Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3139362e3232332e302f32342d3234203d3e20313336373837.roa
File:                     39312e3139362e3232332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          WehnJiLLWxP3KPVeJEbLU2xqsa8cXkN+1phxG5A/eHQ=
Subject key identifier:   24:C4:14:59:C6:3C:9F:0E:82:25:6C:7E:DB:E8:99:87:18:83:B1:2A
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       04FD4F813CBF9EB67FF4FF3DA21F14BB2E898C5B
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3139362e3232332e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:22 +0000
ROA not before:           Mon 01 Apr 2024 13:58:22 +0000
ROA not after:            Mon 31 Mar 2025 14:03:22 +0000
asID:                     136787
IP address blocks:        91.196.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:fd:4f:81:3c:bf:9e:b6:7f:f4:ff:3d:a2:1f:14:bb:2e:89:8c:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:22 2024 GMT
            Not After : Mar 31 14:03:22 2025 GMT
        Subject: CN=24C41459C63C9F0E82256C7EDBE899871883B12A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3f:27:77:51:29:84:f1:77:cf:63:b1:1c:74:
                    e4:c9:b0:3c:e5:ef:0f:66:57:1e:7a:60:e9:e8:61:
                    db:b2:15:eb:8d:d4:b1:21:fb:f6:54:68:6c:70:db:
                    b6:24:84:1e:57:2c:cd:e8:ed:e7:35:a4:48:34:f3:
                    ae:7e:b8:fc:86:13:93:d7:ff:73:8e:f5:2a:d8:7a:
                    b2:c4:9b:82:70:d2:ce:61:a5:e3:2a:89:f3:06:9d:
                    51:b8:f8:37:78:61:43:63:42:9a:82:d0:2a:1c:eb:
                    95:3e:0b:0a:0d:88:20:3b:54:e8:09:85:ce:5c:8e:
                    12:67:73:89:86:13:5e:68:b3:ce:05:79:8c:7c:1f:
                    ac:63:45:b7:50:32:48:e7:07:3c:c5:81:18:05:51:
                    7f:57:ac:41:d8:d9:e3:c1:7d:11:2f:c3:1c:30:f7:
                    2a:6d:15:f3:e0:09:6d:d9:6c:22:6f:9b:4f:a2:21:
                    f7:ac:cb:c5:34:30:5a:f0:36:90:2c:2d:d5:a9:91:
                    b8:ea:76:c8:5d:c9:a9:90:f2:ae:06:ea:4b:51:9f:
                    92:5b:e8:9e:85:76:32:18:c2:3e:9d:dc:51:87:ae:
                    c7:4c:99:73:eb:47:39:18:cc:74:50:5b:09:5c:c1:
                    2d:5c:e2:bb:ea:3e:6e:33:61:05:e5:a5:95:9f:73:
                    fd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C4:14:59:C6:3C:9F:0E:82:25:6C:7E:DB:E8:99:87:18:83:B1:2A
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3139362e3232332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:9a:8b:ea:8e:ac:a4:bf:02:f0:0e:6a:a9:23:a1:5e:62:eb:
         28:19:2c:45:34:cd:4b:85:12:90:78:1d:c9:19:db:a4:19:06:
         95:e5:ba:09:69:e1:0d:85:84:24:c0:86:b9:d2:59:46:b7:7a:
         13:9b:dd:96:63:31:00:8d:61:10:db:6b:29:60:00:c9:61:57:
         7c:c6:7b:b8:d0:75:30:30:51:0b:7b:de:80:35:d4:80:a1:74:
         d4:53:86:1a:2c:d2:88:9e:73:0c:5c:01:0e:96:03:52:ce:cd:
         a2:02:31:39:db:1e:47:24:53:01:3c:9c:02:ea:2a:8b:8d:b0:
         50:dd:f8:44:0e:ad:45:9b:f7:34:be:90:8a:cf:0a:57:2b:fd:
         c1:a1:5e:98:3e:b5:df:3a:bb:fc:b4:be:62:7e:25:29:3d:4c:
         02:9f:76:ef:1d:c5:75:ed:e4:d1:05:c3:a2:30:52:21:09:23:
         a2:6c:ca:99:96:9d:f0:de:72:31:6a:50:1c:4a:e7:6f:f3:91:
         ea:38:10:80:2f:88:d3:69:cf:e1:0c:72:0c:c3:11:40:c6:1a:
         25:6f:aa:2d:77:bb:05:cd:9d:d3:38:99:7d:9f:a3:55:83:46:
         1d:30:d6:28:bb:a4:6f:ee:8c:ef:37:26:ce:0d:0d:04:57:69:
         fe:cc:37:1c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUBP1PgTy/nrZ/9P89oh8Uuy6JjFswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjJaFw0yNTAzMzExNDAzMjJaMDMxMTAvBgNV
BAMTKDI0QzQxNDU5QzYzQzlGMEU4MjI1NkM3RURCRTg5OTg3MTg4M0IxMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUPyd3USmE8XfPY7EcdOTJsDzl
7w9mVx56YOnoYduyFeuN1LEh+/ZUaGxw27YkhB5XLM3o7ec1pEg0865+uPyGE5PX
/3OO9SrYerLEm4Jw0s5hpeMqifMGnVG4+Dd4YUNjQpqC0Coc65U+CwoNiCA7VOgJ
hc5cjhJnc4mGE15os84FeYx8H6xjRbdQMkjnBzzFgRgFUX9XrEHY2ePBfREvwxww
9yptFfPgCW3ZbCJvm0+iIfesy8U0MFrwNpAsLdWpkbjqdshdyamQ8q4G6ktRn5Jb
6J6FdjIYwj6d3FGHrsdMmXPrRzkYzHRQWwlcwS1c4rvqPm4zYQXlpZWfc/1bAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUJMQUWcY8nw6CJWx+2+iZhxiDsSowHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzkzMTJlMzEzOTM2MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABbxN8wDQYJKoZIhvcNAQELBQADggEBABKai+qOrKS/AvAOaqkjoV5i6ygZLEU0
zUuFEpB4HckZ26QZBpXluglp4Q2FhCTAhrnSWUa3ehOb3ZZjMQCNYRDbaylgAMlh
V3zGe7jQdTAwUQt73oA11IChdNRThhos0oiecwxcAQ6WA1LOzaICMTnbHkckUwE8
nALqKouNsFDd+EQOrUWb9zS+kIrPClcr/cGhXpg+td86u/y0vmJ+JSk9TAKfdu8d
xXXt5NEFw6IwUiEJI6JsypmWnfDecjFqUBxK52/zkeo4EIAviNNpz+EMcgzDEUDG
GiVvqi13uwXNndM4mX2fo1WDRh0w1ii7pG/ujO83Js4NDQRXaf7MNxw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org