Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3130392e302f32342d3234203d3e20323131313932.roa
File:                     3139342e31352e3130392e302f32342d3234203d3e20323131313932.roa (raw, json)
Hash identifier:          3IcZpg3dL1smP9sIzMrdZqQRoc35qFcBqmRJNkUTYks=
Subject key identifier:   1D:1E:97:2C:44:8E:95:11:52:D1:E0:4E:F0:BC:EB:42:C5:64:78:89
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       457319AF76C3986C14B7139ED57CBF83D5F6D82A
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3130392e302f32342d3234203d3e20323131313932.roa
Signing time:             Mon 26 Feb 2024 08:53:47 +0000
ROA not before:           Mon 26 Feb 2024 08:48:47 +0000
ROA not after:            Mon 24 Feb 2025 08:53:47 +0000
asID:                     211192
IP address blocks:        194.15.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:73:19:af:76:c3:98:6c:14:b7:13:9e:d5:7c:bf:83:d5:f6:d8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:47 2024 GMT
            Not After : Feb 24 08:53:47 2025 GMT
        Subject: CN=1D1E972C448E951152D1E04EF0BCEB42C5647889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4a:79:aa:58:ed:b3:8f:48:d6:8a:64:40:56:
                    83:b2:c3:26:ba:36:5e:0c:f0:c8:88:22:5f:fe:a1:
                    d1:3f:0a:62:33:c1:b4:d1:2b:1a:3e:2d:a7:d0:8b:
                    3c:70:3e:e5:b3:48:f9:0a:19:f7:f2:54:b6:28:b1:
                    f8:a7:2b:95:36:a6:f5:04:de:20:16:87:88:7c:81:
                    9f:1f:8d:73:9a:39:1c:6e:ad:38:9c:f7:db:67:66:
                    f5:1b:44:43:f1:e9:1f:14:52:1c:cf:a9:d7:3e:b8:
                    05:bd:a3:69:2b:b8:60:b8:b0:03:a3:ba:6f:f2:c0:
                    1d:c0:ea:74:d1:19:c7:95:8b:ba:85:4a:07:53:b4:
                    90:b8:1e:58:58:c3:b9:3d:71:80:52:76:71:d3:6f:
                    0a:06:a4:f9:f4:de:9e:24:f4:6a:e7:f8:4a:57:c7:
                    b7:8b:7d:3d:ef:52:5b:0d:c7:0e:f7:b2:a7:fc:ed:
                    ac:d8:ca:31:8e:60:b6:30:c9:69:79:ad:fb:e3:93:
                    65:72:d8:da:f6:52:1b:fa:93:65:a3:a5:38:42:c6:
                    d6:66:91:b9:87:7a:33:86:f1:c9:99:88:86:f1:c1:
                    87:d7:cb:29:24:9e:fa:ae:2e:b0:6c:b6:b1:01:83:
                    65:cf:d6:ad:b7:94:29:fc:36:5c:70:ab:d2:60:8f:
                    e6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:1E:97:2C:44:8E:95:11:52:D1:E0:4E:F0:BC:EB:42:C5:64:78:89
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3130392e302f32342d3234203d3e20323131313932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:57:97:44:1f:a0:e2:74:68:91:f3:6b:28:de:2d:98:bb:14:
         79:27:3e:9b:ef:d9:90:f9:38:12:0b:c8:cd:7a:3b:ba:39:17:
         3b:cf:8a:d8:a2:5f:f7:ff:aa:cc:1d:10:ee:5b:f1:17:26:21:
         4a:f0:7e:7a:c8:2f:7f:1d:ec:90:75:8b:1c:3d:74:a0:a5:8b:
         cc:d9:20:cc:c7:d6:18:e2:05:89:5a:3a:25:d4:c8:07:99:bc:
         14:59:e4:3d:94:20:19:82:e3:ce:d9:b2:cc:34:57:45:92:d8:
         99:f3:3f:5b:02:de:bd:dc:a1:ad:cf:64:be:f1:c7:37:6c:8b:
         10:71:d6:4c:c0:71:4a:73:be:37:1f:ab:e2:85:fd:c2:71:4a:
         7b:83:59:2d:1a:25:46:38:b0:00:7f:24:fc:bf:9a:68:06:a3:
         3a:e1:ae:c6:07:43:c9:54:7a:bd:34:b3:ca:89:e6:ea:f7:33:
         14:d3:05:94:f1:50:30:5d:81:36:4f:5c:32:8e:89:19:90:f1:
         fd:7c:e1:22:a0:81:45:38:84:77:c7:08:d4:57:21:55:91:20:
         db:3e:0d:39:b8:83:fc:9b:52:22:fd:d0:92:fb:4e:36:2b:f5:
         0e:7e:65:be:36:09:f2:96:34:44:d6:f7:bf:c3:b6:9d:2a:a6:
         d9:0d:5c:2b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIURXMZr3bDmGwUtxOe1Xy/g9X22CowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDdaFw0yNTAyMjQwODUzNDdaMDMxMTAvBgNV
BAMTKDFEMUU5NzJDNDQ4RTk1MTE1MkQxRTA0RUYwQkNFQjQyQzU2NDc4ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhSnmqWO2zj0jWimRAVoOywya6
Nl4M8MiIIl/+odE/CmIzwbTRKxo+LafQizxwPuWzSPkKGffyVLYosfinK5U2pvUE
3iAWh4h8gZ8fjXOaORxurTic99tnZvUbREPx6R8UUhzPqdc+uAW9o2kruGC4sAOj
um/ywB3A6nTRGceVi7qFSgdTtJC4HlhYw7k9cYBSdnHTbwoGpPn03p4k9Grn+EpX
x7eLfT3vUlsNxw73sqf87azYyjGOYLYwyWl5rfvjk2Vy2Nr2Uhv6k2WjpThCxtZm
kbmHejOG8cmZiIbxwYfXyykknvquLrBstrEBg2XP1q23lCn8Nlxwq9Jgj+bLAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUHR6XLESOlRFS0eBO8LzrQsVkeIkwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTM0MmUzMTM1MmUzMTMw
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzEzMTM5MzIucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCD20wDQYJKoZIhvcNAQELBQADggEBABtXl0QfoOJ0aJHzayjeLZi7FHknPpvv
2ZD5OBILyM16O7o5FzvPitiiX/f/qswdEO5b8RcmIUrwfnrIL38d7JB1ixw9dKCl
i8zZIMzH1hjiBYlaOiXUyAeZvBRZ5D2UIBmC487Zssw0V0WS2JnzP1sC3r3coa3P
ZL7xxzdsixBx1kzAcUpzvjcfq+KF/cJxSnuDWS0aJUY4sAB/JPy/mmgGozrhrsYH
Q8lUer00s8qJ5ur3MxTTBZTxUDBdgTZPXDKOiRmQ8f184SKggUU4hHfHCNRXIVWR
INs+DTm4g/ybUiL90JL7TjYr9Q5+Zb42CfKWNETW97/Dtp0qptkNXCs=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org