Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3139392e3132322e302f32342d3234203d3e20323033303631.roa
File:                     39312e3139392e3132322e302f32342d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          DeUyZAo8CzmRnnbKcMPPXywE4R7tNalCjR88bSLyQ2c=
Subject key identifier:   3E:9D:96:7A:6E:35:D6:40:19:EB:B8:ED:3F:D1:26:53:88:C3:A2:61
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       080150172BD9B10310350DDC839EBDE3B0741AAE
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3139392e3132322e302f32342d3234203d3e20323033303631.roa
Signing time:             Wed 27 Dec 2023 14:45:52 +0000
ROA not before:           Wed 27 Dec 2023 14:40:52 +0000
ROA not after:            Wed 25 Dec 2024 14:45:52 +0000
asID:                     203061
IP address blocks:        91.199.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:01:50:17:2b:d9:b1:03:10:35:0d:dc:83:9e:bd:e3:b0:74:1a:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Dec 27 14:40:52 2023 GMT
            Not After : Dec 25 14:45:52 2024 GMT
        Subject: CN=3E9D967A6E35D64019EBB8ED3FD1265388C3A261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:20:5a:f9:5f:bb:7f:f0:62:e5:58:8c:02:f6:
                    33:2e:b1:e4:d2:08:cf:98:5e:4c:4e:c0:f2:1d:35:
                    5c:67:65:36:dc:02:cb:d7:af:21:bf:59:5f:76:6f:
                    8e:b0:98:f6:e0:5f:97:11:1e:99:56:dc:6a:2d:45:
                    62:2a:b1:b6:24:04:c3:c4:ed:f1:e4:f0:e7:ce:cf:
                    af:49:89:ea:51:14:26:4b:a7:dd:2c:5f:e3:5a:9c:
                    b9:a3:d5:a4:82:1a:91:f6:e5:22:85:22:6c:08:7f:
                    7b:ad:49:23:b8:e2:a8:a6:6c:06:dd:77:06:cb:c6:
                    a1:7a:0f:df:f0:06:6b:54:20:7f:54:e2:38:ba:fe:
                    fa:b9:1c:dc:fa:1f:73:e4:99:59:d8:a2:bb:16:63:
                    ce:c2:f8:e3:1b:92:b0:5d:7c:6e:d1:f7:f1:aa:6f:
                    74:f6:b9:51:f6:47:ca:1b:49:9c:b6:fb:0e:96:2d:
                    f8:d1:f9:f0:59:9e:ed:6a:18:c0:58:d5:f9:2e:8a:
                    33:39:19:59:ab:42:f8:87:64:71:fa:fc:fc:97:67:
                    8d:50:b7:a0:53:65:0a:c8:cc:d4:cb:1a:43:9e:e1:
                    de:6b:40:db:4e:9a:03:48:f8:2e:10:89:84:c6:9b:
                    05:03:a2:2f:a0:35:db:fe:53:84:ea:79:89:9b:14:
                    6e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9D:96:7A:6E:35:D6:40:19:EB:B8:ED:3F:D1:26:53:88:C3:A2:61
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3139392e3132322e302f32342d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:d0:fb:6c:63:b1:69:f6:ed:45:51:0b:a2:d6:bd:1b:19:b0:
         d6:be:8d:4a:fb:96:be:4c:8f:83:1a:d2:07:6f:c7:b9:ab:3d:
         05:98:dd:6b:85:ff:69:c2:5a:f2:39:cc:cf:ae:d2:40:91:26:
         88:89:15:54:a9:48:ea:f1:b9:44:63:4e:16:d7:93:fd:bf:99:
         77:21:2f:a7:2c:3c:ce:57:88:39:d1:2e:b8:df:e8:05:c2:f0:
         1d:09:43:99:86:e8:ee:51:7a:b9:c5:6b:f8:1e:99:36:c7:8d:
         cd:53:2b:82:cf:0a:90:de:9a:a7:70:6a:a6:a0:5f:1e:cd:d7:
         01:32:8e:c9:88:45:97:47:9a:ec:bb:1e:c1:2d:4b:00:d1:fd:
         3c:27:c7:d1:14:9f:5c:7b:e1:9c:41:77:da:dd:65:a4:a1:6a:
         f0:42:ae:f0:ac:46:16:c4:53:0c:1e:48:d4:2e:92:c5:0c:b2:
         20:09:79:a5:81:81:fd:98:c4:29:9a:74:4b:34:2d:4b:d9:4f:
         80:75:3c:c9:1a:55:7b:da:72:9b:2c:8f:4c:7f:91:17:ac:88:
         a6:17:04:0e:2d:cd:fd:c8:56:c6:f4:0c:53:81:bd:5d:0d:aa:
         21:ba:39:2a:86:0d:98:c1:f3:f0:b4:49:13:02:e0:7e:67:b2:
         95:51:bc:73
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUCAFQFyvZsQMQNQ3cg56947B0Gq4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yMzEyMjcxNDQwNTJaFw0yNDEyMjUxNDQ1NTJaMDMxMTAvBgNV
BAMTKDNFOUQ5NjdBNkUzNUQ2NDAxOUVCQjhFRDNGRDEyNjUzODhDM0EyNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiIFr5X7t/8GLlWIwC9jMuseTS
CM+YXkxOwPIdNVxnZTbcAsvXryG/WV92b46wmPbgX5cRHplW3GotRWIqsbYkBMPE
7fHk8OfOz69JiepRFCZLp90sX+NanLmj1aSCGpH25SKFImwIf3utSSO44qimbAbd
dwbLxqF6D9/wBmtUIH9U4ji6/vq5HNz6H3PkmVnYorsWY87C+OMbkrBdfG7R9/Gq
b3T2uVH2R8obSZy2+w6WLfjR+fBZnu1qGMBY1fkuijM5GVmrQviHZHH6/PyXZ41Q
t6BTZQrIzNTLGkOe4d5rQNtOmgNI+C4QiYTGmwUDoi+gNdv+U4TqeYmbFG7XAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUPp2Wem411kAZ67jtP9EmU4jDomEwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzkzMTJlMzEzOTM5MmUzMTMy
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzMzMDM2MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABbx3owDQYJKoZIhvcNAQELBQADggEBAKjQ+2xjsWn27UVRC6LWvRsZsNa+jUr7
lr5Mj4Ma0gdvx7mrPQWY3WuF/2nCWvI5zM+u0kCRJoiJFVSpSOrxuURjThbXk/2/
mXchL6csPM5XiDnRLrjf6AXC8B0JQ5mG6O5RernFa/gemTbHjc1TK4LPCpDemqdw
aqagXx7N1wEyjsmIRZdHmuy7HsEtSwDR/Twnx9EUn1x74ZxBd9rdZaShavBCrvCs
RhbEUwweSNQuksUMsiAJeaWBgf2YxCmadEs0LUvZT4B1PMkaVXvacpssj0x/kRes
iKYXBA4tzf3IVsb0DFOBvV0NqiG6OSqGDZjB8/C0SRMC4H5nspVRvHM=
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:06:33 2024 by rpki-client on console-fra.rpki-client.org