Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39302e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e39302e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          cv7c938TG1TrAJ4WxpMEnrJuipZuwdL8o32jtRflF/0=
Subject key identifier:   FA:23:88:BB:49:A1:87:E6:25:A6:1A:BD:9A:62:12:A9:69:BC:1A:A7
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       2BBD5452539C2440E159D122B22C4D4574C0394B
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39302e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 21 May 2024 08:14:48 +0000
ROA not before:           Tue 21 May 2024 08:09:48 +0000
ROA not after:            Tue 20 May 2025 08:14:48 +0000
asID:                     9009
IP address blocks:        213.139.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:bd:54:52:53:9c:24:40:e1:59:d1:22:b2:2c:4d:45:74:c0:39:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 21 08:09:48 2024 GMT
            Not After : May 20 08:14:48 2025 GMT
        Subject: CN=FA2388BB49A187E625A61ABD9A6212A969BC1AA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:d1:63:38:13:62:c8:9d:c7:9a:ef:fc:17:5c:
                    3d:7b:cc:35:87:95:34:95:44:6c:f7:db:9a:5e:60:
                    e5:c7:7d:5e:bb:65:3b:43:25:40:cf:1c:40:c3:be:
                    91:12:ce:9f:be:82:f4:dc:10:6e:1d:dc:dd:c3:d4:
                    a7:cf:3b:af:71:00:39:3a:c5:50:e9:c8:a2:3e:17:
                    75:04:6b:28:40:4d:ee:43:67:95:19:cb:a9:f9:16:
                    58:17:25:86:d2:b3:24:cb:4d:ce:9b:2e:8a:2b:67:
                    f4:b7:6c:a0:2c:88:27:a1:e9:93:f4:b9:54:2d:cc:
                    a8:91:06:fd:8f:d2:22:6f:48:23:b8:b8:f6:cf:4c:
                    e2:4c:94:fd:9c:60:48:dc:96:d4:95:c3:e4:11:10:
                    de:89:04:28:c1:66:c4:48:7a:0c:4e:df:da:dd:53:
                    8a:84:1e:5c:35:a4:d3:9e:29:97:c2:bc:4b:65:12:
                    d6:28:f1:f4:77:3c:ae:06:93:44:ad:9f:62:c1:7c:
                    4d:21:d7:d9:f5:a4:82:a7:33:4b:bb:95:a8:b6:d4:
                    c2:78:07:00:38:ff:1d:7f:cf:1f:f0:f9:b7:84:6f:
                    b7:26:13:93:e8:b3:90:72:29:f8:d4:28:91:a3:29:
                    07:59:10:fa:f4:f0:b9:05:02:27:48:b0:70:5f:c0:
                    a2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:23:88:BB:49:A1:87:E6:25:A6:1A:BD:9A:62:12:A9:69:BC:1A:A7
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39302e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:ea:07:0a:34:0c:43:0c:62:20:c8:37:34:07:e4:80:ff:38:
         db:92:77:42:4f:97:ad:33:db:4a:fe:ec:21:4d:12:fd:68:40:
         85:8c:6c:96:46:c1:92:2e:41:dd:f9:9c:e5:49:2e:0f:95:06:
         d7:83:db:b2:a9:de:e0:68:7c:73:b3:92:35:cd:70:96:ba:eb:
         9b:9f:30:7e:34:90:21:4a:90:17:4d:e3:b9:dc:59:9f:4c:73:
         7d:b9:61:d2:d7:45:96:c1:34:97:5c:08:e8:ec:96:b4:62:81:
         da:2a:a9:82:c7:f0:84:46:6c:c9:44:19:61:56:06:4d:06:97:
         83:0a:98:7f:ea:9f:85:cb:03:a4:f5:2b:79:30:f1:ba:00:21:
         06:00:9c:7e:9e:e7:b5:6c:3f:8c:85:9e:f5:c1:d3:2b:e6:83:
         f6:41:d8:b8:e3:eb:03:a2:da:bf:a7:49:26:30:80:be:2a:d5:
         ca:6b:11:02:2a:e6:b1:6e:2f:46:cb:02:d7:2b:fd:7c:7d:d0:
         b2:12:35:05:ac:e5:df:55:17:83:37:3b:48:2b:5f:eb:ad:68:
         03:9b:9e:ed:28:6e:68:ff:47:ba:f4:94:86:0a:cb:24:26:f9:
         74:65:b5:64:c7:10:1c:9e:0f:b3:07:b1:cd:0b:ae:83:d8:a3:
         89:69:2f:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK71UUlOcJEDhWdEisixNRXTAOUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MjEwODA5NDhaFw0yNTA1MjAwODE0NDhaMDMxMTAvBgNV
BAMTKEZBMjM4OEJCNDlBMTg3RTYyNUE2MUFCRDlBNjIxMkE5NjlCQzFBQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD20WM4E2LIncea7/wXXD17zDWH
lTSVRGz325peYOXHfV67ZTtDJUDPHEDDvpESzp++gvTcEG4d3N3D1KfPO69xADk6
xVDpyKI+F3UEayhATe5DZ5UZy6n5FlgXJYbSsyTLTc6bLoorZ/S3bKAsiCeh6ZP0
uVQtzKiRBv2P0iJvSCO4uPbPTOJMlP2cYEjcltSVw+QREN6JBCjBZsRIegxO39rd
U4qEHlw1pNOeKZfCvEtlEtYo8fR3PK4Gk0Stn2LBfE0h19n1pIKnM0u7lai21MJ4
BwA4/x1/zx/w+beEb7cmE5Pos5ByKfjUKJGjKQdZEPr08LkFAidIsHBfwKLpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+iOIu0mhh+Ylphq9mmISqWm8GqcwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
WjANBgkqhkiG9w0BAQsFAAOCAQEAT+oHCjQMQwxiIMg3NAfkgP8425J3Qk+XrTPb
Sv7sIU0S/WhAhYxslkbBki5B3fmc5UkuD5UG14Pbsqne4Gh8c7OSNc1wlrrrm58w
fjSQIUqQF03judxZn0xzfblh0tdFlsE0l1wI6OyWtGKB2iqpgsfwhEZsyUQZYVYG
TQaXgwqYf+qfhcsDpPUreTDxugAhBgCcfp7ntWw/jIWe9cHTK+aD9kHYuOPrA6La
v6dJJjCAvirVymsRAirmsW4vRssC1yv9fH3QshI1Bazl31UXgzc7SCtf661oA5ue
7ShuaP9HuvSUhgrLJCb5dGW1ZMcQHJ4PswexzQuug9ijiWkvRA==
-----END CERTIFICATE-----
Generated at Sun Nov 24 10:00:15 2024 by rpki-client on console-ams.rpki-client.org