Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e35332e3131312e302f32342d3234203d3e20313336373837.roa
File:                     3139342e35332e3131312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          SqGMVgffQ08iDiZsNg9q681lbWkC45zcYuREu29bstc=
Subject key identifier:   D7:92:12:76:33:93:A3:A0:79:D6:6E:DF:A9:95:8C:B0:4C:A3:73:AD
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       0574870EC18831ACB1322B876DE02CD21F0813D4
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e35332e3131312e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:03 +0000
ROA not before:           Tue 13 Feb 2024 12:49:03 +0000
ROA not after:            Tue 11 Feb 2025 12:54:03 +0000
asID:                     136787
IP address blocks:        194.53.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:74:87:0e:c1:88:31:ac:b1:32:2b:87:6d:e0:2c:d2:1f:08:13:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 13 12:49:03 2024 GMT
            Not After : Feb 11 12:54:03 2025 GMT
        Subject: CN=D79212763393A3A079D66EDFA9958CB04CA373AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:12:4b:fa:cd:a1:96:c8:d3:b4:87:c4:a5:c0:
                    c1:e5:9e:a1:3c:40:37:b1:7c:e6:0c:82:6f:c3:fb:
                    e8:52:22:ea:27:39:eb:56:56:41:3e:78:c8:ba:84:
                    8a:c0:1f:c8:62:38:4d:81:a1:c9:7e:d7:39:e4:25:
                    72:b1:93:12:02:cb:a5:f0:47:73:db:2a:97:1b:b7:
                    fb:14:8b:7e:a5:e2:81:89:83:2e:a8:2b:07:18:75:
                    4f:fa:49:7f:41:ab:8e:bf:51:12:e6:0c:82:58:5d:
                    f3:47:60:4d:8a:9a:ae:ce:1d:4b:74:0a:f8:ad:43:
                    e3:3e:ad:fb:44:57:7b:eb:62:4a:af:a3:a4:46:1f:
                    8a:be:e5:83:bd:3f:61:2b:80:9c:3e:47:06:df:fc:
                    89:dc:fa:c5:fe:b7:d0:dc:d6:15:98:e8:93:e2:a1:
                    24:59:5c:59:d5:75:ad:40:d3:44:f1:94:23:72:e0:
                    8a:b2:e8:be:fa:86:12:16:7c:3b:40:93:a2:3b:24:
                    2e:86:0e:ea:dd:f8:15:de:40:f0:7d:80:dd:a1:11:
                    d4:c9:81:da:55:48:ef:c6:ee:74:7c:10:8c:e3:9b:
                    40:50:32:2d:54:21:0f:94:dd:e1:d3:1e:bb:71:15:
                    70:c1:c5:85:98:72:4a:10:ac:1c:cc:ef:09:04:ff:
                    d7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:92:12:76:33:93:A3:A0:79:D6:6E:DF:A9:95:8C:B0:4C:A3:73:AD
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e35332e3131312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:df:f9:85:4f:a9:a8:54:89:41:71:dd:95:9a:4b:90:e7:e4:
         62:6d:6d:37:86:bd:99:72:9a:70:0e:b2:70:e6:a3:34:43:2f:
         71:07:74:f7:59:3b:41:89:4a:91:c1:bb:db:5a:91:69:d1:7e:
         4b:63:6c:1a:6e:8e:07:e6:ee:ac:1e:67:b9:bb:96:b2:3d:16:
         df:af:da:31:fb:a9:0c:8d:3c:8c:d4:0b:b8:42:ce:82:47:66:
         e3:ea:33:1e:97:e4:b8:54:36:62:96:a0:d0:a4:64:87:f3:ac:
         6e:a5:a4:16:4d:a9:ef:32:f4:97:8d:1d:71:e8:ac:70:c1:ab:
         77:76:1b:17:b5:e7:62:08:58:d9:e7:e8:2f:42:33:3a:a2:36:
         5f:1d:05:8e:43:1a:47:8d:e7:e5:33:64:94:a7:d0:b7:01:ca:
         b8:30:88:ac:0c:27:40:b4:85:c3:27:cc:dc:1a:b5:13:e9:e6:
         e4:77:50:bf:bb:4b:02:28:10:2b:48:ec:d8:6c:43:61:36:57:
         41:83:af:af:29:a3:a1:ba:79:0f:cd:bc:8f:cf:c6:41:42:52:
         a1:43:5e:7b:b8:74:3b:de:fe:a8:93:6f:67:63:f8:06:41:1a:
         7a:8b:a8:b0:68:c8:01:d7:fe:0e:e0:69:a9:93:48:eb:f8:99:
         e7:2f:54:39
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUBXSHDsGIMayxMiuHbeAs0h8IE9QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMTMxMjQ5MDNaFw0yNTAyMTExMjU0MDNaMDMxMTAvBgNV
BAMTKEQ3OTIxMjc2MzM5M0EzQTA3OUQ2NkVERkE5OTU4Q0IwNENBMzczQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfEkv6zaGWyNO0h8SlwMHlnqE8
QDexfOYMgm/D++hSIuonOetWVkE+eMi6hIrAH8hiOE2Bocl+1znkJXKxkxICy6Xw
R3PbKpcbt/sUi36l4oGJgy6oKwcYdU/6SX9Bq46/URLmDIJYXfNHYE2Kmq7OHUt0
CvitQ+M+rftEV3vrYkqvo6RGH4q+5YO9P2ErgJw+Rwbf/Inc+sX+t9Dc1hWY6JPi
oSRZXFnVda1A00TxlCNy4Iqy6L76hhIWfDtAk6I7JC6GDurd+BXeQPB9gN2hEdTJ
gdpVSO/G7nR8EIzjm0BQMi1UIQ+U3eHTHrtxFXDBxYWYckoQrBzM7wkE/9fPAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU15ISdjOTo6B51m7fqZWMsEyjc60wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTM0MmUzNTMzMmUzMTMx
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCNW8wDQYJKoZIhvcNAQELBQADggEBAD/f+YVPqahUiUFx3ZWaS5Dn5GJtbTeG
vZlymnAOsnDmozRDL3EHdPdZO0GJSpHBu9takWnRfktjbBpujgfm7qweZ7m7lrI9
Ft+v2jH7qQyNPIzUC7hCzoJHZuPqMx6X5LhUNmKWoNCkZIfzrG6lpBZNqe8y9JeN
HXHorHDBq3d2Gxe152IIWNnn6C9CMzqiNl8dBY5DGkeN5+UzZJSn0LcByrgwiKwM
J0C0hcMnzNwatRPp5uR3UL+7SwIoECtI7NhsQ2E2V0GDr68po6G6eQ/NvI/PxkFC
UqFDXnu4dDve/qiTb2dj+AZBGnqLqLBoyAHX/g7gaamTSOv4mecvVDk=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org