Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e34362e3234332e302f32342d3332203d3e203531313637.roa
File:                     3139332e34362e3234332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          loIK/GP2Twes3UBSH+w8ywjtYUJtowo3IuCpjYxhP+c=
Subject key identifier:   3A:DE:57:44:2F:8D:BD:2C:7A:9D:E0:33:B4:89:81:9D:69:12:D4:C7
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       7E353F5FEB2B4408B40A17B97DBA3BD46C22A92D
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e34362e3234332e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:47 +0000
ROA not before:           Mon 26 Feb 2024 08:48:47 +0000
ROA not after:            Mon 24 Feb 2025 08:53:47 +0000
asID:                     51167
IP address blocks:        193.46.243.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:35:3f:5f:eb:2b:44:08:b4:0a:17:b9:7d:ba:3b:d4:6c:22:a9:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:47 2024 GMT
            Not After : Feb 24 08:53:47 2025 GMT
        Subject: CN=3ADE57442F8DBD2C7A9DE033B489819D6912D4C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ef:aa:94:20:b3:52:a6:36:d2:fc:4a:71:ea:
                    a1:8a:90:1e:27:d5:97:ed:ff:1c:e9:f7:49:5e:5f:
                    3b:62:8c:2d:0b:b4:9d:b8:62:e1:5a:84:0f:e8:5c:
                    b5:43:6a:37:4b:e6:28:90:a8:7b:2a:04:4d:b0:f3:
                    75:a4:26:18:ea:01:38:df:ed:14:35:c0:1e:90:09:
                    8c:3b:78:21:dc:57:12:13:59:c8:16:07:19:f0:f9:
                    70:6c:cc:b1:57:8c:4a:3a:26:fa:cf:e0:cc:2b:7d:
                    5a:85:d1:04:6e:a2:bf:94:81:d0:a5:b7:c4:e0:aa:
                    37:84:3f:ab:b1:68:96:57:39:1c:7b:a8:67:bb:d5:
                    39:5b:0e:d6:9e:99:1d:53:e4:c9:59:72:32:fc:1f:
                    94:bb:e8:3a:1c:fd:10:74:e2:81:e5:33:20:36:66:
                    38:40:36:02:ed:28:1e:be:f4:e0:a2:b9:2c:65:e7:
                    c2:83:5b:2e:10:39:25:c6:50:58:82:cd:f3:af:ac:
                    18:95:8b:b2:87:60:07:f8:25:7d:68:bc:2a:85:10:
                    23:76:3f:89:ad:ca:ed:4b:6e:3d:be:5f:6e:74:2e:
                    39:ef:46:f1:c9:a3:ed:e8:0f:ec:6e:a2:0c:16:93:
                    50:07:52:b2:f5:15:4f:00:2c:7e:49:c4:d9:99:45:
                    3d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:DE:57:44:2F:8D:BD:2C:7A:9D:E0:33:B4:89:81:9D:69:12:D4:C7
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139332e34362e3234332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:da:38:41:c6:42:f1:04:1a:9f:cb:3b:de:5d:d8:8c:e8:9d:
         25:61:b4:b6:bb:98:37:89:e2:d1:39:3a:96:20:02:d3:92:92:
         b7:9b:e4:60:73:01:d4:6d:d3:be:dd:e5:d4:5b:22:ab:6e:b9:
         0b:8d:f9:86:fb:11:1d:8d:13:6b:39:9e:7f:a7:3c:46:04:3a:
         1d:7e:5f:c3:fc:bd:6e:27:6a:79:36:01:0f:f5:23:85:45:f7:
         67:c0:f7:28:40:8c:7d:ec:e7:2a:57:05:46:3f:27:c3:7f:b9:
         0b:ae:be:d8:26:e3:61:42:81:43:d3:1d:96:95:5a:59:7f:37:
         17:42:24:b7:54:2f:b1:b4:38:54:30:a4:4d:e7:3b:bc:f6:52:
         d2:55:44:ef:1b:41:60:b8:2c:a3:9d:59:95:99:00:62:a7:a2:
         4c:f1:02:ab:ca:39:f3:e9:92:e8:06:09:9e:fc:ce:0c:4f:c6:
         46:b3:f8:7c:a4:d3:ad:55:46:70:dd:c9:f9:03:f3:5c:26:3e:
         a7:87:9d:c2:d6:b7:62:40:a1:47:b9:9d:4e:7f:c6:19:6c:52:
         4c:ae:ab:2a:1a:78:bc:8a:2e:d2:b9:e4:95:41:5e:a8:4f:9e:
         b0:7e:77:81:97:66:92:fb:94:e9:ce:c4:24:08:ff:71:ad:99:
         66:92:a8:08
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUfjU/X+srRAi0Che5fbo71GwiqS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDdaFw0yNTAyMjQwODUzNDdaMDMxMTAvBgNV
BAMTKDNBREU1NzQ0MkY4REJEMkM3QTlERTAzM0I0ODk4MTlENjkxMkQ0QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa76qUILNSpjbS/Epx6qGKkB4n
1Zft/xzp90leXztijC0LtJ24YuFahA/oXLVDajdL5iiQqHsqBE2w83WkJhjqATjf
7RQ1wB6QCYw7eCHcVxITWcgWBxnw+XBszLFXjEo6JvrP4MwrfVqF0QRuor+UgdCl
t8TgqjeEP6uxaJZXORx7qGe71TlbDtaemR1T5MlZcjL8H5S76Doc/RB04oHlMyA2
ZjhANgLtKB6+9OCiuSxl58KDWy4QOSXGUFiCzfOvrBiVi7KHYAf4JX1ovCqFECN2
P4mtyu1Lbj2+X250LjnvRvHJo+3oD+xuogwWk1AHUrL1FU8ALH5JxNmZRT0NAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUOt5XRC+NvSx6neAztImBnWkS1McwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTMzMmUzNDM2MmUzMjM0
MzMyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wS7zMA0GCSqGSIb3DQEBCwUAA4IBAQCP2jhBxkLxBBqfyzveXdiM6J0lYbS2u5g3
ieLROTqWIALTkpK3m+RgcwHUbdO+3eXUWyKrbrkLjfmG+xEdjRNrOZ5/pzxGBDod
fl/D/L1uJ2p5NgEP9SOFRfdnwPcoQIx97OcqVwVGPyfDf7kLrr7YJuNhQoFD0x2W
lVpZfzcXQiS3VC+xtDhUMKRN5zu89lLSVUTvG0FguCyjnVmVmQBip6JM8QKryjnz
6ZLoBgme/M4MT8ZGs/h8pNOtVUZw3cn5A/NcJj6nh53C1rdiQKFHuZ1Of8YZbFJM
rqsqGni8ii7SueSVQV6oT56wfneBl2aS+5TpzsQkCP9xrZlmkqgI
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org