Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323136313539.roa
File:                     3133302e3139332e37352e302f32342d3234203d3e20323136313539.roa (raw, json)
Hash identifier:          gXjyGjokR9/5Y0gpVJm8KauiuSUQ/ZzKTh6iqaAn5cA=
Subject key identifier:   7A:A2:D6:BC:B4:43:CD:77:3F:1E:0D:AA:46:E9:38:03:1D:4A:9C:E4
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       350E5AA511EFFF18FF96B7EEA7C3F4492894247C
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323136313539.roa
Signing time:             Mon 16 Sep 2024 11:05:20 +0000
ROA not before:           Mon 16 Sep 2024 11:00:20 +0000
ROA not after:            Mon 15 Sep 2025 11:05:20 +0000
asID:                     216159
IP address blocks:        130.193.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:0e:5a:a5:11:ef:ff:18:ff:96:b7:ee:a7:c3:f4:49:28:94:24:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Sep 16 11:00:20 2024 GMT
            Not After : Sep 15 11:05:20 2025 GMT
        Subject: CN=7AA2D6BCB443CD773F1E0DAA46E938031D4A9CE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3e:c1:9d:b4:22:00:03:81:c0:88:44:6f:a4:
                    d8:b5:92:d8:95:42:bc:4a:14:22:bc:e7:6b:da:8e:
                    0e:41:49:12:8b:2a:08:c5:d9:2f:cd:16:7a:c8:3f:
                    92:16:08:12:08:8f:cc:8f:33:df:b7:e6:19:b0:f6:
                    06:7b:25:57:b5:73:ef:17:04:de:e6:23:d2:a0:dd:
                    48:e7:ee:88:69:c6:64:a8:0b:42:8b:6e:26:0c:9c:
                    40:5d:c5:9e:7c:98:8b:9f:54:eb:fd:c1:cc:f5:60:
                    19:00:95:3d:64:ee:aa:f2:c4:e3:30:f3:fb:9a:f4:
                    02:73:55:c8:d2:de:aa:4e:c4:f9:7e:48:2d:a3:d1:
                    06:05:5a:24:2c:69:3d:63:ba:b6:bc:48:0a:93:c6:
                    13:be:79:45:eb:78:cc:29:cf:d8:29:60:c0:c7:c1:
                    0e:f4:b6:fe:5e:ea:c3:3b:ea:c3:b8:7a:18:dc:3e:
                    0d:4d:cc:7c:e0:5b:b4:61:a9:16:3b:83:86:06:47:
                    47:2e:08:84:8e:52:f4:f5:ab:61:2a:cc:49:d6:c6:
                    92:98:0c:34:55:c0:c2:a0:68:df:9b:db:e9:4e:cc:
                    b2:1d:db:5d:4f:38:8b:3e:a0:fd:5f:49:b5:9c:3e:
                    93:25:10:7f:8d:0d:59:b9:0d:d6:77:dc:5f:28:49:
                    d6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A2:D6:BC:B4:43:CD:77:3F:1E:0D:AA:46:E9:38:03:1D:4A:9C:E4
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3133302e3139332e37352e302f32342d3234203d3e20323136313539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:23:e4:75:e1:75:20:61:bc:c8:c5:47:ab:dc:20:e6:44:9b:
         5c:40:bb:f6:52:01:c7:82:e8:ba:81:86:7c:53:8c:b2:ae:d4:
         2b:5e:b9:d9:65:de:f2:4a:5a:33:48:68:df:0a:20:86:41:81:
         23:8f:56:18:4e:0a:7d:51:90:51:41:e5:fe:9b:dd:76:63:b5:
         9a:fc:b2:41:3e:64:cb:da:16:95:39:0d:a3:78:73:30:3c:43:
         5d:5d:cf:ac:d7:13:59:18:57:f9:9a:93:db:64:13:9e:2b:a9:
         39:09:6e:e8:9a:b9:f8:be:b6:eb:aa:67:39:78:a5:07:32:83:
         fa:32:96:06:4b:df:5a:91:49:59:57:52:28:2a:75:17:60:2c:
         82:57:38:fc:ef:d9:6b:ec:81:51:fb:6a:53:02:e5:39:e8:00:
         2b:29:01:fb:f3:c2:f7:07:8e:f0:8d:1e:cb:0c:0c:07:79:fe:
         08:86:45:0d:71:70:20:69:af:ce:c8:27:36:65:e2:e3:be:b1:
         1b:12:d7:bf:29:fe:66:59:9c:b9:59:6f:83:92:fc:38:92:c8:
         64:4e:bc:8d:d4:ad:2d:de:62:bc:d1:78:38:3d:33:4a:02:a6:
         03:e3:fd:42:ec:41:f9:59:0c:00:fb:57:0d:32:6b:d6:e8:46:
         a3:9b:9a:e6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUNQ5apRHv/xj/lrfup8P0SSiUJHwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA5MTYxMTAwMjBaFw0yNTA5MTUxMTA1MjBaMDMxMTAvBgNV
BAMTKDdBQTJENkJDQjQ0M0NENzczRjFFMERBQTQ2RTkzODAzMUQ0QTlDRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiPsGdtCIAA4HAiERvpNi1ktiV
QrxKFCK852vajg5BSRKLKgjF2S/NFnrIP5IWCBIIj8yPM9+35hmw9gZ7JVe1c+8X
BN7mI9Kg3Ujn7ohpxmSoC0KLbiYMnEBdxZ58mIufVOv9wcz1YBkAlT1k7qryxOMw
8/ua9AJzVcjS3qpOxPl+SC2j0QYFWiQsaT1jura8SAqTxhO+eUXreMwpz9gpYMDH
wQ70tv5e6sM76sO4ehjcPg1NzHzgW7RhqRY7g4YGR0cuCISOUvT1q2EqzEnWxpKY
DDRVwMKgaN+b2+lOzLId211POIs+oP1fSbWcPpMlEH+NDVm5DdZ33F8oSdZdAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUeqLWvLRDzXc/Hg2qRuk4Ax1KnOQwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzMzMwMmUzMTM5MzMyZTM3
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMTM1Mzkucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACCwUswDQYJKoZIhvcNAQELBQADggEBAFAj5HXhdSBhvMjFR6vcIOZEm1xAu/ZS
AceC6LqBhnxTjLKu1Cteudll3vJKWjNIaN8KIIZBgSOPVhhOCn1RkFFB5f6b3XZj
tZr8skE+ZMvaFpU5DaN4czA8Q11dz6zXE1kYV/mak9tkE54rqTkJbuiaufi+tuuq
Zzl4pQcyg/oylgZL31qRSVlXUigqdRdgLIJXOPzv2WvsgVH7alMC5TnoACspAfvz
wvcHjvCNHssMDAd5/giGRQ1xcCBpr87IJzZl4uO+sRsS178p/mZZnLlZb4OS/DiS
yGROvI3UrS3eYrzReDg9M0oCpgPj/ULsQflZDAD7Vw0ya9boRqObmuY=
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org