Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e3134382e37322e302f32342d3332203d3e20313336373837.roa
File:                     3139332e3134382e37322e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          wFfsvrf/Q0DBnAggtewvY/f5kUoAKlCh1t/e1i0Uoj8=
Subject key identifier:   61:A3:33:11:EA:AC:3E:45:FA:95:6D:93:06:C3:36:55:6C:37:8C:15
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       7C573D2F302075442014B8E70ECFED1A58EBDA53
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e3134382e37322e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:46 +0000
ROA not before:           Mon 26 Feb 2024 08:48:46 +0000
ROA not after:            Mon 24 Feb 2025 08:53:46 +0000
asID:                     136787
IP address blocks:        193.148.72.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:57:3d:2f:30:20:75:44:20:14:b8:e7:0e:cf:ed:1a:58:eb:da:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:46 2024 GMT
            Not After : Feb 24 08:53:46 2025 GMT
        Subject: CN=61A33311EAAC3E45FA956D9306C336556C378C15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:ad:c3:0a:df:ad:86:ee:46:f5:d7:b3:cb:6c:
                    50:db:55:0c:ad:fc:6f:57:a9:6a:76:a2:bd:e3:31:
                    d3:e3:db:c7:58:9d:7b:c4:a7:37:c8:e2:90:d7:2e:
                    37:9c:0a:bb:40:31:68:37:9c:51:b6:e9:c8:29:00:
                    64:05:a4:36:06:5b:79:44:44:aa:9a:86:e2:97:d9:
                    6a:71:51:61:fb:ef:e2:52:34:c6:72:a1:64:8c:5d:
                    0c:8d:6f:7c:df:71:48:e9:93:62:85:0f:f0:5f:8e:
                    7b:2a:b9:92:90:96:a0:71:aa:b2:54:41:ab:aa:57:
                    79:6a:28:b1:31:a3:40:cc:c0:1e:34:79:0b:84:bc:
                    eb:95:41:ed:ee:22:18:39:cf:7a:7c:83:b3:77:10:
                    b8:45:48:8a:1f:09:5d:f0:bf:8c:ff:52:c2:60:da:
                    5f:37:10:f6:5e:30:f9:e1:13:3b:84:8e:25:67:87:
                    57:40:d6:fd:da:e1:f2:2a:c3:c8:e1:93:7c:79:f9:
                    e0:77:6c:31:3c:ba:d0:3c:29:12:5b:84:29:ab:d9:
                    69:e6:02:66:3c:21:25:05:d8:61:05:e4:0b:49:fc:
                    d4:1e:b7:28:77:87:50:41:2a:a1:06:96:20:9b:e0:
                    c2:19:be:02:2c:89:74:30:bd:8e:92:12:8d:b9:e2:
                    11:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A3:33:11:EA:AC:3E:45:FA:95:6D:93:06:C3:36:55:6C:37:8C:15
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e3134382e37322e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:64:69:1a:0a:7c:b6:00:dd:8a:10:00:2c:e4:c1:4d:3b:ee:
         76:4b:35:05:c7:23:c4:08:08:2d:e2:0f:c0:c8:24:5b:e2:09:
         9c:55:73:55:ba:97:4f:b3:e8:b8:bc:0a:e8:4d:9a:44:f2:8e:
         54:df:c8:7f:a9:ad:ae:ea:59:a2:fc:88:f2:6c:9d:8f:d1:74:
         ef:68:14:04:28:4b:c4:b8:0c:6a:c2:04:d9:f1:f3:69:33:04:
         0b:7b:cb:32:c5:c7:a2:ef:33:b5:d2:7f:1c:c5:28:ad:8e:c4:
         47:09:b2:34:8d:e2:d9:fd:b2:f6:14:ce:0d:24:01:e6:72:4d:
         d9:4b:f4:de:07:d2:40:cb:e2:57:14:45:41:47:2d:25:eb:3c:
         b3:42:eb:da:79:e1:3f:79:e4:0b:e4:cf:93:38:67:53:55:e1:
         d8:3c:74:5b:ee:6e:f3:c3:cb:e7:c1:ba:ac:00:94:b9:f4:2c:
         ed:5c:34:70:ab:f9:cf:6f:fb:b4:37:7f:4f:7a:31:92:c3:b7:
         a7:3d:5b:80:35:0a:4f:d0:48:ca:0b:e6:eb:1c:2c:1c:06:7d:
         70:de:2c:89:03:5d:22:ce:5c:50:0b:96:0b:3f:91:36:c4:b3:
         22:6c:73:5a:47:da:c6:0f:b7:ad:80:ed:9e:88:7c:c9:7b:47:
         87:72:7f:ab
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUfFc9LzAgdUQgFLjnDs/tGljr2lMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDZaFw0yNTAyMjQwODUzNDZaMDMxMTAvBgNV
BAMTKDYxQTMzMzExRUFBQzNFNDVGQTk1NkQ5MzA2QzMzNjU1NkMzNzhDMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsrcMK362G7kb117PLbFDbVQyt
/G9XqWp2or3jMdPj28dYnXvEpzfI4pDXLjecCrtAMWg3nFG26cgpAGQFpDYGW3lE
RKqahuKX2WpxUWH77+JSNMZyoWSMXQyNb3zfcUjpk2KFD/BfjnsquZKQlqBxqrJU
QauqV3lqKLExo0DMwB40eQuEvOuVQe3uIhg5z3p8g7N3ELhFSIofCV3wv4z/UsJg
2l83EPZeMPnhEzuEjiVnh1dA1v3a4fIqw8jhk3x5+eB3bDE8utA8KRJbhCmr2Wnm
AmY8ISUF2GEF5AtJ/NQetyh3h1BBKqEGliCb4MIZvgIsiXQwvY6SEo254hGNAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUYaMzEeqsPkX6lW2TBsM2VWw3jBUwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTMzMmUzMTM0MzgyZTM3
MzIyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBlEgwDQYJKoZIhvcNAQELBQADggEBAGRkaRoKfLYA3YoQACzkwU077nZLNQXH
I8QICC3iD8DIJFviCZxVc1W6l0+z6Li8CuhNmkTyjlTfyH+pra7qWaL8iPJsnY/R
dO9oFAQoS8S4DGrCBNnx82kzBAt7yzLFx6LvM7XSfxzFKK2OxEcJsjSN4tn9svYU
zg0kAeZyTdlL9N4H0kDL4lcURUFHLSXrPLNC69p54T955Avkz5M4Z1NV4dg8dFvu
bvPDy+fBuqwAlLn0LO1cNHCr+c9v+7Q3f096MZLDt6c9W4A1Ck/QSMoL5uscLBwG
fXDeLIkDXSLOXFALlgs/kTbEsyJsc1pH2sYPt62A7Z6IfMl7R4dyf6s=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:39:35 2024 by rpki-client on console-fra.rpki-client.org