Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/clonoth/1/3139332e33322e3130302e302f32342d3234203d3e203537313936.roa
File:                     3139332e33322e3130302e302f32342d3234203d3e203537313936.roa (raw, json)
Hash identifier:          Q3QiqxUuMSp7WUu02mA+KyUsM0fons3AJE9l+1oNWeY=
Subject key identifier:   73:98:70:B4:C8:93:A3:CC:39:9F:07:21:8E:BA:DB:08:5A:8E:CE:B3
Certificate issuer:       /CN=c23a7169f6499dd2815c9178a890bc4c0514ddf9
Certificate serial:       5942D55BA70B80050517F31446D06F88ACD1E1C2
Authority key identifier: C2:3A:71:69:F6:49:9D:D2:81:5C:91:78:A8:90:BC:4C:05:14:DD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer
Subject info access:      rsync://rsync.rp.ki/repo/clonoth/1/3139332e33322e3130302e302f32342d3234203d3e203537313936.roa
Signing time:             Mon 06 May 2024 09:08:24 +0000
ROA not before:           Mon 06 May 2024 09:03:24 +0000
ROA not after:            Mon 05 May 2025 09:08:24 +0000
asID:                     57196
IP address blocks:        193.32.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.crl
                          rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:42:d5:5b:a7:0b:80:05:05:17:f3:14:46:d0:6f:88:ac:d1:e1:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c23a7169f6499dd2815c9178a890bc4c0514ddf9
        Validity
            Not Before: May  6 09:03:24 2024 GMT
            Not After : May  5 09:08:24 2025 GMT
        Subject: CN=739870B4C893A3CC399F07218EBADB085A8ECEB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b6:e0:ed:8d:ac:9c:1f:34:61:27:15:15:72:
                    ff:e3:43:31:fa:29:64:f5:4b:a6:68:1a:d9:b8:4e:
                    72:bb:58:04:65:67:ae:a3:21:ed:8a:dc:e3:a2:74:
                    fb:26:43:4a:af:5b:ee:d0:f1:df:9d:4a:99:76:fe:
                    41:6f:c7:da:ed:75:05:ed:26:13:52:d8:09:60:e0:
                    e7:8a:a9:25:8f:73:d8:41:f5:51:20:f7:22:32:f1:
                    e6:b6:b7:b0:c8:38:b8:13:91:6c:07:3f:3d:4a:40:
                    33:5e:69:10:99:17:59:76:dd:b6:91:ac:49:63:d2:
                    9f:0b:66:e1:3b:e9:c9:70:f8:c3:e0:bc:fa:2c:ea:
                    a0:56:59:00:08:33:e2:e1:54:50:05:a5:1d:70:cb:
                    6f:af:ab:c8:67:16:c2:86:68:7f:6e:c9:f0:58:d2:
                    14:1e:ee:c3:57:be:be:2e:72:f4:c8:b2:cc:5f:01:
                    ed:db:74:5f:19:a9:b3:a3:45:23:5c:e8:38:a3:1a:
                    55:d5:14:80:8c:61:d9:36:f8:e3:15:7f:54:53:3e:
                    d0:c6:74:89:44:dc:f4:6a:4b:7e:b7:e4:d4:5b:b3:
                    77:a0:95:8f:62:ae:c8:2f:3d:a0:58:be:8d:c9:46:
                    3d:a6:46:d6:e3:dd:35:1c:cf:12:e7:1a:db:7b:4f:
                    fa:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:98:70:B4:C8:93:A3:CC:39:9F:07:21:8E:BA:DB:08:5A:8E:CE:B3
            X509v3 Authority Key Identifier:
