Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3133302e36332e302f32342d3234203d3e203332313831.roa
File:                     3138352e3133302e36332e302f32342d3234203d3e203332313831.roa (raw, json)
Hash identifier:          +vTp3cbheQETL3jfc6z3xX4NlCzAvE2ShCOTcJERXyo=
Subject key identifier:   B5:45:B1:13:6D:5D:BC:F1:49:F5:50:46:89:69:F5:42:64:B8:93:50
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       1BE412E225F480C9C785BDBD21033ADCE2BA322D
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3133302e36332e302f32342d3234203d3e203332313831.roa
Signing time:             Mon 11 Sep 2023 09:04:30 +0000
ROA not before:           Mon 11 Sep 2023 08:59:30 +0000
ROA not after:            Mon 09 Sep 2024 09:04:30 +0000
asID:                     32181
IP address blocks:        185.130.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:e4:12:e2:25:f4:80:c9:c7:85:bd:bd:21:03:3a:dc:e2:ba:32:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Sep 11 08:59:30 2023 GMT
            Not After : Sep  9 09:04:30 2024 GMT
        Subject: CN=B545B1136D5DBCF149F550468969F54264B89350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:49:87:eb:af:5f:b1:b9:e5:58:e2:86:b7:7c:
                    57:3b:38:c4:df:73:0b:dd:0d:63:fc:4c:56:37:df:
                    13:5e:26:bf:9a:34:74:31:19:19:fb:02:7d:8b:5e:
                    a5:e6:cc:1c:b9:53:a7:f9:d0:d0:8b:c0:63:67:44:
                    76:bf:c6:29:28:b9:50:1c:2e:d3:32:58:06:7c:60:
                    9d:e2:07:64:42:48:91:a2:f4:52:ac:5e:25:7a:33:
                    89:69:bc:09:cd:67:c7:a9:3f:1e:77:d0:dc:d9:41:
                    3a:a9:a3:cb:39:60:84:9d:1b:fe:ce:f9:20:49:7e:
                    a9:93:65:ca:8c:07:55:bc:08:13:bc:77:7d:b9:a5:
                    08:a6:62:37:d6:59:c9:ba:0c:db:70:c3:17:68:99:
                    4e:f7:84:62:74:d1:27:78:3b:ca:45:1b:65:11:f7:
                    0e:d4:6f:15:8c:0d:a6:02:13:5c:df:f2:b9:d6:34:
                    78:f2:04:e1:d5:95:eb:5e:c5:50:30:d0:6a:eb:22:
                    ef:41:23:25:74:9c:97:ce:87:55:81:93:6b:7e:bd:
                    72:c4:3a:a4:b0:64:f8:00:d5:2f:bf:44:3a:52:b0:
                    fa:b2:c5:74:97:3a:40:67:f5:8d:ea:d6:2a:3e:1f:
                    eb:ef:f1:48:56:fa:af:99:40:07:2e:6b:52:c6:bf:
                    b1:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:45:B1:13:6D:5D:BC:F1:49:F5:50:46:89:69:F5:42:64:B8:93:50
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3133302e36332e302f32342d3234203d3e203332313831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:c3:a6:ab:81:3e:ff:76:50:a4:0b:7e:59:6e:66:67:d5:ca:
         67:f5:ec:1f:c8:7f:bd:a5:44:5b:15:12:9e:1f:c8:00:a0:49:
         86:d6:8c:ff:65:13:f6:88:2c:3e:26:61:02:c3:11:9e:2a:ad:
         78:6d:1a:0c:aa:be:46:e6:6c:c3:d1:53:2c:66:25:37:8e:c7:
         20:07:10:b7:96:25:4c:dd:03:38:05:a7:e0:94:25:3c:a4:f0:
         d9:20:e5:13:30:3b:b7:27:48:b3:d4:aa:5e:26:d2:be:40:04:
         f4:33:e0:21:cb:68:64:5b:ff:95:e7:1c:b5:0d:8e:5b:90:46:
         2e:8b:91:03:4e:5c:7d:d2:c8:9b:c9:9a:8d:65:9b:13:73:be:
         7c:c8:7b:c7:e9:83:53:4a:f6:29:cb:43:85:cc:f4:27:5b:f1:
         e6:b2:c7:93:c6:49:c5:b8:64:60:fd:e9:1b:df:f1:ad:54:1d:
         0e:cf:23:56:6c:ad:8d:ad:f9:44:98:96:96:92:dc:dc:9a:27:
         dc:53:b7:f9:48:ea:ee:f9:3f:0e:18:99:9d:d4:6b:74:c2:14:
         e8:dc:bb:e9:cf:b8:5b:08:43:bd:5a:aa:c3:29:0d:78:81:dc:
         17:8d:fd:1e:de:0d:b3:3e:4f:4f:4f:fe:39:39:9b:bd:e9:89:
         cf:21:58:90
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUG+QS4iX0gMnHhb29IQM63OK6Mi0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yMzA5MTEwODU5MzBaFw0yNDA5MDkwOTA0MzBaMDMxMTAvBgNV
BAMTKEI1NDVCMTEzNkQ1REJDRjE0OUY1NTA0Njg5NjlGNTQyNjRCODkzNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0SYfrr1+xueVY4oa3fFc7OMTf
cwvdDWP8TFY33xNeJr+aNHQxGRn7An2LXqXmzBy5U6f50NCLwGNnRHa/xikouVAc
LtMyWAZ8YJ3iB2RCSJGi9FKsXiV6M4lpvAnNZ8epPx530NzZQTqpo8s5YISdG/7O
+SBJfqmTZcqMB1W8CBO8d325pQimYjfWWcm6DNtwwxdomU73hGJ00Sd4O8pFG2UR
9w7UbxWMDaYCE1zf8rnWNHjyBOHVletexVAw0GrrIu9BIyV0nJfOh1WBk2t+vXLE
OqSwZPgA1S+/RDpSsPqyxXSXOkBn9Y3q1io+H+vv8UhW+q+ZQAcua1LGv7HPAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUtUWxE21dvPFJ9VBGiWn1QmS4k1AwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMTMzMzAyZTM2
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMyMzEzODMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
uYI/MA0GCSqGSIb3DQEBCwUAA4IBAQBkw6argT7/dlCkC35ZbmZn1cpn9ewfyH+9
pURbFRKeH8gAoEmG1oz/ZRP2iCw+JmECwxGeKq14bRoMqr5G5mzD0VMsZiU3jscg
BxC3liVM3QM4BafglCU8pPDZIOUTMDu3J0iz1KpeJtK+QAT0M+Ahy2hkW/+V5xy1
DY5bkEYui5EDTlx90sibyZqNZZsTc758yHvH6YNTSvYpy0OFzPQnW/HmsseTxknF
uGRg/ekb3/GtVB0OzyNWbK2NrflEmJaWktzcmifcU7f5SOru+T8OGJmd1Gt0whTo
3Lvpz7hbCEO9WqrDKQ14gdwXjf0e3g2zPk9PT/45OZu96YnPIViQ
-----END CERTIFICATE-----
Generated at Sat Jun 15 18:19:30 2024 by rpki-client on console-fra.rpki-client.org