Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231332e352e3132382e302f32342d3234203d3e20323131393735.roa
File:                     3231332e352e3132382e302f32342d3234203d3e20323131393735.roa (raw, json)
Hash identifier:          8lXKwWDRBMefXta5KGl/L18HTjSINd9NdqHOjZ6Yyeo=
Subject key identifier:   AC:67:F2:11:40:D6:7D:3F:BE:DD:ED:24:C9:E8:C2:75:5B:0B:E6:C1
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       39216086B8F815A7C25039B663D4D2249777667C
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231332e352e3132382e302f32342d3234203d3e20323131393735.roa
Signing time:             Thu 28 Mar 2024 19:27:49 +0000
ROA not before:           Thu 28 Mar 2024 19:22:49 +0000
ROA not after:            Thu 27 Mar 2025 19:27:49 +0000
asID:                     211975
IP address blocks:        213.5.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:21:60:86:b8:f8:15:a7:c2:50:39:b6:63:d4:d2:24:97:77:66:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Mar 28 19:22:49 2024 GMT
            Not After : Mar 27 19:27:49 2025 GMT
        Subject: CN=AC67F21140D67D3FBEDDED24C9E8C2755B0BE6C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:26:2f:f4:e9:7c:3c:04:fb:04:b2:e9:2f:ec:
                    16:4a:a4:99:70:d0:2d:47:d2:9e:03:1c:a4:59:dc:
                    f1:45:c4:b1:70:0e:7e:7a:58:92:9f:75:c2:10:ae:
                    fb:07:c2:98:4e:cf:7e:40:8d:2a:fb:ce:98:8a:ce:
                    a8:bf:03:47:44:89:b0:92:39:07:ab:6a:47:54:47:
                    50:84:7b:9a:2b:be:1b:54:27:ec:e0:29:28:23:fc:
                    7e:57:72:1e:b8:eb:08:fd:b3:79:5f:d2:97:02:15:
                    18:6e:4b:9f:01:ba:93:f7:4b:cd:e7:50:33:3b:d8:
                    f3:fe:dd:d4:3e:98:98:8b:52:be:81:49:d0:e3:34:
                    89:89:fc:7b:18:3e:4a:cd:f1:58:62:02:22:04:a4:
                    2d:4c:22:31:94:40:5b:fa:b8:9f:81:1a:9a:7d:25:
                    b2:b0:59:38:c4:61:b6:6e:ab:50:4c:d4:62:ff:16:
                    89:82:dd:e9:f8:79:d1:9b:b4:b0:b5:e4:9e:00:8f:
                    ba:00:0e:79:24:78:03:75:f9:d1:c3:e9:18:e7:cf:
                    4f:e9:1d:2a:74:1f:ca:28:c5:cb:d1:42:36:1b:e0:
                    d9:23:45:f9:2d:03:fb:f2:1b:53:29:a7:a3:a5:87:
                    80:dd:c7:45:47:67:4f:24:77:31:ba:0e:40:aa:4c:
                    c6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:67:F2:11:40:D6:7D:3F:BE:DD:ED:24:C9:E8:C2:75:5B:0B:E6:C1
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231332e352e3132382e302f32342d3234203d3e20323131393735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.5.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:64:c5:a7:0c:fc:0b:e8:e5:c1:c8:10:05:b8:d8:0d:66:de:
         c6:fd:19:91:31:82:93:7a:7c:4d:da:17:07:58:3a:45:b0:d5:
         81:b2:98:a2:42:51:18:2e:90:fd:dd:e4:28:80:67:f4:bc:d3:
         02:94:7e:1b:5d:3c:f5:f1:62:6c:4f:8c:c7:76:80:a6:fd:44:
         b6:c9:06:1c:d2:9c:9c:93:57:2a:f3:3e:77:09:26:ab:e1:d0:
         0f:25:d7:21:01:95:cc:d6:af:79:31:f1:b4:c3:4c:b2:6d:2a:
         cc:55:15:cd:24:b5:6a:db:03:93:f2:38:8d:56:ca:b2:d3:2c:
         58:4f:ea:41:72:c2:19:ef:50:7a:88:4f:1a:ba:74:de:e5:49:
         39:a3:35:78:e0:23:b8:6f:0b:ba:78:3b:51:29:e0:26:a9:4f:
         c6:f7:02:a3:7e:55:27:f4:ff:44:01:1a:c7:da:58:09:a0:20:
         3a:77:03:2f:5b:8e:28:a2:6f:b9:3c:33:fe:2b:22:46:54:da:
         13:cc:5d:f0:9b:00:87:00:98:37:72:15:92:a7:a9:f8:5c:38:
         fe:38:96:99:87:30:92:3d:da:1c:17:8f:01:72:49:58:a7:40:
         73:e8:b0:a7:6b:8a:78:b1:47:45:f4:47:d7:79:ca:b7:cc:f1:
         b3:64:82:56
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUOSFghrj4FafCUDm2Y9TSJJd3ZnwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDAzMjgxOTIyNDlaFw0yNTAzMjcxOTI3NDlaMDMxMTAvBgNV
BAMTKEFDNjdGMjExNDBENjdEM0ZCRURERUQyNEM5RThDMjc1NUIwQkU2QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJi/06Xw8BPsEsukv7BZKpJlw
0C1H0p4DHKRZ3PFFxLFwDn56WJKfdcIQrvsHwphOz35AjSr7zpiKzqi/A0dEibCS
OQerakdUR1CEe5orvhtUJ+zgKSgj/H5Xch646wj9s3lf0pcCFRhuS58BupP3S83n
UDM72PP+3dQ+mJiLUr6BSdDjNImJ/HsYPkrN8VhiAiIEpC1MIjGUQFv6uJ+BGpp9
JbKwWTjEYbZuq1BM1GL/FomC3en4edGbtLC15J4Aj7oADnkkeAN1+dHD6Rjnz0/p
HSp0H8ooxcvRQjYb4NkjRfktA/vyG1Mpp6Olh4Ddx0VHZ08kdzG6DkCqTMaxAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUrGfyEUDWfT++3e0kyejCdVsL5sEwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIzMTMzMmUzNTJlMzEzMjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMxMzkzNzM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
1QWAMA0GCSqGSIb3DQEBCwUAA4IBAQAiZMWnDPwL6OXByBAFuNgNZt7G/RmRMYKT
enxN2hcHWDpFsNWBspiiQlEYLpD93eQogGf0vNMClH4bXTz18WJsT4zHdoCm/US2
yQYc0pyck1cq8z53CSar4dAPJdchAZXM1q95MfG0w0yybSrMVRXNJLVq2wOT8jiN
Vsqy0yxYT+pBcsIZ71B6iE8aunTe5Uk5ozV44CO4bwu6eDtRKeAmqU/G9wKjflUn
9P9EARrH2lgJoCA6dwMvW44oom+5PDP+KyJGVNoTzF3wmwCHAJg3chWSp6n4XDj+
OJaZhzCSPdocF48BcklYp0Bz6LCna4p4sUdF9EfXecq3zPGzZIJW
-----END CERTIFICATE-----
Generated at Mon Jun 17 21:59:55 2024 by rpki-client on console-fra.rpki-client.org