Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3130382e302f32342d3234203d3e20313336373837.roa
File:                     3139342e31352e3130382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          92phWAgracRZl4OMaqhLCXy0gW9aNVV9A3i5SrI9/9w=
Subject key identifier:   AA:51:E4:3E:4B:16:31:30:33:43:CB:39:C8:45:16:29:42:B6:B2:84
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       66B8D285483C476F3F693B26A923D14B9CCF7A02
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3130382e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 08 Mar 2024 12:58:24 +0000
ROA not before:           Fri 08 Mar 2024 12:53:24 +0000
ROA not after:            Fri 07 Mar 2025 12:58:24 +0000
asID:                     136787
IP address blocks:        194.15.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:b8:d2:85:48:3c:47:6f:3f:69:3b:26:a9:23:d1:4b:9c:cf:7a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Mar  8 12:53:24 2024 GMT
            Not After : Mar  7 12:58:24 2025 GMT
        Subject: CN=AA51E43E4B1631303343CB39C845162942B6B284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2b:b3:97:2e:f7:f4:99:3c:2f:b5:a8:5c:cd:
                    3d:05:97:f3:33:8d:79:15:d7:db:6e:90:33:77:2c:
                    38:8d:f5:75:63:ab:c4:44:a6:39:7a:e2:eb:b6:d2:
                    c5:b3:0c:89:34:7c:33:17:e5:fc:ee:8e:59:b3:c7:
                    07:0e:60:50:fe:b2:d3:7e:b5:91:9a:d7:d3:ad:87:
                    64:6d:03:08:3b:20:71:60:d1:ae:13:8b:fc:f7:d0:
                    bf:b3:d1:bf:78:1c:e6:9a:66:b9:af:37:4c:3d:91:
                    69:11:00:66:6a:40:24:6a:fc:08:79:17:0f:d2:52:
                    00:7b:9b:9f:bb:e4:13:21:19:0a:e6:6b:c2:f2:1a:
                    b7:8d:61:90:5b:4f:67:6a:4a:49:de:cd:4b:61:22:
                    6b:4c:1f:19:7d:de:28:1f:80:6a:11:ca:02:de:31:
                    e1:a4:69:56:9d:48:26:87:b8:3a:a4:95:84:d6:c1:
                    dd:dc:52:94:e7:47:5c:f6:9d:d5:17:06:02:e3:5c:
                    9b:97:86:1a:be:ce:86:39:7b:28:97:ee:9a:10:38:
                    c6:09:0d:cc:11:5b:21:82:c0:a5:0b:91:0d:c6:79:
                    5a:f7:2b:e6:6c:32:79:6d:0f:28:3e:a3:23:da:89:
                    85:9e:e4:9c:7d:8f:72:12:32:02:8f:7a:92:57:f5:
                    a5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:51:E4:3E:4B:16:31:30:33:43:CB:39:C8:45:16:29:42:B6:B2:84
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3130382e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:a7:05:66:72:82:3a:ae:e6:5d:40:cd:19:b7:c8:89:ff:4c:
         e7:74:87:8d:91:72:b5:88:68:34:89:f1:88:d9:44:80:05:89:
         e8:5f:8d:8b:9f:a4:9f:f2:d0:0a:9e:1a:75:f6:eb:fa:82:73:
         a4:dd:34:73:1e:4f:5b:48:37:40:3c:7b:46:0b:8c:5c:c7:2d:
         59:fe:23:a8:ba:fd:a4:f5:43:d9:fa:2f:62:78:bf:c7:00:99:
         eb:b6:f0:88:9b:4c:93:d2:23:d5:88:70:12:b7:0b:a4:3b:eb:
         59:7e:5f:b0:4d:ad:e9:83:8d:bf:11:7e:34:36:b8:72:08:66:
         c3:5d:3b:d3:d6:78:88:ee:d2:9c:32:8b:9b:36:f2:49:04:62:
         80:67:f4:f3:a4:30:27:3d:96:9e:15:d9:9b:05:fa:ec:eb:c5:
         07:61:63:d8:0f:ca:d3:83:46:7c:61:d5:68:40:72:9d:11:d9:
         74:7d:80:09:00:6a:b6:3c:6d:5f:4b:25:8a:96:86:86:ff:1e:
         de:82:34:ac:2e:29:a5:21:08:46:2c:86:7e:5b:10:ad:8d:a4:
         c0:5e:e8:cf:53:fb:05:11:cd:29:f7:1a:10:b8:8f:1e:e8:88:
         b8:b9:11:47:25:e5:24:a0:dd:77:22:a3:bb:ac:38:0c:9b:d7:
         20:91:bd:d1
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUZrjShUg8R28/aTsmqSPRS5zPegIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAzMDgxMjUzMjRaFw0yNTAzMDcxMjU4MjRaMDMxMTAvBgNV
BAMTKEFBNTFFNDNFNEIxNjMxMzAzMzQzQ0IzOUM4NDUxNjI5NDJCNkIyODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYK7OXLvf0mTwvtahczT0Fl/Mz
jXkV19tukDN3LDiN9XVjq8REpjl64uu20sWzDIk0fDMX5fzujlmzxwcOYFD+stN+
tZGa19Oth2RtAwg7IHFg0a4Ti/z30L+z0b94HOaaZrmvN0w9kWkRAGZqQCRq/Ah5
Fw/SUgB7m5+75BMhGQrma8LyGreNYZBbT2dqSknezUthImtMHxl93igfgGoRygLe
MeGkaVadSCaHuDqklYTWwd3cUpTnR1z2ndUXBgLjXJuXhhq+zoY5eyiX7poQOMYJ
DcwRWyGCwKULkQ3GeVr3K+ZsMnltDyg+oyPaiYWe5Jx9j3ISMgKPepJX9aVPAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUqlHkPksWMTAzQ8s5yEUWKUK2soQwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTM0MmUzMTM1MmUzMTMw
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCD2wwDQYJKoZIhvcNAQELBQADggEBAASnBWZygjqu5l1AzRm3yIn/TOd0h42R
crWIaDSJ8YjZRIAFiehfjYufpJ/y0AqeGnX26/qCc6TdNHMeT1tIN0A8e0YLjFzH
LVn+I6i6/aT1Q9n6L2J4v8cAmeu28IibTJPSI9WIcBK3C6Q761l+X7BNremDjb8R
fjQ2uHIIZsNdO9PWeIju0pwyi5s28kkEYoBn9POkMCc9lp4V2ZsF+uzrxQdhY9gP
ytODRnxh1WhAcp0R2XR9gAkAarY8bV9LJYqWhob/Ht6CNKwuKaUhCEYshn5bEK2N
pMBe6M9T+wURzSn3GhC4jx7oiLi5EUcl5SSg3Xcio7usOAyb1yCRvdE=
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:59:03 2024 by rpki-client on console-ams.rpki-client.org