Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20313938383833.roa
File:                     3133302e3139332e37352e302f32342d3234203d3e20313938383833.roa (raw, json)
Hash identifier:          /ccO/PHW3+UCENLL/402ef3ih83C4VxuVWOsTM4kxcY=
Subject key identifier:   9B:53:64:E8:FF:22:97:D9:52:3E:B5:3A:67:7C:6B:51:88:E0:BF:18
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       3B5EE0AFB845A51C0F914FE26C16447DF66F6E46
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20313938383833.roa
Signing time:             Tue 27 Aug 2024 02:05:19 +0000
ROA not before:           Tue 27 Aug 2024 02:00:19 +0000
ROA not after:            Tue 26 Aug 2025 02:05:19 +0000
asID:                     198883
IP address blocks:        130.193.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:5e:e0:af:b8:45:a5:1c:0f:91:4f:e2:6c:16:44:7d:f6:6f:6e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Aug 27 02:00:19 2024 GMT
            Not After : Aug 26 02:05:19 2025 GMT
        Subject: CN=9B5364E8FF2297D9523EB53A677C6B5188E0BF18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d3:1f:40:8f:d3:94:09:0b:4d:0b:30:bb:98:
                    4b:bb:34:34:e3:48:69:ed:72:88:2c:70:ec:57:f0:
                    56:ea:d2:f6:41:1f:31:49:7e:57:e3:ad:22:51:f4:
                    5d:5f:53:f2:aa:a2:1d:ab:99:7e:95:a6:93:7e:13:
                    76:3d:d3:1f:78:55:43:41:04:97:64:da:3d:f9:b3:
                    14:b5:d5:15:10:09:22:5d:d0:92:34:62:b1:15:82:
                    ab:6b:b3:1d:d0:b5:17:31:c1:19:39:e0:46:5d:7d:
                    93:26:f5:7b:49:12:fe:f7:d8:6b:0d:cb:a4:5f:dd:
                    f9:b4:cf:f2:ba:86:ce:46:44:bd:bf:56:f4:e3:dd:
                    a7:3e:b1:c5:7e:aa:12:58:fb:d1:b6:a5:be:d7:ff:
                    4e:f1:5f:66:0a:56:7f:3b:ad:f1:65:13:2d:c9:15:
                    11:b5:32:95:8f:da:fa:ba:d7:e6:89:78:e7:7b:e3:
                    d3:63:7d:dc:a1:bc:ef:67:74:e4:f1:e7:eb:c4:89:
                    6a:0c:88:60:7b:fc:8d:ce:67:64:35:99:01:e4:38:
                    51:63:7e:c8:c3:f7:8c:d6:d9:4d:c7:4f:33:c0:45:
                    27:62:d6:2b:be:65:e1:ff:68:b5:3d:de:11:45:b7:
                    49:43:39:5b:5d:df:53:4f:a5:6a:88:3c:18:34:0c:
                    1d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:53:64:E8:FF:22:97:D9:52:3E:B5:3A:67:7C:6B:51:88:E0:BF:18
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20313938383833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:08:1e:cc:f8:13:28:63:47:81:2f:a1:9f:8d:62:58:8f:27:
         6b:93:74:e3:36:c2:46:56:04:b2:c9:ef:5c:78:ab:95:47:a7:
         0c:d3:33:24:95:07:fe:83:9b:14:5a:08:02:c4:0e:aa:a5:c0:
         a4:12:68:e0:90:4c:96:ca:28:19:c5:05:6c:ee:29:ef:68:e2:
         cd:8d:d2:bd:85:43:75:91:a9:8e:54:93:d6:40:1e:b5:4f:06:
         62:d3:28:48:4e:d6:95:cf:73:f1:8a:ea:bd:12:7d:db:f6:94:
         1c:2e:bd:d2:30:46:ee:e8:42:5f:f5:7f:09:74:87:98:17:ed:
         e6:68:c6:8e:2b:2b:43:ee:de:92:8f:4d:ad:57:f0:6c:5d:89:
         96:fc:f7:50:c2:08:4c:a8:de:c1:33:88:e6:4c:43:87:6e:79:
         22:2c:f1:54:d6:ff:f5:8e:cf:0a:21:03:2b:2b:9f:eb:4d:c1:
         36:68:d5:aa:d9:e6:7f:b1:b9:1e:9d:7a:b0:9b:4d:1a:85:79:
         b7:4e:64:83:9b:58:40:e6:73:bf:c1:dd:ca:21:92:10:2a:69:
         8b:15:ba:f9:2d:d1:07:c4:dd:04:c2:7f:48:7f:e7:b5:d4:b8:
         5f:00:b0:fb:8a:de:1f:98:b9:87:78:d3:43:29:94:29:f0:12:
         cd:1f:84:c2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUO17gr7hFpRwPkU/ibBZEffZvbkYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA4MjcwMjAwMTlaFw0yNTA4MjYwMjA1MTlaMDMxMTAvBgNV
BAMTKDlCNTM2NEU4RkYyMjk3RDk1MjNFQjUzQTY3N0M2QjUxODhFMEJGMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC90x9Aj9OUCQtNCzC7mEu7NDTj
SGntcogscOxX8Fbq0vZBHzFJflfjrSJR9F1fU/Kqoh2rmX6VppN+E3Y90x94VUNB
BJdk2j35sxS11RUQCSJd0JI0YrEVgqtrsx3QtRcxwRk54EZdfZMm9XtJEv732GsN
y6Rf3fm0z/K6hs5GRL2/VvTj3ac+scV+qhJY+9G2pb7X/07xX2YKVn87rfFlEy3J
FRG1MpWP2vq61+aJeOd749NjfdyhvO9ndOTx5+vEiWoMiGB7/I3OZ2Q1mQHkOFFj
fsjD94zW2U3HTzPARSdi1iu+ZeH/aLU93hFFt0lDOVtd31NPpWqIPBg0DB2FAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUm1Nk6P8il9lSPrU6Z3xrUYjgvxgwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzMzMwMmUzMTM5MzMyZTM3
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM5MzgzODM4MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACCwUswDQYJKoZIhvcNAQELBQADggEBACEIHsz4EyhjR4EvoZ+NYliPJ2uTdOM2
wkZWBLLJ71x4q5VHpwzTMySVB/6DmxRaCALEDqqlwKQSaOCQTJbKKBnFBWzuKe9o
4s2N0r2FQ3WRqY5Uk9ZAHrVPBmLTKEhO1pXPc/GK6r0Sfdv2lBwuvdIwRu7oQl/1
fwl0h5gX7eZoxo4rK0Pu3pKPTa1X8GxdiZb891DCCEyo3sEziOZMQ4dueSIs8VTW
//WOzwohAysrn+tNwTZo1arZ5n+xuR6derCbTRqFebdOZIObWEDmc7/B3cohkhAq
aYsVuvkt0QfE3QTCf0h/57XUuF8AsPuK3h+YuYd400MplCnwEs0fhMI=
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org