Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e31382e3131352e302f32342d3234203d3e203234383735.roa
File:                     3231322e31382e3131352e302f32342d3234203d3e203234383735.roa (raw, json)
Hash identifier:          HZK/q8H6LwjYbTyhNWe4a9/rwmaIPfli/pwHAaY3B88=
Subject key identifier:   7C:DD:0F:DA:60:81:C6:2D:FE:85:A5:D5:DF:50:23:C7:F8:3E:C8:92
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       06501692CFBEAFBF4C42CF76B39EA9F1963E4526
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e31382e3131352e302f32342d3234203d3e203234383735.roa
Signing time:             Wed 06 Dec 2023 08:08:46 +0000
ROA not before:           Wed 06 Dec 2023 08:03:46 +0000
ROA not after:            Wed 04 Dec 2024 08:08:46 +0000
asID:                     24875
IP address blocks:        212.18.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:50:16:92:cf:be:af:bf:4c:42:cf:76:b3:9e:a9:f1:96:3e:45:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec  6 08:03:46 2023 GMT
            Not After : Dec  4 08:08:46 2024 GMT
        Subject: CN=7CDD0FDA6081C62DFE85A5D5DF5023C7F83EC892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:42:f7:5a:8e:e9:ed:f9:3d:60:91:eb:0d:7a:
                    19:8f:af:c2:db:86:9e:49:3a:3f:9c:a1:92:d1:01:
                    bc:b1:01:d2:92:d2:28:56:70:7b:cf:3f:2b:ef:24:
                    0d:12:6c:e5:4b:74:20:23:a5:f1:8e:3f:fe:cc:ec:
                    4e:3b:ee:24:78:33:4b:4e:2d:a1:9e:82:be:54:18:
                    cb:86:08:29:f7:41:d3:45:21:91:99:f4:50:ae:c7:
                    5d:70:29:df:be:92:bc:03:b5:40:39:65:c3:9c:5e:
                    99:80:45:0e:79:87:0d:e3:7f:00:41:d0:f1:4c:83:
                    e4:82:9e:f4:62:d4:48:56:f3:d6:f9:58:c4:52:ce:
                    a9:29:51:60:57:1f:0d:36:67:e3:a7:f7:ea:ad:bd:
                    02:ec:b4:b1:f4:6d:88:6f:bc:d6:e3:55:1e:73:0d:
                    37:83:2a:2b:18:0a:c3:d6:77:5c:0b:48:51:46:fc:
                    40:e2:31:f5:16:fc:9e:d6:6d:d8:0e:8b:9e:11:e3:
                    52:b6:ff:2c:78:73:73:82:eb:9c:bc:bf:fc:e8:e6:
                    06:e2:8f:65:e2:5c:8c:9b:d9:b9:e7:72:6f:a2:ab:
                    dc:bd:46:a3:b5:fd:2a:95:0d:0f:0e:0f:23:ae:94:
                    7a:b8:a9:19:8b:5a:56:ac:66:61:66:2c:bd:69:a5:
                    38:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:DD:0F:DA:60:81:C6:2D:FE:85:A5:D5:DF:50:23:C7:F8:3E:C8:92
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e31382e3131352e302f32342d3234203d3e203234383735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:9d:e3:34:af:aa:23:39:46:2e:ee:d1:5d:47:60:fd:a8:79:
         65:15:90:8d:e5:29:7a:e0:79:59:b5:85:87:ff:c6:0e:2d:bc:
         ac:60:3c:c0:96:55:05:f2:d8:a9:9e:06:bc:a6:e3:6f:1c:db:
         ed:c0:ae:fd:4c:b1:89:3e:54:3d:f9:7d:e6:a5:7b:33:68:e8:
         8a:71:0f:cc:b3:c2:74:67:6a:c0:73:bc:77:ab:ee:f5:03:f7:
         9a:59:98:00:27:f6:eb:2e:b6:08:e9:c9:97:3e:60:41:4b:c6:
         d6:2f:d7:dc:c1:76:e0:4d:a8:00:37:2b:81:f8:47:27:7f:66:
         fb:6e:53:a1:1e:02:ca:4f:0f:82:81:85:b9:60:26:4c:06:0a:
         8f:7e:fd:07:5f:e2:6f:ff:ac:c1:8d:e4:f4:f8:71:a7:ac:6a:
         af:e0:4c:71:a7:d5:f3:a7:0f:db:0d:41:8f:1e:14:1f:f2:c0:
         c0:bd:79:89:ae:77:c3:9c:2a:52:21:2b:22:18:10:e2:d4:38:
         68:d7:19:69:f6:aa:63:8d:d5:88:6a:87:d7:99:9d:4f:4a:d4:
         8f:df:3b:b6:c6:f5:56:94:09:9d:cd:8a:5c:3c:e9:fd:e6:c4:
         76:62:d5:c2:b9:65:b1:0e:3c:a9:ac:4a:e5:8a:f5:36:af:63:
         87:d9:fd:77
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUBlAWks++r79MQs92s56p8ZY+RSYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMDYwODAzNDZaFw0yNDEyMDQwODA4NDZaMDMxMTAvBgNV
BAMTKDdDREQwRkRBNjA4MUM2MkRGRTg1QTVENURGNTAyM0M3RjgzRUM4OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Qvdajunt+T1gkesNehmPr8Lb
hp5JOj+coZLRAbyxAdKS0ihWcHvPPyvvJA0SbOVLdCAjpfGOP/7M7E477iR4M0tO
LaGegr5UGMuGCCn3QdNFIZGZ9FCux11wKd++krwDtUA5ZcOcXpmARQ55hw3jfwBB
0PFMg+SCnvRi1EhW89b5WMRSzqkpUWBXHw02Z+On9+qtvQLstLH0bYhvvNbjVR5z
DTeDKisYCsPWd1wLSFFG/EDiMfUW/J7WbdgOi54R41K2/yx4c3OC65y8v/zo5gbi
j2XiXIyb2bnncm+iq9y9RqO1/SqVDQ8ODyOulHq4qRmLWlasZmFmLL1ppTgTAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUfN0P2mCBxi3+haXV31Ajx/g+yJIwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIzMTMyMmUzMTM4MmUzMTMx
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM0MzgzNzM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
1BJzMA0GCSqGSIb3DQEBCwUAA4IBAQBuneM0r6ojOUYu7tFdR2D9qHllFZCN5Sl6
4HlZtYWH/8YOLbysYDzAllUF8tipnga8puNvHNvtwK79TLGJPlQ9+X3mpXszaOiK
cQ/Ms8J0Z2rAc7x3q+71A/eaWZgAJ/brLrYI6cmXPmBBS8bWL9fcwXbgTagANyuB
+Ecnf2b7blOhHgLKTw+CgYW5YCZMBgqPfv0HX+Jv/6zBjeT0+HGnrGqv4Exxp9Xz
pw/bDUGPHhQf8sDAvXmJrnfDnCpSISsiGBDi1Dho1xlp9qpjjdWIaofXmZ1PStSP
3zu2xvVWlAmdzYpcPOn95sR2YtXCuWWxDjyprErlivU2r2OH2f13
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org