Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3131302e302f32342d3332203d3e203531313637.roa
File:                     3139342e31352e3131302e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          DtEmvVyPotwomHnrRg+DCTQnWAL5N5gLc0E/zMi4Obw=
Subject key identifier:   DA:3F:BF:25:3F:02:02:EA:26:4D:26:F7:8F:9B:E0:93:B1:20:20:66
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       43378419979666659A2C924A2FA22A925DAD3D98
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3131302e302f32342d3332203d3e203531313637.roa
Signing time:             Tue 12 Mar 2024 20:00:11 +0000
ROA not before:           Tue 12 Mar 2024 19:55:11 +0000
ROA not after:            Tue 11 Mar 2025 20:00:11 +0000
asID:                     51167
IP address blocks:        194.15.110.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:37:84:19:97:96:66:65:9a:2c:92:4a:2f:a2:2a:92:5d:ad:3d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Mar 12 19:55:11 2024 GMT
            Not After : Mar 11 20:00:11 2025 GMT
        Subject: CN=DA3FBF253F0202EA264D26F78F9BE093B1202066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5c:5d:49:ae:da:ec:fa:bd:8a:ac:73:c3:86:
                    a9:15:79:57:69:fc:7e:30:73:98:5d:c5:46:6b:1f:
                    02:46:07:e4:81:7d:86:a7:53:b3:a3:22:ad:67:17:
                    be:63:18:0b:96:af:d4:ed:ae:6f:97:a3:cd:3a:b1:
                    6a:76:16:c0:6b:25:1d:a3:8e:8d:e0:42:3b:44:2d:
                    69:e4:9b:d3:f7:55:28:a6:77:05:fd:33:97:b0:85:
                    e1:40:04:4f:8d:3e:d6:c3:e0:ba:34:98:be:5d:93:
                    57:c3:d4:15:8a:f0:02:2f:66:a8:9c:32:c4:3a:d8:
                    25:81:b3:9b:7a:6d:7c:ba:ac:4d:f2:b0:cb:32:f1:
                    39:e3:fb:73:62:04:d5:bc:8f:d6:cf:c4:9e:45:68:
                    a8:23:dc:33:9e:14:06:89:2e:96:72:c9:67:53:32:
                    89:52:a6:67:d9:8e:fc:c5:44:f1:e8:e2:be:ec:cd:
                    11:32:51:9c:b9:62:9e:b9:fb:44:47:95:9c:8a:b3:
                    dd:c4:ab:20:0f:34:18:39:92:28:34:39:cf:38:fe:
                    54:9b:d2:24:3c:1c:a5:50:95:b8:48:c2:24:6c:a4:
                    83:7c:2f:4f:3e:bd:a5:41:b2:9d:0a:18:03:d3:78:
                    d4:bc:fe:26:6a:c3:dd:92:3c:3a:69:37:e6:e8:2f:
                    5c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:3F:BF:25:3F:02:02:EA:26:4D:26:F7:8F:9B:E0:93:B1:20:20:66
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e31352e3131302e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:6f:4b:0d:2f:78:9e:33:ed:48:eb:08:77:64:7c:ef:ce:95:
         ff:47:f8:77:41:42:f2:99:4c:b4:7a:e5:d7:af:b1:bb:32:4c:
         06:4b:10:2e:a0:d9:c6:1a:d1:58:72:7b:de:f7:c0:e9:0c:c4:
         4f:aa:d2:d7:ba:16:f4:cd:4f:93:85:ca:9d:85:2d:fb:ce:2a:
         0b:f5:0b:47:01:db:98:3a:11:68:81:fe:9e:d6:fd:f7:0c:43:
         7f:12:46:82:08:d5:91:43:30:69:34:7e:03:db:f6:27:8c:0b:
         86:c0:fa:c2:e9:e0:bc:19:9c:1b:79:3c:84:f7:6f:47:ab:9e:
         b7:cf:b9:60:e2:46:47:e2:00:2d:14:19:9f:3e:14:9b:dd:2d:
         b9:d4:7e:e8:88:d1:f3:a5:91:fc:48:e5:81:cb:c8:06:60:ea:
         dd:6a:db:0b:8a:c5:e4:6b:45:8e:7a:2f:d2:a2:68:6b:10:da:
         81:8b:ed:45:a6:a2:85:c9:d0:44:2e:00:d8:e8:09:31:74:42:
         0c:34:ca:69:b8:fa:37:b4:54:71:b7:35:8c:0f:af:7e:76:e7:
         48:ae:db:69:86:3b:c1:34:3f:14:a5:ba:8c:ec:92:ac:ff:58:
         bc:c6:dd:d8:e2:c1:fc:54:7c:ca:18:3b:22:01:7a:f2:06:64:
         bf:43:b1:3a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUQzeEGZeWZmWaLJJKL6Iqkl2tPZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAzMTIxOTU1MTFaFw0yNTAzMTEyMDAwMTFaMDMxMTAvBgNV
BAMTKERBM0ZCRjI1M0YwMjAyRUEyNjREMjZGNzhGOUJFMDkzQjEyMDIwNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqXF1Jrtrs+r2KrHPDhqkVeVdp
/H4wc5hdxUZrHwJGB+SBfYanU7OjIq1nF75jGAuWr9Ttrm+Xo806sWp2FsBrJR2j
jo3gQjtELWnkm9P3VSimdwX9M5ewheFABE+NPtbD4Lo0mL5dk1fD1BWK8AIvZqic
MsQ62CWBs5t6bXy6rE3ysMsy8Tnj+3NiBNW8j9bPxJ5FaKgj3DOeFAaJLpZyyWdT
MolSpmfZjvzFRPHo4r7szREyUZy5Yp65+0RHlZyKs93EqyAPNBg5kig0Oc84/lSb
0iQ8HKVQlbhIwiRspIN8L08+vaVBsp0KGAPTeNS8/iZqw92SPDppN+boL1zRAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU2j+/JT8CAuomTSb3j5vgk7EgIGYwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTM0MmUzMTM1MmUzMTMx
MzAyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
wg9uMA0GCSqGSIb3DQEBCwUAA4IBAQASb0sNL3ieM+1I6wh3ZHzvzpX/R/h3QULy
mUy0euXXr7G7MkwGSxAuoNnGGtFYcnve98DpDMRPqtLXuhb0zU+ThcqdhS37zioL
9QtHAduYOhFogf6e1v33DEN/EkaCCNWRQzBpNH4D2/YnjAuGwPrC6eC8GZwbeTyE
929Hq563z7lg4kZH4gAtFBmfPhSb3S251H7oiNHzpZH8SOWBy8gGYOrdatsLisXk
a0WOei/SomhrENqBi+1FpqKFydBELgDY6AkxdEIMNMppuPo3tFRxtzWMD69+dudI
rttphjvBND8UpbqM7JKs/1i8xt3Y4sH8VHzKGDsiAXryBmS/Q7E6
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:07:21 2024 by rpki-client on console-ams.rpki-client.org