Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e35332e3131302e302f32342d3234203d3e20313336373837.roa
File:                     3139342e35332e3131302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          JboZA+/LuJxxH23oD6HShdjd1cZlICk02I8KE9kSdCY=
Subject key identifier:   30:7E:4F:37:53:D4:F6:A8:E8:7B:70:59:DB:EF:D5:48:8F:BA:91:55
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       4854DE6C1C3B35E34D117A1CA0E6B13E2C938011
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e35332e3131302e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:01 +0000
ROA not before:           Tue 13 Feb 2024 12:49:01 +0000
ROA not after:            Tue 11 Feb 2025 12:54:01 +0000
asID:                     136787
IP address blocks:        194.53.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:54:de:6c:1c:3b:35:e3:4d:11:7a:1c:a0:e6:b1:3e:2c:93:80:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:01 2024 GMT
            Not After : Feb 11 12:54:01 2025 GMT
        Subject: CN=307E4F3753D4F6A8E87B7059DBEFD5488FBA9155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:37:f5:47:7b:b6:c7:ff:26:c1:88:0b:b5:d6:
                    76:ef:8f:ce:72:02:55:e0:f6:9c:7c:7c:40:15:7c:
                    a6:c5:95:a9:ce:b4:c2:d1:c4:49:aa:fb:4a:51:87:
                    78:16:07:3c:df:99:e6:95:28:a7:48:d0:b3:ec:32:
                    c1:11:a3:59:65:93:f5:c0:61:2e:52:6c:4b:64:97:
                    35:d8:26:66:30:ff:1d:6f:51:79:a0:88:43:fb:b3:
                    3b:83:ea:49:ae:cb:3a:b4:c3:c5:98:a8:37:e0:17:
                    81:e4:f7:5d:76:03:75:5d:66:bb:f6:11:8c:0a:1b:
                    08:ea:cb:e2:d2:6c:21:a8:f8:e3:cf:75:fb:5f:9e:
                    96:70:45:b0:da:7a:9b:f0:a2:6c:fd:22:d9:58:15:
                    4e:69:ca:d8:3a:d7:d3:d1:d4:bb:a2:91:7c:fe:8b:
                    ff:aa:1b:0b:49:be:32:96:33:3b:71:b8:28:3d:7f:
                    46:ef:c7:25:0c:d2:3c:ae:4d:32:c6:56:0e:46:0f:
                    8f:51:ec:be:22:af:da:d0:2e:ae:d1:ce:80:38:4d:
                    ac:c0:5b:57:07:3d:c9:6c:f0:3f:b6:4f:50:af:ac:
                    81:7d:31:ef:e1:bd:f1:d1:7e:9e:9a:5c:dc:78:02:
                    81:1c:df:33:f3:44:07:bb:be:25:42:6e:4e:c4:51:
                    3f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:7E:4F:37:53:D4:F6:A8:E8:7B:70:59:DB:EF:D5:48:8F:BA:91:55
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e35332e3131302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:29:75:8a:e0:23:9b:ff:12:db:d1:fb:bc:ba:cc:dd:b2:f5:
         b2:f8:c7:18:2c:02:e0:c9:35:ce:ff:00:d6:19:7c:1d:8f:6d:
         cd:b1:1f:21:d2:80:9c:3b:be:9c:4e:1e:53:7f:cf:02:84:00:
         04:c0:63:af:92:c7:57:dd:5a:27:f0:bb:3f:61:87:47:91:fd:
         22:fc:fa:86:68:74:8b:88:f9:10:bf:65:df:1f:3c:be:cc:d8:
         e5:0e:5f:40:08:e9:a1:0c:40:ef:12:6c:20:27:9f:2b:b1:97:
         77:b7:f6:77:0b:6c:df:b6:ad:a5:76:c3:0a:b9:c3:87:93:6f:
         8a:15:e3:b4:84:37:08:af:9b:64:17:a7:c4:d6:ca:0c:22:f2:
         b3:2a:4e:39:27:76:39:3b:77:bf:1c:6c:7d:bf:4f:b2:b9:3b:
         13:95:ba:c2:4a:42:9f:8e:45:f2:3f:70:2b:b3:56:90:9f:ee:
         f6:ae:e1:83:c6:03:7c:ef:59:b1:48:55:cb:9b:5d:d8:18:65:
         93:11:df:45:98:90:50:06:bb:90:ae:10:51:e5:a2:50:23:5a:
         9a:ee:16:22:03:0b:4b:d9:ad:52:65:ee:9b:3f:cf:8a:ec:e1:
         46:88:53:c5:9e:17:1e:51:ad:8b:9f:83:e6:49:ac:da:5b:48:
         dc:12:bc:71
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUSFTebBw7NeNNEXocoOaxPiyTgBEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MDFaFw0yNTAyMTExMjU0MDFaMDMxMTAvBgNV
BAMTKDMwN0U0RjM3NTNENEY2QThFODdCNzA1OURCRUZENTQ4OEZCQTkxNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdN/VHe7bH/ybBiAu11nbvj85y
AlXg9px8fEAVfKbFlanOtMLRxEmq+0pRh3gWBzzfmeaVKKdI0LPsMsERo1llk/XA
YS5SbEtklzXYJmYw/x1vUXmgiEP7szuD6kmuyzq0w8WYqDfgF4Hk9112A3VdZrv2
EYwKGwjqy+LSbCGo+OPPdftfnpZwRbDaepvwomz9ItlYFU5pytg619PR1LuikXz+
i/+qGwtJvjKWMztxuCg9f0bvxyUM0jyuTTLGVg5GD49R7L4ir9rQLq7RzoA4TazA
W1cHPcls8D+2T1CvrIF9Me/hvfHRfp6aXNx4AoEc3zPzRAe7viVCbk7EUT+BAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUMH5PN1PU9qjoe3BZ2+/VSI+6kVUwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTM0MmUzNTMzMmUzMTMx
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCNW4wDQYJKoZIhvcNAQELBQADggEBAEkpdYrgI5v/EtvR+7y6zN2y9bL4xxgs
AuDJNc7/ANYZfB2Pbc2xHyHSgJw7vpxOHlN/zwKEAATAY6+Sx1fdWifwuz9hh0eR
/SL8+oZodIuI+RC/Zd8fPL7M2OUOX0AI6aEMQO8SbCAnnyuxl3e39ncLbN+2raV2
wwq5w4eTb4oV47SENwivm2QXp8TWygwi8rMqTjkndjk7d78cbH2/T7K5OxOVusJK
Qp+ORfI/cCuzVpCf7vau4YPGA3zvWbFIVcubXdgYZZMR30WYkFAGu5CuEFHlolAj
WpruFiIDC0vZrVJl7ps/z4rs4UaIU8WeFx5RrYufg+ZJrNpbSNwSvHE=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org