Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e342e302f32342d3234203d3e203437353833.roa
File:                     3231332e3139302e342e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          /1WtV8qKyadpXAptKWHKH+x4+xk6Al59m89qMtjrEU0=
Subject key identifier:   B4:3B:A3:1A:85:E4:42:09:3C:ED:10:B3:90:77:B6:AD:B2:6C:99:70
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       6665883D0A883A54C85F1DECFD5CD81896618FED
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e342e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:46 +0000
ROA not before:           Mon 26 Feb 2024 08:48:46 +0000
ROA not after:            Mon 24 Feb 2025 08:53:46 +0000
asID:                     47583
IP address blocks:        213.190.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:65:88:3d:0a:88:3a:54:c8:5f:1d:ec:fd:5c:d8:18:96:61:8f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:46 2024 GMT
            Not After : Feb 24 08:53:46 2025 GMT
        Subject: CN=B43BA31A85E442093CED10B39077B6ADB26C9970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1f:aa:1e:fb:7a:97:b2:22:f4:8f:0f:d4:40:
                    9e:a7:29:55:c7:24:06:4e:fb:ff:36:04:e9:f8:67:
                    f5:b7:a8:19:1c:f8:9e:04:44:13:50:c8:09:a9:af:
                    f4:73:56:81:c4:6d:7b:4a:ff:70:75:cb:8c:b9:9f:
                    5a:45:1e:79:93:bb:96:b6:49:f1:4d:e7:5c:eb:a0:
                    da:cb:5e:a3:c6:59:d3:f3:30:d0:0d:20:80:c4:a8:
                    e7:2c:d4:5e:4e:78:0e:65:92:91:b6:cf:5e:3b:68:
                    f8:a5:5d:10:02:99:e6:96:3a:6d:1a:98:ca:84:b5:
                    e1:04:fa:37:3f:87:fb:f6:d1:ea:66:8a:29:7f:e2:
                    8b:bf:ee:cf:47:1d:de:a8:65:77:20:e6:b0:39:f5:
                    72:59:b1:17:29:e0:75:c2:63:7c:df:6e:46:4c:aa:
                    6c:c7:7e:77:4b:2d:b1:e4:43:2f:62:3f:50:ab:82:
                    dd:98:68:a0:ab:e1:58:d5:86:14:fe:7a:ae:ec:1f:
                    ea:59:74:c1:88:a2:74:03:93:8c:4e:6e:fd:e1:34:
                    dc:79:2d:ad:f4:2c:13:83:fe:ba:b9:4f:ca:a7:34:
                    17:ee:6d:ce:08:ac:8c:f5:9e:95:3a:fc:b5:f5:9e:
                    a2:31:95:a2:28:85:70:f2:1a:68:69:cf:00:72:ea:
                    d2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3B:A3:1A:85:E4:42:09:3C:ED:10:B3:90:77:B6:AD:B2:6C:99:70
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e342e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:9e:1e:c3:9c:ee:8c:3f:60:43:a3:e1:9c:0d:d9:db:b5:c8:
         12:25:05:46:54:0c:7e:92:ae:01:6a:fe:90:c8:77:b2:2a:c7:
         d5:65:23:98:fa:61:40:d3:be:b0:c1:42:c9:83:62:5f:24:f9:
         58:e0:1d:28:00:4f:6c:ce:ce:3c:8e:8c:13:1a:b5:7c:a3:68:
         c9:a6:a5:dc:93:7d:b0:d1:e7:90:11:fc:9f:5b:22:59:7a:33:
         73:0d:05:2d:62:2e:5e:6d:0b:e5:a9:ed:4c:10:cb:60:38:9e:
         6a:42:ce:aa:fe:78:9b:c6:41:7c:b2:b7:da:66:d0:50:6b:34:
         99:7c:4c:5e:05:88:e3:71:90:ac:57:10:f8:e0:53:95:c0:2c:
         a1:30:a2:07:a7:07:60:a7:13:6b:4e:da:88:da:9f:8b:5a:7d:
         d0:0d:40:d8:d4:98:aa:91:86:77:b8:d5:dd:bb:88:5c:13:a0:
         66:08:ea:82:b9:a0:01:2b:2a:bd:5b:73:bb:95:43:3e:13:02:
         38:5e:61:3a:48:db:d0:6e:b5:b1:42:57:e0:ab:bd:ab:e6:05:
         ae:85:64:ba:dc:2f:60:df:2d:1c:27:6f:cf:f2:6c:fa:e9:e4:
         63:0e:1f:5d:de:f6:b5:36:dc:fa:05:b7:6a:b2:3f:1c:d8:83:
         42:b2:0e:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZmWIPQqIOlTIXx3s/VzYGJZhj+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDZaFw0yNTAyMjQwODUzNDZaMDMxMTAvBgNV
BAMTKEI0M0JBMzFBODVFNDQyMDkzQ0VEMTBCMzkwNzdCNkFEQjI2Qzk5NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNH6oe+3qXsiL0jw/UQJ6nKVXH
JAZO+/82BOn4Z/W3qBkc+J4ERBNQyAmpr/RzVoHEbXtK/3B1y4y5n1pFHnmTu5a2
SfFN51zroNrLXqPGWdPzMNANIIDEqOcs1F5OeA5lkpG2z147aPilXRACmeaWOm0a
mMqEteEE+jc/h/v20epmiil/4ou/7s9HHd6oZXcg5rA59XJZsRcp4HXCY3zfbkZM
qmzHfndLLbHkQy9iP1Crgt2YaKCr4VjVhhT+eq7sH+pZdMGIonQDk4xObv3hNNx5
La30LBOD/rq5T8qnNBfubc4IrIz1npU6/LX1nqIxlaIohXDyGmhpzwBy6tI1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUtDujGoXkQgk87RCzkHe2rbJsmXAwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzIzMTMzMmUzMTM5MzAyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANW+
BDANBgkqhkiG9w0BAQsFAAOCAQEAKJ4ew5zujD9gQ6PhnA3Z27XIEiUFRlQMfpKu
AWr+kMh3sirH1WUjmPphQNO+sMFCyYNiXyT5WOAdKABPbM7OPI6MExq1fKNoyaal
3JN9sNHnkBH8n1siWXozcw0FLWIuXm0L5antTBDLYDieakLOqv54m8ZBfLK32mbQ
UGs0mXxMXgWI43GQrFcQ+OBTlcAsoTCiB6cHYKcTa07aiNqfi1p90A1A2NSYqpGG
d7jV3buIXBOgZgjqgrmgASsqvVtzu5VDPhMCOF5hOkjb0G61sUJX4Ku9q+YFroVk
utwvYN8tHCdvz/Js+unkYw4fXd72tTbc+gW3arI/HNiDQrIORA==
-----END CERTIFICATE-----