Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37312e302f32342d3234203d3e203631333137.roa
File:                     3231332e3133392e37312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          EZylfov+7K8QPFtv2IUYm6ohl+UzGHPfuoTVapkH1p0=
Subject key identifier:   4E:ED:71:3A:59:DF:32:0A:84:6B:E2:F0:CC:C5:49:10:81:0D:F1:58
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       15EA4AF3C73A0A8AAE1DBD714E3C5F235A1AB153
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37312e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 27 Dec 2023 13:05:08 +0000
ROA not before:           Wed 27 Dec 2023 13:00:08 +0000
ROA not after:            Wed 25 Dec 2024 13:05:08 +0000
asID:                     61317
IP address blocks:        213.139.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ea:4a:f3:c7:3a:0a:8a:ae:1d:bd:71:4e:3c:5f:23:5a:1a:b1:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Dec 27 13:00:08 2023 GMT
            Not After : Dec 25 13:05:08 2024 GMT
        Subject: CN=4EED713A59DF320A846BE2F0CCC54910810DF158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2c:2b:a3:6a:f0:8b:04:5e:02:44:99:ac:e1:
                    d1:b0:9c:e9:41:cf:ce:6f:a8:34:24:b6:df:bf:81:
                    71:8b:df:4f:7b:9d:8a:d0:97:3f:2f:0f:61:d8:39:
                    1a:74:4e:cf:66:f3:6d:2e:f4:68:2c:fa:5a:d3:c6:
                    22:c9:9d:ca:8b:c0:39:7d:73:25:1e:6c:da:1f:27:
                    4c:da:71:06:81:a5:7c:80:78:c3:7c:82:55:02:6d:
                    57:0f:33:0e:dc:5e:21:cd:16:23:6c:3e:81:4f:4a:
                    01:7a:d2:da:7c:59:93:d4:df:b8:a9:e2:03:53:91:
                    a2:e2:b3:9f:de:3c:69:34:b3:21:21:e8:60:59:24:
                    b0:ea:52:2c:fd:9a:5b:18:b4:d7:fa:5d:21:ec:ba:
                    14:ff:89:d2:4c:b1:de:63:63:ae:b6:cf:b3:a3:d2:
                    1b:1d:ac:0d:6a:c1:4c:93:4b:13:73:d2:33:30:d6:
                    b1:b4:ea:68:6d:46:09:f9:f7:a6:79:0f:a7:77:d2:
                    c5:2a:68:03:f3:60:5a:24:3e:6e:78:bb:37:7e:46:
                    57:ee:55:38:da:c3:e6:ee:5f:95:de:86:3a:3c:ed:
                    d7:62:61:c8:27:1e:65:71:11:8d:65:96:0a:3f:7d:
                    83:a8:41:d4:62:2f:72:0e:56:16:91:01:c0:19:53:
                    0c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:ED:71:3A:59:DF:32:0A:84:6B:E2:F0:CC:C5:49:10:81:0D:F1:58
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:29:9c:97:e5:92:7c:74:b0:5e:ce:67:5e:8c:38:62:c8:46:
         01:2d:c3:75:25:d9:49:53:76:d0:7f:9c:2f:85:37:9f:16:23:
         1e:09:26:1b:70:d6:15:2a:81:f8:95:8e:18:a7:c3:95:57:7b:
         23:17:2a:e0:e0:43:02:f1:82:fb:9d:73:33:f4:0a:c3:b5:f7:
         fd:a8:e5:bd:b7:68:6b:74:8d:f8:92:58:f2:47:1b:57:73:0d:
         d0:6a:65:3f:fe:7e:8c:46:59:3b:9b:0f:ba:17:72:80:09:f5:
         fc:7a:13:c8:b0:99:ce:e5:b5:99:e2:a4:dc:a4:d9:f2:f9:f2:
         4b:f1:7f:ef:be:0e:2f:41:55:0a:64:d8:50:0e:f6:2e:42:63:
         7a:30:bf:ac:ba:f5:45:c8:e0:fb:d6:ed:7d:35:96:6d:7d:58:
         0c:0a:14:48:38:56:f2:b2:ed:90:75:7b:69:1a:f2:2f:1d:94:
         c3:75:e5:05:4b:c7:e1:80:dc:18:60:6c:1c:df:72:0f:3d:5c:
         47:1b:96:0c:08:7b:95:68:33:13:4f:70:64:95:40:b3:b4:56:
         49:2a:28:cc:2b:d3:f0:f6:a7:ee:7b:00:e1:54:33:8d:79:de:
         f3:9d:36:7c:ec:ab:c7:0f:d7:d9:c9:a0:69:14:70:1d:ec:33:
         af:5e:aa:4d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUFepK88c6CoquHb1xTjxfI1oasVMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yMzEyMjcxMzAwMDhaFw0yNDEyMjUxMzA1MDhaMDMxMTAvBgNV
BAMTKDRFRUQ3MTNBNTlERjMyMEE4NDZCRTJGMENDQzU0OTEwODEwREYxNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxLCujavCLBF4CRJms4dGwnOlB
z85vqDQktt+/gXGL3097nYrQlz8vD2HYORp0Ts9m820u9Ggs+lrTxiLJncqLwDl9
cyUebNofJ0zacQaBpXyAeMN8glUCbVcPMw7cXiHNFiNsPoFPSgF60tp8WZPU37ip
4gNTkaLis5/ePGk0syEh6GBZJLDqUiz9mlsYtNf6XSHsuhT/idJMsd5jY662z7Oj
0hsdrA1qwUyTSxNz0jMw1rG06mhtRgn596Z5D6d30sUqaAPzYFokPm54uzd+Rlfu
VTjaw+buX5Xehjo87ddiYcgnHmVxEY1llgo/fYOoQdRiL3IOVhaRAcAZUwxDAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUTu1xOlnfMgqEa+LwzMVJEIEN8VgwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM3
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
1YtHMA0GCSqGSIb3DQEBCwUAA4IBAQADKZyX5ZJ8dLBezmdejDhiyEYBLcN1JdlJ
U3bQf5wvhTefFiMeCSYbcNYVKoH4lY4Yp8OVV3sjFyrg4EMC8YL7nXMz9ArDtff9
qOW9t2hrdI34kljyRxtXcw3QamU//n6MRlk7mw+6F3KACfX8ehPIsJnO5bWZ4qTc
pNny+fJL8X/vvg4vQVUKZNhQDvYuQmN6ML+suvVFyOD71u19NZZtfVgMChRIOFby
su2QdXtpGvIvHZTDdeUFS8fhgNwYYGwc33IPPVxHG5YMCHuVaDMTT3BklUCztFZJ
KijMK9Pw9qfuewDhVDONed7znTZ87KvHD9fZyaBpFHAd7DOvXqpN
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:44:50 2024 by rpki-client on console-fra.rpki-client.org