Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323132383135.roa
File:                     3133302e3139332e37352e302f32342d3234203d3e20323132383135.roa (raw, json)
Hash identifier:          zHC88T/k2yERlRpPUSJd+i9oPxlBG0BZSsU2UENS6jw=
Subject key identifier:   E4:37:8D:CD:4B:C0:4F:8E:11:9F:7A:56:63:94:99:8E:E3:0B:32:DA
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       5A61A02CCFFAAF95ECBB197FE55FE59ED93AB9D6
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323132383135.roa
Signing time:             Thu 19 Sep 2024 09:43:19 +0000
ROA not before:           Thu 19 Sep 2024 09:38:19 +0000
ROA not after:            Thu 18 Sep 2025 09:43:19 +0000
asID:                     212815
IP address blocks:        130.193.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:61:a0:2c:cf:fa:af:95:ec:bb:19:7f:e5:5f:e5:9e:d9:3a:b9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Sep 19 09:38:19 2024 GMT
            Not After : Sep 18 09:43:19 2025 GMT
        Subject: CN=E4378DCD4BC04F8E119F7A566394998EE30B32DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:93:f9:2a:88:de:99:d2:3f:0b:63:65:65:e2:
                    a5:85:90:80:f8:2e:8f:4a:51:ed:7d:b1:6d:9a:d3:
                    6a:e6:bd:22:68:3e:d1:1a:bc:3f:8f:4a:34:35:a1:
                    26:36:fe:16:a7:96:ce:b5:de:50:8f:86:19:a5:3f:
                    dc:98:95:ea:14:36:e9:9c:26:62:82:71:06:aa:6e:
                    34:8f:c6:6a:3b:ac:7e:58:d8:b7:e6:62:1a:bd:18:
                    8f:63:19:89:2c:52:8c:da:d9:be:7f:b0:20:3d:d0:
                    a8:c6:26:fa:ca:1d:1d:bd:0d:10:61:34:50:7e:87:
                    e6:a6:da:4a:99:6e:f9:f8:3f:02:b9:2f:2c:a4:0f:
                    e3:e1:52:da:64:3c:31:8a:51:01:f8:1d:0d:f2:4b:
                    68:85:55:d6:1b:98:4d:e3:10:f5:2e:97:2b:5b:61:
                    2d:f4:49:37:b9:d5:56:47:a9:4d:a3:55:0f:50:d3:
                    58:ad:01:96:42:54:1c:07:29:78:7d:28:7f:4f:75:
                    9a:74:9f:b2:46:d5:d9:7c:42:11:a6:9b:e8:c6:30:
                    8d:c7:a1:ca:54:4f:59:ad:16:e9:43:13:01:07:4a:
                    ef:db:18:fa:2d:ec:20:69:7a:ce:b7:c3:32:bf:ad:
                    7e:e5:87:5a:03:a3:ed:75:0d:3d:f8:ba:c0:f8:3c:
                    9f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:37:8D:CD:4B:C0:4F:8E:11:9F:7A:56:63:94:99:8E:E3:0B:32:DA
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323132383135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:d2:fc:b6:7f:c4:95:b4:9b:c8:40:eb:b2:e8:d0:72:ee:cc:
         a2:f4:c8:67:a7:9c:30:01:03:76:ea:bb:8e:37:34:fd:18:63:
         43:a7:bf:5b:c3:94:16:ab:6c:5e:b5:57:39:79:ca:b3:bb:f0:
         d7:ba:1b:ba:99:cb:a9:54:fd:d9:b9:48:3c:78:fc:65:17:01:
         90:2e:76:9b:57:06:55:89:c1:41:43:0a:0d:fd:bb:01:d3:cb:
         41:57:dc:8e:19:ae:0d:09:48:63:f4:05:be:6d:97:2f:7a:91:
         d6:13:cb:49:57:e6:95:2a:15:31:b3:bf:42:7c:20:37:e6:c6:
         95:7a:42:30:20:5d:60:cd:6d:77:de:b2:e4:57:cb:f2:e5:87:
         3f:8c:3e:ab:34:83:ee:7a:9f:63:0d:0c:4c:bd:17:f0:be:9d:
         d4:fd:fa:e5:81:be:cc:b0:fd:48:80:c2:68:85:de:b8:81:6e:
         f2:ea:0e:c4:90:be:31:2c:74:47:72:07:f8:ce:f3:f8:2c:cc:
         e9:df:6c:f8:f9:f0:43:21:c6:19:94:84:d3:83:88:07:8d:d5:
         c1:3c:de:f3:a8:75:a4:fc:33:ac:f7:e9:07:4d:fd:9a:9f:ce:
         9d:15:14:bb:2c:1a:ba:40:95:9a:5e:0c:17:fe:e7:84:cc:e3:
         30:1e:82:55
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUWmGgLM/6r5Xsuxl/5V/lntk6udYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA5MTkwOTM4MTlaFw0yNTA5MTgwOTQzMTlaMDMxMTAvBgNV
BAMTKEU0Mzc4RENENEJDMDRGOEUxMTlGN0E1NjYzOTQ5OThFRTMwQjMyREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7k/kqiN6Z0j8LY2Vl4qWFkID4
Lo9KUe19sW2a02rmvSJoPtEavD+PSjQ1oSY2/hanls613lCPhhmlP9yYleoUNumc
JmKCcQaqbjSPxmo7rH5Y2LfmYhq9GI9jGYksUoza2b5/sCA90KjGJvrKHR29DRBh
NFB+h+am2kqZbvn4PwK5LyykD+PhUtpkPDGKUQH4HQ3yS2iFVdYbmE3jEPUulytb
YS30STe51VZHqU2jVQ9Q01itAZZCVBwHKXh9KH9PdZp0n7JG1dl8QhGmm+jGMI3H
ocpUT1mtFulDEwEHSu/bGPot7CBpes63wzK/rX7lh1oDo+11DT34usD4PJ+HAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU5DeNzUvAT44Rn3pWY5SZjuMLMtowHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzMzMwMmUzMTM5MzMyZTM3
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzODMxMzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACCwUswDQYJKoZIhvcNAQELBQADggEBALnS/LZ/xJW0m8hA67Lo0HLuzKL0yGen
nDABA3bqu443NP0YY0Onv1vDlBarbF61Vzl5yrO78Ne6G7qZy6lU/dm5SDx4/GUX
AZAudptXBlWJwUFDCg39uwHTy0FX3I4Zrg0JSGP0Bb5tly96kdYTy0lX5pUqFTGz
v0J8IDfmxpV6QjAgXWDNbXfesuRXy/Llhz+MPqs0g+56n2MNDEy9F/C+ndT9+uWB
vsyw/UiAwmiF3riBbvLqDsSQvjEsdEdyB/jO8/gszOnfbPj58EMhxhmUhNODiAeN
1cE83vOodaT8M6z36QdN/Zqfzp0VFLssGrpAlZpeDBf+54TM4zAeglU=
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org