Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39322e3131382e36332e302f32342d3234203d3e20313336373837.roa
File:                     39322e3131382e36332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          76JqSU5m6loHrY+sRmzFJjdKRqGOhONYvweM+TXj0Ho=
Subject key identifier:   39:0A:F9:9F:DB:65:F8:FF:4C:33:94:E7:06:4B:92:F6:C0:8C:A1:1B
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       4C73B69B5060C0F42D5A92AC3700D19CA8426024
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39322e3131382e36332e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 20 May 2024 17:03:45 +0000
ROA not before:           Mon 20 May 2024 16:58:45 +0000
ROA not after:            Mon 19 May 2025 17:03:45 +0000
asID:                     136787
IP address blocks:        92.118.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:73:b6:9b:50:60:c0:f4:2d:5a:92:ac:37:00:d1:9c:a8:42:60:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: May 20 16:58:45 2024 GMT
            Not After : May 19 17:03:45 2025 GMT
        Subject: CN=390AF99FDB65F8FF4C3394E7064B92F6C08CA11B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5f:a3:e4:c5:50:06:f6:00:1a:aa:67:8e:4e:
                    33:da:8e:45:95:f0:8b:23:e0:f0:ab:5c:4d:9b:2f:
                    67:8f:e0:85:f0:e9:25:fd:27:b7:7d:31:28:27:8e:
                    a7:41:49:87:26:8a:ae:47:9d:a2:77:e2:cc:87:b5:
                    d1:85:90:7c:85:63:52:49:89:39:78:c1:13:ae:06:
                    ef:68:08:62:05:9d:47:5c:35:ba:32:91:d5:0a:59:
                    61:b5:c1:8e:5e:22:34:7c:1e:21:73:9b:dc:83:65:
                    42:8b:56:08:4c:fb:1d:f8:be:f1:f6:65:07:7e:8e:
                    55:22:c7:96:5d:8a:ed:9f:ca:98:fa:77:ea:42:aa:
                    c1:cb:f1:00:5e:b1:0d:a8:09:07:7f:f8:b0:60:86:
                    96:06:79:5a:39:0a:d2:34:20:d3:5b:85:ee:46:04:
                    2f:c9:ad:c8:79:58:e4:d2:e9:a9:53:e3:10:28:e5:
                    a0:53:c1:8b:76:7c:c5:7b:bb:b0:35:86:78:4e:12:
                    ed:db:f0:c2:be:34:90:6c:06:9e:f1:46:3c:b2:94:
                    5a:05:93:19:59:93:c5:a5:47:c1:6d:30:9c:64:82:
                    53:5b:86:89:b3:b6:f3:b7:43:96:2c:80:f5:fe:49:
                    b1:b1:9d:4c:a8:c0:fa:8c:1e:73:64:62:84:da:72:
                    29:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:0A:F9:9F:DB:65:F8:FF:4C:33:94:E7:06:4B:92:F6:C0:8C:A1:1B
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39322e3131382e36332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f9:c9:53:d7:75:5a:ff:f6:1d:9f:3e:3e:5e:9d:5a:2d:9a:
         7d:9e:4c:db:7b:7d:1e:30:42:8a:09:c7:87:74:ac:34:e8:1b:
         c9:4f:54:29:79:b1:2d:cc:34:53:7c:9c:a6:ac:4e:fc:86:28:
         ac:73:a2:19:2f:40:8f:82:66:77:58:32:4f:9f:51:ba:65:7c:
         5c:3b:0e:b7:a5:62:f9:15:8f:fe:c7:b4:cb:d9:f0:b6:95:79:
         e8:ef:13:50:24:fd:f1:a4:3f:ee:c6:34:92:91:07:0b:7b:4d:
         09:43:81:5d:2e:ba:51:c2:78:d9:8f:5e:6a:6a:01:d5:22:cf:
         3b:4c:35:4b:33:0c:8d:24:04:9b:f3:0f:fd:df:61:18:40:8a:
         21:2d:61:1a:5b:ec:dc:99:81:b2:44:57:74:96:00:51:af:78:
         a3:77:f3:3c:fc:05:04:ba:a4:e3:97:19:0e:e2:5b:da:cf:0b:
         f8:9c:14:d6:a5:72:b9:2e:1c:a7:e9:11:47:00:96:0e:5d:30:
         d1:09:dc:0a:18:85:49:6b:4b:fc:49:ad:96:20:24:78:ab:e4:
         2c:8e:fc:c5:43:56:bc:c2:6b:5c:6b:ae:a4:63:df:ac:5a:d2:
         ca:2a:2a:70:57:48:ed:ea:e8:81:59:06:01:72:80:f3:e3:02:
         b3:33:45:3c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUTHO2m1BgwPQtWpKsNwDRnKhCYCQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA1MjAxNjU4NDVaFw0yNTA1MTkxNzAzNDVaMDMxMTAvBgNV
BAMTKDM5MEFGOTlGREI2NUY4RkY0QzMzOTRFNzA2NEI5MkY2QzA4Q0ExMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+X6PkxVAG9gAaqmeOTjPajkWV
8Isj4PCrXE2bL2eP4IXw6SX9J7d9MSgnjqdBSYcmiq5HnaJ34syHtdGFkHyFY1JJ
iTl4wROuBu9oCGIFnUdcNboykdUKWWG1wY5eIjR8HiFzm9yDZUKLVghM+x34vvH2
ZQd+jlUix5Zdiu2fypj6d+pCqsHL8QBesQ2oCQd/+LBghpYGeVo5CtI0INNbhe5G
BC/Jrch5WOTS6alT4xAo5aBTwYt2fMV7u7A1hnhOEu3b8MK+NJBsBp7xRjyylFoF
kxlZk8WlR8FtMJxkglNbhomztvO3Q5YsgPX+SbGxnUyowPqMHnNkYoTacim9AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUOQr5n9tl+P9MM5TnBkuS9sCMoRswHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzkzMjJlMzEzMTM4MmUzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
XHY/MA0GCSqGSIb3DQEBCwUAA4IBAQB0+clT13Va//Ydnz4+Xp1aLZp9nkzbe30e
MEKKCceHdKw06BvJT1QpebEtzDRTfJymrE78hiisc6IZL0CPgmZ3WDJPn1G6ZXxc
Ow63pWL5FY/+x7TL2fC2lXno7xNQJP3xpD/uxjSSkQcLe00JQ4FdLrpRwnjZj15q
agHVIs87TDVLMwyNJASb8w/932EYQIohLWEaW+zcmYGyRFd0lgBRr3ijd/M8/AUE
uqTjlxkO4lvazwv4nBTWpXK5Lhyn6RFHAJYOXTDRCdwKGIVJa0v8Sa2WICR4q+Qs
jvzFQ1a8wmtca66kY9+sWtLKKipwV0jt6uiBWQYBcoDz4wKzM0U8
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:45 2024 by rpki-client on console-ams.rpki-client.org