Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e3138302e3137372e302f32342d3332203d3e20313431393935.roa
File:                     3139342e3138302e3137372e302f32342d3332203d3e20313431393935.roa (raw, json)
Hash identifier:          DNwB/dV19eLEGkOAs9dUqLvdx02hE+hCxUxQcDrBGCE=
Subject key identifier:   62:27:CE:E2:8D:7F:69:87:E0:D0:F4:79:D4:AF:DD:9F:58:6B:C0:E4
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       2FBFA010C352F2D990B515A59BE828BFF968C145
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e3138302e3137372e302f32342d3332203d3e20313431393935.roa
Signing time:             Tue 12 Mar 2024 20:00:12 +0000
ROA not before:           Tue 12 Mar 2024 19:55:12 +0000
ROA not after:            Tue 11 Mar 2025 20:00:12 +0000
asID:                     141995
IP address blocks:        194.180.177.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:bf:a0:10:c3:52:f2:d9:90:b5:15:a5:9b:e8:28:bf:f9:68:c1:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Mar 12 19:55:12 2024 GMT
            Not After : Mar 11 20:00:12 2025 GMT
        Subject: CN=6227CEE28D7F6987E0D0F479D4AFDD9F586BC0E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a4:e9:f2:1a:91:ed:d5:d5:e5:cf:01:7d:55:
                    36:fb:b5:f5:f7:ac:73:3b:c6:9d:fd:81:63:18:c3:
                    80:10:57:b6:04:e3:43:55:65:ac:1e:df:be:78:d9:
                    ba:16:f2:2c:9b:b4:2e:51:f5:e1:d3:14:85:c0:d8:
                    03:03:31:75:9c:f3:87:e6:84:7b:77:28:e7:46:bf:
                    72:e4:cb:d6:ca:14:71:2e:06:fb:75:28:9d:ef:b8:
                    4e:26:28:fe:eb:d6:bd:11:03:3e:a5:ca:8e:fb:da:
                    87:53:25:d6:56:cb:e8:c2:44:95:20:35:f2:c3:fb:
                    c1:04:60:21:e3:83:04:98:f4:bc:24:22:3b:63:e0:
                    a5:53:7a:33:bf:83:69:18:3e:aa:b1:ce:ca:52:e7:
                    37:9c:e5:52:2e:f9:d4:ae:13:3f:5b:dc:06:3f:70:
                    59:25:f3:12:cd:69:2c:30:10:53:38:f0:42:eb:88:
                    e7:d4:a0:9a:cb:35:39:53:32:fd:30:08:10:4e:83:
                    6e:c4:9c:e4:ce:39:c5:66:3b:ce:df:1e:78:72:a8:
                    78:15:a9:d9:46:8b:9a:de:d3:d7:f3:82:a4:8f:b7:
                    07:cd:c6:a2:ec:eb:fe:ae:f1:ea:d3:cb:41:d0:b8:
                    00:66:81:f1:29:43:89:67:95:ce:b5:6e:c6:05:e7:
                    e6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:27:CE:E2:8D:7F:69:87:E0:D0:F4:79:D4:AF:DD:9F:58:6B:C0:E4
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e3138302e3137372e302f32342d3332203d3e20313431393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:ae:15:4c:50:97:0f:e6:fc:b9:5a:64:7d:ce:a6:1c:e8:9e:
         db:b1:28:a5:82:05:d4:95:a2:15:ad:47:54:64:0a:cb:52:34:
         44:90:8d:cb:c3:86:5e:9f:d6:f9:24:19:e1:c8:22:9b:a3:e4:
         1c:83:c9:c4:f8:de:67:bc:49:e6:27:8b:df:20:ef:2b:c4:a2:
         db:66:c5:dd:d5:c2:69:0d:b4:22:5b:73:7c:33:f0:a2:4e:8e:
         23:63:e6:2c:0e:0e:f8:c3:fa:d0:f4:8c:09:48:d3:04:0a:51:
         d2:63:7d:06:f1:96:00:c4:87:2e:e3:c9:e3:7e:1e:2f:a7:1b:
         d9:a6:5a:c2:ac:44:fa:67:e6:03:97:c9:e9:50:14:65:a1:f9:
         1a:46:6c:4b:fc:47:ef:c8:88:f6:27:7d:0c:7b:f2:7e:9d:3a:
         e9:67:f6:3d:20:7f:41:07:3c:74:5a:02:7b:7a:c8:8f:c4:0b:
         76:8d:2b:f3:84:b6:bb:b4:b4:c8:0f:f2:4c:f3:cf:88:bc:9b:
         11:8a:fa:c4:21:00:f9:5c:09:e0:4d:8f:21:31:2a:51:12:bb:
         ca:7b:be:2c:79:57:ee:0e:ae:28:53:e4:ff:61:bc:25:1c:7b:
         e4:9c:06:fc:6f:d2:42:c0:6e:a5:69:01:74:02:64:3a:6a:3b:
         9f:a4:f9:58
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUL7+gEMNS8tmQtRWlm+gov/lowUUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAzMTIxOTU1MTJaFw0yNTAzMTEyMDAwMTJaMDMxMTAvBgNV
BAMTKDYyMjdDRUUyOEQ3RjY5ODdFMEQwRjQ3OUQ0QUZERDlGNTg2QkMwRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdpOnyGpHt1dXlzwF9VTb7tfX3
rHM7xp39gWMYw4AQV7YE40NVZawe37542boW8iybtC5R9eHTFIXA2AMDMXWc84fm
hHt3KOdGv3Lky9bKFHEuBvt1KJ3vuE4mKP7r1r0RAz6lyo772odTJdZWy+jCRJUg
NfLD+8EEYCHjgwSY9LwkIjtj4KVTejO/g2kYPqqxzspS5zec5VIu+dSuEz9b3AY/
cFkl8xLNaSwwEFM48ELriOfUoJrLNTlTMv0wCBBOg27EnOTOOcVmO87fHnhyqHgV
qdlGi5re09fzgqSPtwfNxqLs6/6u8erTy0HQuABmgfEpQ4lnlc61bsYF5+ZLAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUYifO4o1/aYfg0PR51K/dn1hrwOQwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTM0MmUzMTM4MzAyZTMx
MzczNzJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzQzMTM5MzkzNS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMK0sTANBgkqhkiG9w0BAQsFAAOCAQEAq64VTFCXD+b8uVpkfc6mHOie27Eo
pYIF1JWiFa1HVGQKy1I0RJCNy8OGXp/W+SQZ4cgim6PkHIPJxPjeZ7xJ5ieL3yDv
K8Si22bF3dXCaQ20IltzfDPwok6OI2PmLA4O+MP60PSMCUjTBApR0mN9BvGWAMSH
LuPJ434eL6cb2aZawqxE+mfmA5fJ6VAUZaH5GkZsS/xH78iI9id9DHvyfp066Wf2
PSB/QQc8dFoCe3rIj8QLdo0r84S2u7S0yA/yTPPPiLybEYr6xCEA+VwJ4E2PITEq
URK7ynu+LHlX7g6uKFPk/2G8JRx75JwG/G/SQsBupWkBdAJkOmo7n6T5WA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:07:21 2024 by rpki-client on console-ams.rpki-client.org