Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38372e302f32342d3234203d3e203631333137.roa
File:                     3139342e36302e38372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          CQoQrra3MznBMEE8rPR3Vw/OvtP3eAum4QrcrMJikrY=
Subject key identifier:   A8:F9:AC:78:DC:7A:A7:79:91:DD:E5:1F:47:4C:8F:81:43:0E:CF:AA
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       4100C5FAA4BC987F63BCE5F51BF14CE437641579
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38372e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:53:38 +0000
ROA not before:           Mon 26 Feb 2024 08:48:38 +0000
ROA not after:            Mon 24 Feb 2025 08:53:38 +0000
asID:                     61317
IP address blocks:        194.60.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:00:c5:fa:a4:bc:98:7f:63:bc:e5:f5:1b:f1:4c:e4:37:64:15:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:38 2024 GMT
            Not After : Feb 24 08:53:38 2025 GMT
        Subject: CN=A8F9AC78DC7AA77991DDE51F474C8F81430ECFAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c7:a8:d8:c7:95:bb:30:86:00:7b:1e:39:a8:
                    5a:df:88:eb:42:ec:41:aa:a9:ec:b1:28:67:4d:30:
                    5f:07:90:e2:25:8c:46:60:26:38:f9:6c:fd:17:28:
                    0c:2e:a5:ad:f0:e2:f3:6c:ef:45:93:a8:fb:b5:cd:
                    0d:c5:d6:7b:1c:fe:d5:93:28:e2:af:07:21:22:67:
                    3a:9d:35:f3:4c:23:11:a8:2f:33:58:09:ae:98:6b:
                    8b:48:94:73:be:86:83:79:f9:6f:0a:bc:07:2d:5e:
                    6d:ae:22:50:12:fd:6a:11:69:27:a4:3f:f5:3c:76:
                    71:cb:40:67:56:b4:48:6f:1f:6c:24:31:36:6a:e7:
                    e7:38:ef:ae:ef:52:e3:7a:0a:95:30:e5:10:aa:1d:
                    c7:18:b0:de:00:11:e9:e3:7e:fc:f0:9b:35:14:f3:
                    4a:27:7e:76:01:3c:08:de:72:28:7f:77:c5:a2:d1:
                    5b:e1:6d:d2:d2:45:5e:11:70:51:5e:f6:e7:8e:7b:
                    f0:eb:90:4b:4e:85:ac:34:6a:97:e6:78:d5:c7:a8:
                    d9:cb:12:7b:ba:7a:07:0d:d7:01:a0:e9:53:5d:bb:
                    3e:9e:8f:b3:dd:c4:05:b7:d9:4c:1a:b7:00:a9:92:
                    71:db:5a:4b:2c:80:fd:f1:50:95:dd:26:1f:45:4f:
                    77:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:F9:AC:78:DC:7A:A7:79:91:DD:E5:1F:47:4C:8F:81:43:0E:CF:AA
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:4e:4f:f2:19:64:99:ea:3c:60:a5:55:9e:3a:e1:b9:b9:b4:
         84:70:07:91:01:ec:11:a1:9b:a9:5f:25:62:71:dd:c4:e9:ca:
         8e:9a:78:c5:49:66:9d:3d:4e:91:18:9a:3c:e3:db:e8:fc:2d:
         e9:dd:0b:87:64:f1:ae:19:af:2a:e3:49:fc:bf:0e:3c:27:7f:
         da:28:87:fe:d4:15:20:2f:a3:67:f5:8f:c5:25:35:79:de:30:
         60:3d:0c:b2:ec:73:94:36:54:a2:79:3b:09:67:ce:99:5c:2c:
         78:51:6e:62:a5:9c:7a:16:0a:3e:cb:8e:51:b7:ee:9c:d3:3d:
         0c:97:7b:b2:b4:e1:6e:67:70:f4:50:67:e4:0b:7d:37:dc:66:
         ad:7b:da:d2:39:26:28:15:8d:7e:e1:82:7f:c8:2a:da:38:ff:
         6c:93:f2:8f:3d:0b:f4:c7:ed:6a:86:81:39:01:99:06:89:9d:
         2b:5b:d2:9e:bd:2e:90:d9:f8:07:cc:01:1e:02:93:f4:dd:88:
         29:ec:fb:cb:47:dc:17:5c:b0:9d:8a:d9:36:30:1a:78:7d:47:
         fd:ac:8b:62:e3:d1:55:2e:4b:fb:b0:9e:93:6e:1e:c9:c7:71:
         a8:fb:e9:ff:4f:fd:e1:ef:20:b0:df:8f:49:97:02:13:bd:78:
         78:9a:b3:8b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQQDF+qS8mH9jvOX1G/FM5DdkFXkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzhaFw0yNTAyMjQwODUzMzhaMDMxMTAvBgNV
BAMTKEE4RjlBQzc4REM3QUE3Nzk5MURERTUxRjQ3NEM4RjgxNDMwRUNGQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3x6jYx5W7MIYAex45qFrfiOtC
7EGqqeyxKGdNMF8HkOIljEZgJjj5bP0XKAwupa3w4vNs70WTqPu1zQ3F1nsc/tWT
KOKvByEiZzqdNfNMIxGoLzNYCa6Ya4tIlHO+hoN5+W8KvActXm2uIlAS/WoRaSek
P/U8dnHLQGdWtEhvH2wkMTZq5+c4767vUuN6CpUw5RCqHccYsN4AEenjfvzwmzUU
80onfnYBPAjecih/d8Wi0VvhbdLSRV4RcFFe9ueOe/DrkEtOhaw0apfmeNXHqNnL
Enu6egcN1wGg6VNduz6ej7PdxAW32UwatwCpknHbWkssgP3xUJXdJh9FT3dbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqPmseNx6p3mR3eUfR0yPgUMOz6owHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTM0MmUzNjMwMmUzODM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMI8
VzANBgkqhkiG9w0BAQsFAAOCAQEArU5P8hlkmeo8YKVVnjrhubm0hHAHkQHsEaGb
qV8lYnHdxOnKjpp4xUlmnT1OkRiaPOPb6Pwt6d0Lh2TxrhmvKuNJ/L8OPCd/2iiH
/tQVIC+jZ/WPxSU1ed4wYD0MsuxzlDZUonk7CWfOmVwseFFuYqWcehYKPsuOUbfu
nNM9DJd7srThbmdw9FBn5At9N9xmrXva0jkmKBWNfuGCf8gq2jj/bJPyjz0L9Mft
aoaBOQGZBomdK1vSnr0ukNn4B8wBHgKT9N2IKez7y0fcF1ywnYrZNjAaeH1H/ayL
YuPRVS5L+7Cek24eycdxqPvp/0/94e8gsN+PSZcCE714eJqziw==
-----END CERTIFICATE-----