Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323135373237.roa
File:                     3133302e3139332e37352e302f32342d3234203d3e20323135373237.roa (raw, json)
Hash identifier:          W5MRmunbrs++er88mEkMO3+677aeo0GoQkjPxCh/4O8=
Subject key identifier:   B4:3D:3B:D4:13:11:2D:44:70:9D:BA:F6:72:E2:E3:17:89:C5:6D:23
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       2C25DEEB0D5C61F32668BB24EBFD68ECE93D57C6
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323135373237.roa
Signing time:             Sun 14 Jan 2024 16:44:50 +0000
ROA not before:           Sun 14 Jan 2024 16:39:50 +0000
ROA not after:            Sun 12 Jan 2025 16:44:50 +0000
asID:                     215727
IP address blocks:        130.193.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:25:de:eb:0d:5c:61:f3:26:68:bb:24:eb:fd:68:ec:e9:3d:57:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jan 14 16:39:50 2024 GMT
            Not After : Jan 12 16:44:50 2025 GMT
        Subject: CN=B43D3BD413112D44709DBAF672E2E31789C56D23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6a:ca:73:b6:60:76:a6:70:8a:01:b4:34:55:
                    9f:ff:6d:48:21:bb:89:01:3d:1a:0d:e4:ec:4a:7c:
                    93:b8:1b:f8:f1:f3:b4:50:92:9d:87:84:a4:75:5b:
                    0a:75:e2:10:b1:c2:00:65:fd:64:f9:b5:30:96:82:
                    6c:c3:c7:29:26:7e:74:95:a1:d9:5d:56:5a:f7:7f:
                    54:3d:66:a0:a1:6a:e2:6e:41:11:1d:c1:f0:32:53:
                    49:a2:60:11:6d:05:2d:c8:17:bc:08:f4:0e:70:84:
                    bd:1f:61:2f:42:ed:55:b4:ee:37:1c:df:7b:8f:e9:
                    3e:20:3f:cb:86:79:5e:06:01:02:19:9e:95:bf:62:
                    79:eb:5a:57:54:bf:3e:4e:ca:47:a7:fe:6f:df:0d:
                    28:eb:46:db:76:67:a7:23:70:74:b6:56:53:a9:4d:
                    22:9e:3c:d5:ec:9d:b0:fb:57:04:89:9e:1c:f8:13:
                    5f:97:5b:4c:4f:99:24:dc:12:f1:dd:d8:b5:33:dd:
                    39:a2:ce:c7:3d:79:73:84:d9:a5:75:d3:bf:46:71:
                    1f:72:7b:c1:0d:18:13:55:9a:2e:c9:fc:a4:13:9f:
                    1b:c6:bb:bc:fb:10:30:b3:31:61:25:d3:24:60:e8:
                    1e:ed:14:ab:16:d3:f3:32:f6:c9:83:c8:36:31:0a:
                    4d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3D:3B:D4:13:11:2D:44:70:9D:BA:F6:72:E2:E3:17:89:C5:6D:23
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323135373237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:cb:a3:67:cc:4e:55:59:09:4d:ec:2f:8d:90:d5:57:9b:75:
         d7:e9:4b:da:35:19:64:91:46:dc:71:26:d2:e6:a0:6c:5b:b0:
         03:26:1d:d8:8c:31:5e:a7:37:cf:06:56:85:e7:aa:01:5c:8c:
         f6:19:41:bf:34:c8:04:a3:97:75:2d:38:de:cd:4b:ec:0c:67:
         e4:c9:49:8d:6a:e5:c0:79:95:38:4e:04:8e:92:5c:e6:88:86:
         06:e8:b7:dc:b4:a7:db:90:0f:fb:6e:17:23:4a:cb:a4:55:02:
         8e:85:be:24:c9:8e:2e:31:16:9f:82:af:9f:5c:41:81:ea:88:
         4f:2e:84:42:13:22:ad:22:9d:fa:df:b3:98:93:11:c6:ff:b3:
         b0:e8:f0:cf:9f:e1:7e:8f:9f:b1:b9:8b:b9:47:54:58:a0:6a:
         52:90:6d:00:8c:09:78:ea:6b:e6:57:25:38:e3:4b:5b:04:b0:
         31:81:01:47:9d:25:bb:f4:98:59:e3:b5:90:cb:b2:6b:e3:7b:
         bc:79:ac:6d:f5:72:80:80:6f:59:86:73:2e:ee:67:37:0e:16:
         7b:67:15:95:2d:ec:f9:4f:4a:f0:d7:31:e6:85:30:a3:ed:a6:
         d1:49:8c:23:b0:5f:85:21:16:d0:c4:98:d2:d9:00:14:1e:7b:
         49:fb:14:15
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIULCXe6w1cYfMmaLsk6/1o7Ok9V8YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDAxMTQxNjM5NTBaFw0yNTAxMTIxNjQ0NTBaMDMxMTAvBgNV
BAMTKEI0M0QzQkQ0MTMxMTJENDQ3MDlEQkFGNjcyRTJFMzE3ODlDNTZEMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0aspztmB2pnCKAbQ0VZ//bUgh
u4kBPRoN5OxKfJO4G/jx87RQkp2HhKR1Wwp14hCxwgBl/WT5tTCWgmzDxykmfnSV
odldVlr3f1Q9ZqChauJuQREdwfAyU0miYBFtBS3IF7wI9A5whL0fYS9C7VW07jcc
33uP6T4gP8uGeV4GAQIZnpW/YnnrWldUvz5Oyken/m/fDSjrRtt2Z6cjcHS2VlOp
TSKePNXsnbD7VwSJnhz4E1+XW0xPmSTcEvHd2LUz3Tmizsc9eXOE2aV1079GcR9y
e8ENGBNVmi7J/KQTnxvGu7z7EDCzMWEl0yRg6B7tFKsW0/My9smDyDYxCk3zAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUtD071BMRLURwnbr2cuLjF4nFbSMwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzMzMwMmUzMTM5MzMyZTM3
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzUzNzMyMzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACCwUswDQYJKoZIhvcNAQELBQADggEBACXLo2fMTlVZCU3sL42Q1VebddfpS9o1
GWSRRtxxJtLmoGxbsAMmHdiMMV6nN88GVoXnqgFcjPYZQb80yASjl3UtON7NS+wM
Z+TJSY1q5cB5lThOBI6SXOaIhgbot9y0p9uQD/tuFyNKy6RVAo6FviTJji4xFp+C
r59cQYHqiE8uhEITIq0infrfs5iTEcb/s7Do8M+f4X6Pn7G5i7lHVFigalKQbQCM
CXjqa+ZXJTjjS1sEsDGBAUedJbv0mFnjtZDLsmvje7x5rG31coCAb1mGcy7uZzcO
FntnFZUt7PlPSvDXMeaFMKPtptFJjCOwX4UhFtDEmNLZABQee0n7FBU=
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org