Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS13213.roa
File:                     AS13213.roa (raw, json)
Hash identifier:          fLyzad/wKJTn2Dye5cUTCIqs1oZFGp7uo/DI/EXB97Y=
Subject key identifier:   CE:59:B4:C7:87:E7:D5:DD:5B:E5:88:9A:A0:C9:D5:19:23:2E:AE:52
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       416DEB6F60B20388B887DD5C49CF4A6B7EC30CD8
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS13213.roa
Signing time:             Mon 18 Nov 2024 15:47:37 +0000
ROA not before:           Mon 18 Nov 2024 15:42:37 +0000
ROA not after:            Mon 17 Nov 2025 15:47:37 +0000
asID:                     13213
IP address blocks:        46.202.2.0/24 maxlen: 24
                          92.113.54.0/24 maxlen: 24
                          92.113.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:6d:eb:6f:60:b2:03:88:b8:87:dd:5c:49:cf:4a:6b:7e:c3:0c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 18 15:42:37 2024 GMT
            Not After : Nov 17 15:47:37 2025 GMT
        Subject: CN=CE59B4C787E7D5DD5BE5889AA0C9D519232EAE52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7b:44:4b:8a:7b:b9:13:8e:49:79:d8:91:e0:
                    66:ed:ab:74:12:7e:5e:9f:cf:31:04:5d:7f:1f:11:
                    13:a4:85:2f:33:c4:97:af:69:1f:7b:c7:62:67:5d:
                    89:0a:eb:6a:b2:57:35:b5:a2:e4:ca:c8:49:b9:87:
                    d3:95:40:6f:6d:d7:e2:0a:d8:03:c0:a2:d3:06:36:
                    2e:ee:33:e3:90:c3:fc:52:2d:a8:80:97:4b:29:c8:
                    74:b4:6b:49:f3:ce:5a:23:49:46:2a:45:40:a9:23:
                    4b:15:19:f3:de:9d:0e:32:7f:62:16:6f:ab:75:28:
                    79:79:a9:9a:ae:52:b5:67:af:5c:b6:fa:84:0d:b5:
                    18:67:93:bb:01:24:a4:94:a4:ec:93:b6:3f:b2:87:
                    ec:99:06:cb:19:69:a5:7f:09:8c:b9:fc:1d:bc:49:
                    ad:04:ed:36:01:3f:56:45:88:ae:9a:2c:1b:b9:1b:
                    26:38:65:29:41:f4:fc:2e:53:a5:21:44:ba:ae:72:
                    40:77:75:9b:92:f6:cd:fa:e2:ac:b5:ef:b2:1a:2b:
                    4b:a2:db:38:b9:64:51:82:f5:2a:f7:39:05:35:6f:
                    cc:20:9e:f4:08:6a:50:4f:ed:af:6b:aa:d5:74:6e:
                    43:1f:30:06:b4:94:93:ba:58:22:56:b7:e4:5c:77:
                    7c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:59:B4:C7:87:E7:D5:DD:5B:E5:88:9A:A0:C9:D5:19:23:2E:AE:52
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS13213.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.2.0/24
                  92.113.54.0/24
                  92.113.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a7:6c:0e:10:e7:f1:c1:89:94:91:88:ea:60:db:a3:12:56:
         9a:f4:6a:9c:c4:b7:6d:e7:e6:be:4a:76:d6:97:06:7e:0b:d6:
         89:f0:14:bb:d0:f4:e2:19:6e:e7:b1:16:11:1d:a4:77:0c:49:
         10:31:1a:73:dd:e9:1f:6a:8b:ac:6d:4a:d2:35:4e:cd:c8:29:
         89:9a:3e:20:7b:e3:79:48:2e:0b:a5:e9:86:ea:46:02:11:ee:
         45:e8:f7:cc:8f:82:1f:1b:e4:89:22:47:73:2c:76:9e:83:46:
         b8:e6:d7:e9:5f:7d:56:ac:80:96:07:06:45:d9:e0:7a:f9:95:
         70:36:40:81:36:2d:68:a3:a0:ba:ca:ad:ec:9c:54:6d:59:29:
         b2:ed:9b:62:b0:a1:2a:38:57:eb:e9:4a:47:2e:a5:96:ac:42:
         82:84:bd:dc:4e:8d:f6:16:8d:b9:ec:9b:8a:cd:ea:a9:34:b6:
         4b:9b:9f:6f:46:61:13:7e:0e:48:a3:ae:af:e8:a0:75:c9:55:
         c0:0b:43:b4:53:2e:c2:52:20:66:fb:96:8c:ee:5a:0f:0d:d3:
         1e:43:65:b7:02:aa:22:41:dc:51:d0:88:61:a9:77:41:5c:eb:
         5e:92:ad:0d:64:54:6c:2d:8d:c0:5a:a4:e2:a4:b3:f0:35:96:
         bc:c1:db:63
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUQW3rb2CyA4i4h91cSc9Ka37DDNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMTgxNTQyMzdaFw0yNTExMTcxNTQ3MzdaMDMxMTAvBgNV
BAMTKENFNTlCNEM3ODdFN0Q1REQ1QkU1ODg5QUEwQzlENTE5MjMyRUFFNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6e0RLinu5E45JediR4Gbtq3QS
fl6fzzEEXX8fEROkhS8zxJevaR97x2JnXYkK62qyVzW1ouTKyEm5h9OVQG9t1+IK
2APAotMGNi7uM+OQw/xSLaiAl0spyHS0a0nzzlojSUYqRUCpI0sVGfPenQ4yf2IW
b6t1KHl5qZquUrVnr1y2+oQNtRhnk7sBJKSUpOyTtj+yh+yZBssZaaV/CYy5/B28
Sa0E7TYBP1ZFiK6aLBu5GyY4ZSlB9PwuU6UhRLquckB3dZuS9s364qy177IaK0ui
2zi5ZFGC9Sr3OQU1b8wgnvQIalBP7a9rqtV0bkMfMAa0lJO6WCJWt+Rcd3yhAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUzlm0x4fn1d1b5YiaoMnVGSMurlIwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTMyMTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAuygID
BABccTYDBABccUAwDQYJKoZIhvcNAQELBQADggEBAJqnbA4Q5/HBiZSRiOpg26MS
Vpr0apzEt23n5r5KdtaXBn4L1onwFLvQ9OIZbuexFhEdpHcMSRAxGnPd6R9qi6xt
StI1Ts3IKYmaPiB743lILgul6YbqRgIR7kXo98yPgh8b5IkiR3Msdp6DRrjm1+lf
fVasgJYHBkXZ4Hr5lXA2QIE2LWijoLrKreycVG1ZKbLtm2KwoSo4V+vpSkcupZas
QoKEvdxOjfYWjbnsm4rN6qk0tkubn29GYRN+Dkijrq/ooHXJVcALQ7RTLsJSIGb7
lozuWg8N0x5DZbcCqiJB3FHQiGGpd0Fc616SrQ1kVGwtjcBapOKks/A1lrzB22M=
-----END CERTIFICATE-----