                keyid:C2:3A:71:69:F6:49:9D:D2:81:5C:91:78:A8:90:BC:4C:05:14:DD:F9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/clonoth/1/3139332e33322e3130302e302f32342d3234203d3e203537313936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:34:25:c3:8f:50:97:bf:26:8a:bb:3c:2b:76:7d:46:65:4a:
         a0:36:14:5c:d1:37:69:e2:a6:20:60:f8:e2:c9:6a:85:21:d0:
         e2:8e:6d:57:d2:be:0a:4f:9c:0b:0c:40:67:98:8f:bf:f4:8a:
         1d:fe:9e:f4:77:ef:3b:11:f3:4b:c9:b9:4b:30:65:73:0b:f8:
         cf:3b:26:ec:78:b9:bf:47:03:3e:21:28:15:29:02:7e:91:1a:
         7d:db:04:3c:c2:15:33:8c:2f:1a:3f:dd:0f:04:1c:c7:29:a0:
         98:11:d0:a9:df:18:e1:7e:0b:7d:92:39:25:c3:56:ec:92:07:
         11:c0:0b:9d:51:3d:1a:69:be:77:e1:8b:bc:78:0a:77:8a:fb:
         04:92:44:a2:c9:be:8a:2a:e3:ed:b2:4f:3c:81:fb:b5:1a:57:
         b9:73:8c:2c:d8:df:0b:e4:b2:ec:31:44:a1:e7:94:75:1c:94:
         47:0c:12:21:78:2b:21:a2:46:a1:cb:a1:f1:29:a8:1e:8c:9e:
         5b:12:a6:de:35:49:11:ec:b7:2a:7e:45:28:15:12:7c:75:e1:
         84:45:46:ed:ae:59:66:05:bf:91:58:57:be:88:f4:63:fc:c3:
         64:fd:68:2e:26:10:46:7e:ad:f5:35:dd:b2:36:90:f3:23:63:
         e1:cf:e1:91
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUWULVW6cLgAUFF/MURtBviKzR4cIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzYTcxNjlmNjQ5OWRkMjgxNWM5MTc4YTg5MGJjNGMw
NTE0ZGRmOTAeFw0yNDA1MDYwOTAzMjRaFw0yNTA1MDUwOTA4MjRaMDMxMTAvBgNV
BAMTKDczOTg3MEI0Qzg5M0EzQ0MzOTlGMDcyMThFQkFEQjA4NUE4RUNFQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKtuDtjaycHzRhJxUVcv/jQzH6
KWT1S6ZoGtm4TnK7WARlZ66jIe2K3OOidPsmQ0qvW+7Q8d+dSpl2/kFvx9rtdQXt
JhNS2Alg4OeKqSWPc9hB9VEg9yIy8ea2t7DIOLgTkWwHPz1KQDNeaRCZF1l23baR
rElj0p8LZuE76clw+MPgvPos6qBWWQAIM+LhVFAFpR1wy2+vq8hnFsKGaH9uyfBY
0hQe7sNXvr4ucvTIssxfAe3bdF8ZqbOjRSNc6DijGlXVFICMYdk2+OMVf1RTPtDG
dIlE3PRqS3635NRbs3eglY9irsgvPaBYvo3JRj2mRtbj3TUczxLnGtt7T/oxAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUc5hwtMiTo8w5nwchjrrbCFqOzrMwHwYDVR0j
BBgwFoAUwjpxafZJndKBXJF4qJC8TAUU3fkwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnN5bmMucnAua2kvcmVwby9jbG9ub3RoLzEv
QzIzQTcxNjlGNjQ5OUREMjgxNUM5MTc4QTg5MEJDNEMwNTE0RERGOS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL3dqcHhhZlpKbmRLQlhKRjRxSkM4VEFVVTNmay5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3JzeW5jLnJw
LmtpL3JlcG8vY2xvbm90aC8xLzMxMzkzMzJlMzMzMjJlMzEzMDMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNzMxMzkzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEgZDANBgkqhkiG
9w0BAQsFAAOCAQEAtTQlw49Ql78mirs8K3Z9RmVKoDYUXNE3aeKmIGD44slqhSHQ
4o5tV9K+Ck+cCwxAZ5iPv/SKHf6e9HfvOxHzS8m5SzBlcwv4zzsm7Hi5v0cDPiEo
FSkCfpEafdsEPMIVM4wvGj/dDwQcxymgmBHQqd8Y4X4LfZI5JcNW7JIHEcALnVE9
Gmm+d+GLvHgKd4r7BJJEosm+iirj7bJPPIH7tRpXuXOMLNjfC+Sy7DFEoeeUdRyU
RwwSIXgrIaJGocuh8SmoHoyeWxKm3jVJEey3Kn5FKBUSfHXhhEVG7a5ZZgW/kVhX
voj0Y/zDZP1oLiYQRn6t9TXdsjaQ8yNj4c/hkQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:49 2024 by rpki-client on console-ams.rpki-client.org