Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37362e302f32342d3234203d3e20323132333834.roa
File:                     3231332e3133392e37362e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier:          h3bOznzQazMxnAj63lKiHhJJlraY2HH+h7VBdxrnanU=
Subject key identifier:   83:10:FA:3A:60:D5:06:9F:DE:13:05:8A:9C:8F:51:EF:30:30:C7:D7
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       5FB1EAE2D1092535E019256B424E267F8C7FE991
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37362e302f32342d3234203d3e20323132333834.roa
Signing time:             Thu 07 Mar 2024 07:17:04 +0000
ROA not before:           Thu 07 Mar 2024 07:12:04 +0000
ROA not after:            Thu 06 Mar 2025 07:17:04 +0000
asID:                     212384
IP address blocks:        213.139.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:b1:ea:e2:d1:09:25:35:e0:19:25:6b:42:4e:26:7f:8c:7f:e9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar  7 07:12:04 2024 GMT
            Not After : Mar  6 07:17:04 2025 GMT
        Subject: CN=8310FA3A60D5069FDE13058A9C8F51EF3030C7D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:ba:d0:d6:d7:26:a1:ef:3b:b9:c9:70:c6:56:
                    72:de:9a:1c:78:b8:80:78:0c:e4:ec:3a:0b:d3:2c:
                    02:ca:3d:65:4f:11:6e:96:6d:f1:f9:9d:e8:e6:db:
                    04:78:e8:17:3f:ba:2e:f3:c6:b8:6d:dd:f9:4d:f6:
                    e1:25:93:1b:82:52:4a:18:3e:cc:d4:d7:c6:be:ae:
                    f2:d3:be:7d:66:26:c8:0b:e1:5a:62:bd:bf:bc:14:
                    5a:df:9c:f7:8e:ec:d4:41:b6:87:0b:42:0d:ba:fd:
                    1a:2a:f4:cc:0c:31:25:42:51:3a:58:a6:22:58:43:
                    d5:91:57:e6:2c:43:14:6a:91:be:47:08:6c:38:0a:
                    62:d0:ab:e1:d4:4a:d0:b9:a9:16:70:f1:dc:c9:ed:
                    9d:bb:2d:c4:ba:24:89:7b:be:d0:d9:f6:ed:9b:01:
                    c1:5b:b7:69:d2:df:2e:45:18:7e:8a:19:e3:c9:20:
                    6a:b2:34:85:a9:8d:20:98:6e:63:de:80:9f:1a:55:
                    0a:e6:88:92:3c:02:6e:14:26:9d:a6:e4:d4:90:9b:
                    67:8e:83:58:c2:cd:23:03:27:bc:7c:05:80:22:db:
                    93:85:93:6d:33:b0:38:f9:27:8d:53:13:25:8e:ec:
                    3a:4f:a2:fb:53:db:25:d4:f5:75:d2:85:a7:de:fa:
                    d3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:10:FA:3A:60:D5:06:9F:DE:13:05:8A:9C:8F:51:EF:30:30:C7:D7
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37362e302f32342d3234203d3e20323132333834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:e4:cb:74:ff:3c:d8:34:e7:1f:ba:54:1c:eb:b6:be:90:c4:
         00:31:c5:98:3a:d4:ee:4c:b8:c5:83:d1:71:7d:1b:24:bc:82:
         0d:8b:74:79:aa:44:c8:44:e7:4d:b5:48:7e:13:0f:e1:d6:16:
         81:ea:70:5f:2f:3b:35:e0:77:e3:e9:ef:6f:9d:38:aa:9b:e6:
         48:f5:29:f3:db:4a:f5:2e:cf:5d:a7:15:d5:3e:16:d6:55:6e:
         f4:fe:ff:a8:1f:cd:40:92:97:a9:a0:5e:b0:7b:79:27:31:15:
         38:1e:ae:3d:a3:de:21:0c:54:05:81:ad:be:14:e6:c3:fe:1f:
         a2:70:73:c7:6f:d0:4c:c7:bb:38:2b:18:e7:de:24:f0:a2:ee:
         23:d9:e5:5a:38:10:d9:34:ab:53:a9:34:79:6b:89:56:99:96:
         3f:87:9c:38:7c:d7:a4:9d:8a:29:4d:57:95:18:64:43:9f:57:
         27:9e:4d:72:2a:ed:13:b0:7c:9b:ba:be:8c:6a:4c:bb:78:41:
         e1:3b:c2:d4:f8:52:0f:25:f7:1b:b9:db:10:ed:62:dd:9b:07:
         22:d5:31:50:08:3b:8f:6f:ba:bc:b7:aa:ba:13:83:9a:d2:9d:
         01:c7:14:49:0b:a0:2e:48:14:72:e2:a9:42:50:b9:4a:3b:e4:
         98:9b:41:58
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUX7Hq4tEJJTXgGSVrQk4mf4x/6ZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDAzMDcwNzEyMDRaFw0yNTAzMDYwNzE3MDRaMDMxMTAvBgNV
BAMTKDgzMTBGQTNBNjBENTA2OUZERTEzMDU4QTlDOEY1MUVGMzAzMEM3RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6utDW1yah7zu5yXDGVnLemhx4
uIB4DOTsOgvTLALKPWVPEW6WbfH5nejm2wR46Bc/ui7zxrht3flN9uElkxuCUkoY
PszU18a+rvLTvn1mJsgL4Vpivb+8FFrfnPeO7NRBtocLQg26/Roq9MwMMSVCUTpY
piJYQ9WRV+YsQxRqkb5HCGw4CmLQq+HUStC5qRZw8dzJ7Z27LcS6JIl7vtDZ9u2b
AcFbt2nS3y5FGH6KGePJIGqyNIWpjSCYbmPegJ8aVQrmiJI8Am4UJp2m5NSQm2eO
g1jCzSMDJ7x8BYAi25OFk20zsDj5J41TEyWO7DpPovtT2yXU9XXShafe+tO7AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUgxD6OmDVBp/eEwWKnI9R7zAwx9cwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM3
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMzM4MzQucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADVi0wwDQYJKoZIhvcNAQELBQADggEBAIHky3T/PNg05x+6VBzrtr6QxAAxxZg6
1O5MuMWD0XF9GyS8gg2LdHmqRMhE5021SH4TD+HWFoHqcF8vOzXgd+Pp72+dOKqb
5kj1KfPbSvUuz12nFdU+FtZVbvT+/6gfzUCSl6mgXrB7eScxFTgerj2j3iEMVAWB
rb4U5sP+H6Jwc8dv0EzHuzgrGOfeJPCi7iPZ5Vo4ENk0q1OpNHlriVaZlj+HnDh8
16SdiilNV5UYZEOfVyeeTXIq7ROwfJu6voxqTLt4QeE7wtT4Ug8l9xu52xDtYt2b
ByLVMVAIO49vury3qroTg5rSnQHHFEkLoC5IFHLiqUJQuUo75JibQVg=
-----END CERTIFICATE-----
Generated at Sun Nov 24 09:11:58 2024 by rpki-client on console-fra.rpki-client.org