Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e302e302f32342d3234203d3e20313336373837.roa
File:                     39312e3133322e302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          Gl3casaSbpFlkX+MA+2IUkll67D0JNMcYkLrmpqgzKY=
Subject key identifier:   D6:17:6E:F3:F1:84:45:C6:8D:50:10:4C:07:62:36:75:24:3F:A0:8E
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       4C581FF99C7980B47C525CCFFDD9705EAD9400E4
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e302e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:49 +0000
ROA not before:           Tue 13 Feb 2024 12:49:49 +0000
ROA not after:            Tue 11 Feb 2025 12:54:49 +0000
asID:                     136787
IP address blocks:        91.132.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:58:1f:f9:9c:79:80:b4:7c:52:5c:cf:fd:d9:70:5e:ad:94:00:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 13 12:49:49 2024 GMT
            Not After : Feb 11 12:54:49 2025 GMT
        Subject: CN=D6176EF3F18445C68D50104C07623675243FA08E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:3c:52:57:1b:4f:47:71:c9:3f:71:5b:bf:37:
                    c7:e7:96:c8:de:1f:3c:1a:ca:d1:53:6b:01:d0:ba:
                    49:c3:3d:2f:9b:11:4d:29:53:bc:11:0e:0d:d9:62:
                    96:62:9f:be:03:a9:57:c1:78:65:5c:28:84:4f:f5:
                    8c:b7:19:81:fc:66:6e:97:45:67:67:5a:2c:c8:c9:
                    33:3f:6b:90:1a:55:d9:07:87:96:76:cd:2c:f8:fa:
                    2c:9b:22:42:96:c6:20:3a:6b:2b:f1:d6:f1:6b:6c:
                    fb:3d:90:2e:cc:38:5d:18:c0:fe:2f:4d:91:e8:0e:
                    93:95:64:79:3f:6e:0e:f1:20:c6:e8:3c:86:59:ef:
                    25:2b:2e:3d:0d:d7:cc:9c:7c:34:ea:2c:7c:28:2b:
                    3d:3e:5f:48:f0:be:a6:39:89:28:1d:6b:5f:04:31:
                    b0:92:fd:16:d6:a1:5f:b5:ea:7f:da:c0:cd:55:d7:
                    04:be:ee:59:39:c0:78:5c:bb:65:58:3f:a1:38:07:
                    1a:01:52:c4:fd:7e:0a:3b:33:80:df:40:b0:db:f0:
                    04:66:3e:4d:a9:44:c5:30:00:e2:98:fa:65:32:13:
                    43:59:86:a9:2e:40:62:9c:17:c1:4d:3a:62:fa:7d:
                    0e:c9:84:3c:e4:26:47:14:7d:65:7d:57:d0:c5:75:
                    ef:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:17:6E:F3:F1:84:45:C6:8D:50:10:4C:07:62:36:75:24:3F:A0:8E
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:e8:36:3d:ba:c5:f9:c5:9c:eb:33:7b:9d:b3:0b:91:59:f1:
         57:19:22:b6:a6:bf:5f:d5:b2:22:f9:a8:09:e9:19:a7:19:8f:
         eb:b7:e4:55:42:16:4a:cd:0f:b8:ef:10:57:d1:c5:ce:7a:1f:
         cf:d7:57:c6:cc:55:5b:58:e5:06:50:a8:16:0d:fa:d2:49:85:
         bc:09:48:fa:96:a9:50:c6:57:71:6e:29:fe:64:c4:b8:e5:ba:
         9f:89:2a:04:cb:a8:be:fa:4e:84:f8:2a:bc:4f:28:dd:5c:b5:
         10:a4:5b:f3:60:63:8d:2a:a3:57:7c:cb:1c:b4:71:9c:31:25:
         65:7d:1f:6c:c0:2b:42:c1:91:74:cd:eb:10:75:76:cb:3e:33:
         a2:07:51:13:e1:48:02:bf:e1:e9:a3:7f:a6:21:e8:e8:dc:0d:
         5e:d0:b9:1e:05:88:69:7d:42:db:2d:45:ba:d2:3b:90:63:cb:
         ff:84:28:37:9b:90:d5:01:32:d7:a1:fa:9f:4c:58:a2:79:d4:
         b9:08:99:40:40:77:1e:24:29:b1:ee:0c:1d:f6:9c:e9:cd:fc:
         08:32:65:da:58:65:d4:cd:4c:a1:f1:6d:54:56:b9:12:ff:8c:
         5a:62:17:45:e6:0f:ff:0b:a2:93:be:89:cc:6b:a2:d4:ed:f8:
         4a:25:b0:50
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTFgf+Zx5gLR8UlzP/dlwXq2UAOQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMTMxMjQ5NDlaFw0yNTAyMTExMjU0NDlaMDMxMTAvBgNV
BAMTKEQ2MTc2RUYzRjE4NDQ1QzY4RDUwMTA0QzA3NjIzNjc1MjQzRkEwOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0PFJXG09Hcck/cVu/N8fnlsje
HzwaytFTawHQuknDPS+bEU0pU7wRDg3ZYpZin74DqVfBeGVcKIRP9Yy3GYH8Zm6X
RWdnWizIyTM/a5AaVdkHh5Z2zSz4+iybIkKWxiA6ayvx1vFrbPs9kC7MOF0YwP4v
TZHoDpOVZHk/bg7xIMboPIZZ7yUrLj0N18ycfDTqLHwoKz0+X0jwvqY5iSgda18E
MbCS/RbWoV+16n/awM1V1wS+7lk5wHhcu2VYP6E4BxoBUsT9fgo7M4DfQLDb8ARm
Pk2pRMUwAOKY+mUyE0NZhqkuQGKcF8FNOmL6fQ7JhDzkJkcUfWV9V9DFde/1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU1hdu8/GERcaNUBBMB2I2dSQ/oI4wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzkzMTJlMzEzMzMyMmUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFuE
ADANBgkqhkiG9w0BAQsFAAOCAQEACeg2PbrF+cWc6zN7nbMLkVnxVxkitqa/X9Wy
IvmoCekZpxmP67fkVUIWSs0PuO8QV9HFznofz9dXxsxVW1jlBlCoFg360kmFvAlI
+papUMZXcW4p/mTEuOW6n4kqBMuovvpOhPgqvE8o3Vy1EKRb82BjjSqjV3zLHLRx
nDElZX0fbMArQsGRdM3rEHV2yz4zogdRE+FIAr/h6aN/piHo6NwNXtC5HgWIaX1C
2y1FutI7kGPL/4QoN5uQ1QEy16H6n0xYonnUuQiZQEB3HiQpse4MHfac6c38CDJl
2lhl1M1MofFtVFa5Ev+MWmIXReYP/wuik76JzGui1O34SiWwUA==
-----END CERTIFICATE-----