Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231332e3139392e33322e302f31392d3332203d3e203531313637.roa
File:                     3231332e3139392e33322e302f31392d3332203d3e203531313637.roa (raw, json)
Hash identifier:          0+WahvaQGlkNAPJWQOXmckT6HjTOsyM6jc1LoAXZsO8=
Subject key identifier:   B2:35:B6:3E:2D:B8:BF:34:96:A0:BD:F5:06:BD:CF:52:79:A7:C9:3A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4F8AF15B092004FABDB92DB23D23EB86794BAC8F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231332e3139392e33322e302f31392d3332203d3e203531313637.roa
Signing time:             Wed 06 Mar 2024 11:40:35 +0000
ROA not before:           Wed 06 Mar 2024 11:35:35 +0000
ROA not after:            Wed 05 Mar 2025 11:40:35 +0000
asID:                     51167
IP address blocks:        213.199.32.0/19 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:8a:f1:5b:09:20:04:fa:bd:b9:2d:b2:3d:23:eb:86:79:4b:ac:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  6 11:35:35 2024 GMT
            Not After : Mar  5 11:40:35 2025 GMT
        Subject: CN=B235B63E2DB8BF3496A0BDF506BDCF5279A7C93A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:12:4d:da:12:e7:c4:6b:e6:cb:4b:a4:e2:ab:
                    e3:b2:4c:f1:c5:3e:01:55:42:ec:a8:a0:cf:40:44:
                    e0:82:36:df:16:93:38:fc:14:9f:92:80:ad:44:5f:
                    90:ae:08:bc:9b:36:f0:63:a7:c5:d8:75:9a:6a:19:
                    cf:ef:e2:31:b6:47:b5:6a:bb:d3:49:3d:17:71:d6:
                    59:72:72:93:c3:ab:74:8e:d1:29:43:59:3d:31:b6:
                    1c:f8:00:9d:99:00:6b:87:2b:a9:c2:be:d6:5f:f6:
                    a1:db:9a:71:eb:04:43:69:38:4d:a1:5f:ac:5b:e1:
                    c3:33:51:38:75:34:2b:02:5e:1f:ce:bd:c6:7e:b6:
                    42:25:88:cf:9b:4f:5c:59:46:1b:71:ae:4d:c2:37:
                    d9:f0:f9:f7:f8:25:54:a1:10:79:77:6a:81:dd:0e:
                    63:ee:7a:e3:17:d3:41:59:4c:fb:42:4c:31:f9:42:
                    ae:27:1b:df:0c:aa:4c:73:ad:ca:26:1d:99:7a:d7:
                    f5:10:ba:b3:4a:d4:08:d0:fc:b2:26:bb:36:84:37:
                    ee:e0:47:2b:a6:0b:52:00:4f:84:75:ca:d1:22:db:
                    5b:86:be:be:e3:d9:26:64:a6:30:7b:49:b9:de:7c:
                    96:59:68:1c:69:1a:b8:12:77:f6:8c:43:ce:18:13:
                    f3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:35:B6:3E:2D:B8:BF:34:96:A0:BD:F5:06:BD:CF:52:79:A7:C9:3A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231332e3139392e33322e302f31392d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.199.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3b:4f:fa:77:b4:fa:fa:26:23:00:f0:f9:d2:8d:d3:20:e3:b9:
         e7:cb:59:33:4f:54:f4:ab:ae:48:88:25:27:f4:c0:ce:b9:2e:
         ae:60:1a:3a:b5:14:b7:07:2d:63:30:1a:c1:11:24:d8:b7:99:
         1a:71:14:3d:e2:56:84:1c:bb:b9:c8:d0:54:c9:7d:4e:69:21:
         ca:d5:9c:8e:b5:7f:81:8e:94:86:82:95:0e:74:41:8c:72:65:
         3a:d8:16:cc:74:1b:1e:6d:36:11:f6:6f:35:d5:79:88:6b:02:
         ac:4f:88:22:ae:29:ed:cc:30:0a:d3:44:cd:72:f5:2a:e2:db:
         11:bf:d6:4b:5e:60:df:df:d8:b3:3d:83:33:0d:16:27:ba:b9:
         ca:91:9f:87:99:ef:23:43:71:f1:31:83:b7:95:7b:7b:a3:7f:
         76:d4:87:50:f1:92:e9:c1:51:10:bc:d0:0a:c4:4a:ca:ec:d7:
         7e:2a:47:2c:27:ba:12:3b:db:d4:86:3c:d6:ca:5c:69:60:64:
         43:69:52:65:9f:cc:e6:6f:0b:f8:23:45:f1:75:d4:a0:49:5c:
         6b:d8:7c:b2:c4:97:ca:0a:7f:60:d0:54:2f:82:46:c8:81:60:
         94:bf:43:4d:fe:ee:bd:28:49:39:57:5c:f5:95:54:6c:9d:b1:
         5a:d5:7e:cf
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUT4rxWwkgBPq9uS2yPSPrhnlLrI8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMDYxMTM1MzVaFw0yNTAzMDUxMTQwMzVaMDMxMTAvBgNV
BAMTKEIyMzVCNjNFMkRCOEJGMzQ5NkEwQkRGNTA2QkRDRjUyNzlBN0M5M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Ek3aEufEa+bLS6Tiq+OyTPHF
PgFVQuyooM9AROCCNt8Wkzj8FJ+SgK1EX5CuCLybNvBjp8XYdZpqGc/v4jG2R7Vq
u9NJPRdx1llycpPDq3SO0SlDWT0xthz4AJ2ZAGuHK6nCvtZf9qHbmnHrBENpOE2h
X6xb4cMzUTh1NCsCXh/OvcZ+tkIliM+bT1xZRhtxrk3CN9nw+ff4JVShEHl3aoHd
DmPueuMX00FZTPtCTDH5Qq4nG98MqkxzrcomHZl61/UQurNK1AjQ/LImuzaEN+7g
RyumC1IAT4R1ytEi21uGvr7j2SZkpjB7SbnefJZZaBxpGrgSd/aMQ84YE/NTAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUsjW2Pi24vzSWoL31Br3PUnmnyTowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTMzMmUzMTM5MzkyZTMz
MzIyZTMwMmYzMTM5MmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF
1ccgMA0GCSqGSIb3DQEBCwUAA4IBAQA7T/p3tPr6JiMA8PnSjdMg47nny1kzT1T0
q65IiCUn9MDOuS6uYBo6tRS3By1jMBrBESTYt5kacRQ94laEHLu5yNBUyX1OaSHK
1ZyOtX+BjpSGgpUOdEGMcmU62BbMdBsebTYR9m811XmIawKsT4girintzDAK00TN
cvUq4tsRv9ZLXmDf39izPYMzDRYnurnKkZ+Hme8jQ3HxMYO3lXt7o3921IdQ8ZLp
wVEQvNAKxErK7Nd+KkcsJ7oSO9vUhjzWylxpYGRDaVJln8zmbwv4I0XxddSgSVxr
2HyyxJfKCn9g0FQvgkbIgWCUv0NN/u69KEk5V1z1lVRsnbFa1X7P
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:04 2024 by rpki-client on console-fra.rpki-client.org