A17076A5AE9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:63:4c:2a:d5:16:d4:7f:91:27:39:e0:b8:d1:
                    99:61:ea:05:ee:f0:74:49:32:d8:dd:ed:a3:b0:f8:
                    0e:aa:6a:a9:be:f1:cf:4d:fb:88:55:c3:7e:5d:7c:
                    0f:47:0e:b7:55:87:7c:2b:f1:d3:c2:21:10:e5:ae:
                    81:7b:77:fe:01:42:2c:9f:00:65:90:8f:bb:68:a0:
                    76:33:ae:45:f0:a0:1f:e7:45:4c:37:84:d8:4b:e8:
                    00:25:75:f6:14:23:7b:6d:be:20:ce:75:06:2e:70:
                    1f:06:ab:49:78:07:c6:db:e3:0d:6c:ea:07:17:5f:
                    60:ef:73:0f:d7:f7:25:33:00:a9:22:8a:b3:c2:ac:
                    9a:5b:f7:ec:73:89:13:98:2e:4f:af:02:34:9c:d8:
                    9a:a0:a1:52:c9:e8:da:45:0f:0f:c3:d1:57:e8:41:
                    b2:50:eb:23:82:3c:a0:03:7d:3a:a5:6d:11:38:46:
                    ea:ab:84:c6:e6:19:9c:57:b4:f8:80:ce:88:78:ff:
                    e0:19:73:75:dd:5f:4e:b6:a7:f9:4f:29:1e:d1:66:
                    1a:7b:7d:10:bb:d8:e5:9a:7d:b7:a2:e3:23:b6:ee:
                    1c:3e:dc:40:bb:aa:70:0e:87:69:5d:bd:16:7d:c8:
                    92:7c:8b:aa:41:96:52:d3:5d:f7:18:b5:f3:22:9b:
                    a4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:90:4D:B9:0C:8B:98:D3:AA:EF:97:84:BC:21:A1:70:76:A5:AE:9D
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38362e302f32342d3234203d3e20323039383534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:95:13:ca:41:71:ee:a0:dd:2f:95:e7:b9:b5:8c:15:21:8c:
         8c:86:2c:e7:f4:f8:68:b6:76:d4:64:95:c2:85:5d:6a:cd:da:
         7c:e8:16:37:9d:3a:24:17:54:f6:1c:bf:f7:b6:6c:95:57:8c:
         a9:fd:eb:65:bc:37:35:91:0c:54:ed:77:3c:53:42:b2:43:9e:
         b6:70:63:43:5c:8c:0c:2e:96:ab:42:d9:38:49:d9:d6:f2:e1:
         78:8e:0c:35:2b:c6:67:f2:ce:25:dd:30:d2:90:a2:bc:bd:f9:
         30:a9:fa:55:a4:b4:10:c4:bf:22:5b:5a:e4:96:d9:83:c3:b2:
         d8:27:28:de:fe:d1:bc:23:d4:d6:cf:62:a9:e7:77:a9:28:d3:
         e5:fb:ce:20:d3:62:9a:0d:b7:6b:00:9d:13:a8:4c:c2:cc:3c:
         fc:03:21:75:a9:07:7e:eb:0d:a5:58:e9:42:af:0a:9e:84:12:
         a5:5d:dc:5e:ac:d3:f5:2f:de:63:d9:8b:85:8a:91:6f:44:c5:
         68:e4:b2:94:15:13:c4:7b:ec:f6:9c:a7:4a:50:37:93:3c:7a:
         9a:e0:72:9d:16:e4:d9:56:38:89:34:f4:94:e4:70:19:0b:c1:
         d3:9d:80:ab:82:db:19:02:7c:31:f4:8d:33:06:f4:e0:aa:10:
         03:27:50:b3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUVDqEJ8l0MZZkVujAmYo33a5qMNEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAzMTkxOTQ0MDRaFw0yNTAzMTgxOTQ5MDRaMDMxMTAvBgNV
BAMTKDkwOTA0REI5MEM4Qjk4RDNBQUVGOTc4NEJDMjFBMTcwNzZBNUFFOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNY0wq1RbUf5EnOeC40Zlh6gXu
8HRJMtjd7aOw+A6qaqm+8c9N+4hVw35dfA9HDrdVh3wr8dPCIRDlroF7d/4BQiyf
AGWQj7tooHYzrkXwoB/nRUw3hNhL6AAldfYUI3ttviDOdQYucB8Gq0l4B8bb4w1s
6gcXX2Dvcw/X9yUzAKkiirPCrJpb9+xziROYLk+vAjSc2JqgoVLJ6NpFDw/D0Vfo
QbJQ6yOCPKADfTqlbRE4RuqrhMbmGZxXtPiAzoh4/+AZc3XdX062p/lPKR7RZhp7
fRC72OWafbei4yO27hw+3EC7qnAOh2ldvRZ9yJJ8i6pBllLTXfcYtfMim6R1AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUkJBNuQyLmNOq75eEvCGhcHalrp0wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTM0MmUzNjMwMmUzODM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM5MzgzNTM0LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wjxWMA0GCSqGSIb3DQEBCwUAA4IBAQCKlRPKQXHuoN0vlee5tYwVIYyMhizn9Pho
tnbUZJXChV1qzdp86BY3nTokF1T2HL/3tmyVV4yp/etlvDc1kQxU7Xc8U0KyQ562
cGNDXIwMLparQtk4SdnW8uF4jgw1K8Zn8s4l3TDSkKK8vfkwqfpVpLQQxL8iW1rk
ltmDw7LYJyje/tG8I9TWz2Kp53epKNPl+84g02KaDbdrAJ0TqEzCzDz8AyF1qQd+
6w2lWOlCrwqehBKlXdxerNP1L95j2YuFipFvRMVo5LKUFRPEe+z2nKdKUDeTPHqa
4HKdFuTZVjiJNPSU5HAZC8HTnYCrgtsZAnwx9I0zBvTgqhADJ1Cz
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org