Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e3134392e32342e302f32342d3234203d3e20313336373837.roa
File:                     3139332e3134392e32342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          mwOyXlmmRXRMmRMlQ1bM9MUpMc9jeIjKEqTnWMvQvL4=
Subject key identifier:   42:35:21:40:BC:E3:67:F2:D6:3E:3B:CF:13:BE:2B:D4:A9:40:48:3D
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       0280BF49D8123F14AEF6E0E09B7C43BE1568E818
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e3134392e32342e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:04 +0000
ROA not before:           Tue 13 Feb 2024 12:49:04 +0000
ROA not after:            Tue 11 Feb 2025 12:54:04 +0000
asID:                     136787
IP address blocks:        193.149.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:80:bf:49:d8:12:3f:14:ae:f6:e0:e0:9b:7c:43:be:15:68:e8:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:04 2024 GMT
            Not After : Feb 11 12:54:04 2025 GMT
        Subject: CN=42352140BCE367F2D63E3BCF13BE2BD4A940483D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c2:7d:e8:96:9f:b0:71:f0:d9:e3:8f:d1:a9:
                    c1:6d:2a:6d:c1:75:7e:d3:78:9c:23:76:ce:28:9a:
                    72:cd:fd:2b:ca:9a:08:63:06:3a:df:52:6c:e9:08:
                    82:e8:fa:0f:eb:61:8e:b2:85:9f:1f:45:3f:66:b6:
                    21:8e:b1:7d:3f:f4:43:35:a1:b3:cd:20:97:78:83:
                    36:77:53:bf:dd:be:9c:88:28:84:2b:77:ec:6a:8e:
                    ca:b4:1c:cd:f2:8b:bf:ac:ae:b9:00:e6:e5:53:a4:
                    ac:cc:11:cc:b4:65:f4:a0:a8:f9:b3:6f:59:e4:d7:
                    cd:59:cf:9a:6c:26:1a:32:e2:e3:7a:4e:68:41:a6:
                    78:8a:4e:30:dc:c9:8c:a2:9d:10:25:ac:1b:10:c9:
                    13:1a:26:57:78:ae:9c:95:b8:ca:09:1a:8d:d8:8a:
                    de:ee:0f:a2:48:36:81:fc:1b:cd:ce:42:ba:4a:36:
                    57:df:ff:2c:a8:b6:23:69:93:f2:a8:d2:63:4a:d6:
                    b6:4d:d7:2e:6f:65:ce:f0:e7:c7:88:bb:89:d0:9a:
                    37:8e:04:6d:e0:6c:9d:15:d4:c8:c0:e6:e5:f3:5a:
                    48:db:ca:20:42:00:2f:f7:53:c4:1c:58:bf:f5:52:
                    d0:0c:8d:59:6d:42:b7:78:f6:ea:cc:f1:20:31:79:
                    fe:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:35:21:40:BC:E3:67:F2:D6:3E:3B:CF:13:BE:2B:D4:A9:40:48:3D
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e3134392e32342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.149.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:fe:42:35:cc:50:f0:67:89:11:f4:19:67:de:f5:be:89:ba:
         4c:02:3f:dc:44:28:07:78:f5:d5:21:b6:5a:f2:ee:50:0d:da:
         21:50:80:90:8b:b2:4f:16:53:fa:fd:b1:54:49:6b:81:0e:77:
         49:c1:59:27:69:43:ee:18:34:84:49:c4:db:af:51:c7:cd:af:
         0e:f2:03:42:88:82:0d:3e:a7:2e:26:cb:2b:ea:7c:5c:b9:12:
         9d:bd:04:dc:4d:e3:65:66:0a:03:2e:fc:81:c3:f3:b2:cb:d4:
         6d:9d:6f:7b:1b:05:cf:79:00:97:cc:0e:63:ab:d4:78:0e:de:
         5a:7d:73:41:1d:18:00:11:d0:a9:27:01:ac:89:62:93:7c:fd:
         43:1e:00:b3:b2:1d:54:ff:f0:d4:6c:c2:09:f7:8d:c2:e3:e2:
         43:61:31:23:9f:f8:0e:ad:fc:66:c6:1f:c4:af:93:da:0f:b9:
         ba:b8:55:85:ee:aa:c9:e6:a0:a7:d2:15:be:ee:31:08:41:b3:
         be:74:8e:27:e2:2a:83:00:e2:6a:2d:ea:83:3c:43:d0:9e:c1:
         74:9c:69:37:95:27:1f:a9:03:93:cd:f2:d0:25:1a:35:c6:d6:
         aa:91:ba:cd:66:13:12:27:bd:61:85:f0:be:d6:a5:85:3c:8f:
         91:6f:0a:91
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUAoC/SdgSPxSu9uDgm3xDvhVo6BgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MDRaFw0yNTAyMTExMjU0MDRaMDMxMTAvBgNV
BAMTKDQyMzUyMTQwQkNFMzY3RjJENjNFM0JDRjEzQkUyQkQ0QTk0MDQ4M0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnwn3olp+wcfDZ44/RqcFtKm3B
dX7TeJwjds4omnLN/SvKmghjBjrfUmzpCILo+g/rYY6yhZ8fRT9mtiGOsX0/9EM1
obPNIJd4gzZ3U7/dvpyIKIQrd+xqjsq0HM3yi7+srrkA5uVTpKzMEcy0ZfSgqPmz
b1nk181Zz5psJhoy4uN6TmhBpniKTjDcyYyinRAlrBsQyRMaJld4rpyVuMoJGo3Y
it7uD6JINoH8G83OQrpKNlff/yyotiNpk/Ko0mNK1rZN1y5vZc7w58eIu4nQmjeO
BG3gbJ0V1MjA5uXzWkjbyiBCAC/3U8QcWL/1UtAMjVltQrd49urM8SAxef5xAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUQjUhQLzjZ/LWPjvPE74r1KlASD0wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTMzMmUzMTM0MzkyZTMy
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBlRgwDQYJKoZIhvcNAQELBQADggEBAIT+QjXMUPBniRH0GWfe9b6JukwCP9xE
KAd49dUhtlry7lAN2iFQgJCLsk8WU/r9sVRJa4EOd0nBWSdpQ+4YNIRJxNuvUcfN
rw7yA0KIgg0+py4myyvqfFy5Ep29BNxN42VmCgMu/IHD87LL1G2db3sbBc95AJfM
DmOr1HgO3lp9c0EdGAAR0KknAayJYpN8/UMeALOyHVT/8NRswgn3jcLj4kNhMSOf
+A6t/GbGH8Svk9oPubq4VYXuqsnmoKfSFb7uMQhBs750jifiKoMA4mot6oM8Q9Ce
wXScaTeVJx+pA5PN8tAlGjXG1qqRus1mExInvWGF8L7WpYU8j5FvCpE=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:39:35 2024 by rpki-client on console-fra.rpki-client.org