Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/6/326130363a313238333a633131663a3a2f34382d313238203d3e20323131303636.roa
File:                     326130363a313238333a633131663a3a2f34382d313238203d3e20323131303636.roa (raw, json)
Hash identifier:          MNB/IgLpAkC8BkMxVhMNWcW04HjOlc0Y//dSW/FFyhU=
Subject key identifier:   DD:DE:FE:CA:F7:6C:01:30:CA:4E:E3:1A:23:78:92:15:7C:D7:D8:31
Certificate issuer:       /CN=D54D443B67C1CC5EA1B5446EA0643CAC3A7A8B2C
Certificate serial:       705CCE3681D6F23B448AF713542B91B0CA3C6DC3
Authority key identifier: D5:4D:44:3B:67:C1:CC:5E:A1:B5:44:6E:A0:64:3C:AC:3A:7A:8B:2C
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/4/D54D443B67C1CC5EA1B5446EA0643CAC3A7A8B2C.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/6/326130363a313238333a633131663a3a2f34382d313238203d3e20323131303636.roa
Signing time:             Sun 20 Jul 2025 22:29:36 +0000
ROA not before:           Sun 20 Jul 2025 22:24:36 +0000
ROA not after:            Sun 19 Jul 2026 22:29:36 +0000
asID:                     211066
IP address blocks:        2a06:1283:c11f::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/6/D54D443B67C1CC5EA1B5446EA0643CAC3A7A8B2C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/6/D54D443B67C1CC5EA1B5446EA0643CAC3A7A8B2C.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/4/D54D443B67C1CC5EA1B5446EA0643CAC3A7A8B2C.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/4/4807C118BD348934B5CC59B3E8A7A8C14F29C3FB.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/4/4807C118BD348934B5CC59B3E8A7A8C14F29C3FB.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/4807C118BD348934B5CC59B3E8A7A8C14F29C3FB.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:25:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:5c:ce:36:81:d6:f2:3b:44:8a:f7:13:54:2b:91:b0:ca:3c:6d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D54D443B67C1CC5EA1B5446EA0643CAC3A7A8B2C
        Validity
            Not Before: Jul 20 22:24:36 2025 GMT
            Not After : Jul 19 22:29:36 2026 GMT
        Subject: CN=DDDEFECAF76C0130CA4EE31A237892157CD7D831
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:72:ac:a9:46:4d:2c:91:59:4f:09:8a:28:d1:
                    99:6e:45:82:c6:43:7f:ea:81:6d:78:b6:11:fe:1d:
                    d5:d7:a8:be:3f:3e:ae:3c:bb:95:47:15:3a:fb:d5:
                    fe:77:1e:f4:76:2a:5d:70:7a:80:76:7f:62:20:24:
                    55:af:41:d7:7f:63:f2:6c:b3:2e:2e:a3:02:09:fa:
                    bb:9b:73:65:b2:8c:da:df:7c:ca:28:6f:48:f9:ed:
                    8a:77:4f:8d:77:77:ba:fa:76:86:7e:5e:65:76:b1:
                    ba:2a:52:03:59:9d:80:5a:fe:4f:d1:6a:e7:85:41:
                    6d:d3:9c:4d:34:e7:d4:28:f2:b0:14:2a:20:80:34:
                    a0:b5:cd:d9:d3:26:64:e2:73:d3:f9:c3:37:fc:69:
                    7a:68:45:a1:7f:8c:ce:10:e8:33:b9:7e:8b:25:64:
                    6f:16:ae:63:24:51:e4:83:10:de:10:2e:c1:af:c9:
                    ef:00:fa:3d:42:1e:77:63:33:86:83:a3:59:86:a1:
                    74:8d:d9:30:cc:26:bc:1e:b7:38:73:50:1f:b6:56:
                    24:a6:cb:a0:66:5e:02:7f:f0:ae:94:48:48:c8:f6:
                    5a:9d:82:70:07:49:f8:02:49:e5:3d:2e:1a:7b:5b:
                    ca:28:dd:4a:30:4e:bd:00:d4:2c:1c:49:b7:ef:75:
                    6f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:DE:FE:CA:F7:6C:01:30:CA:4E:E3:1A:23:78:92:15:7C:D7:D8:31
            X509v3 Authority Key Identifier:
                keyid:D5:4D:44:3B:67:C1:CC:5E:A1:B5:44:6E:A0:64:3C:AC:3A:7A:8B:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/6/D54D443B67C1CC5EA1B5446EA0643CAC3A7A8B2C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/4/D54D443B67C1CC5EA1B5446EA0643CAC3A7A8B2C.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/68ababbb-f048-4de1-9206-8d40f071808b/6/326130363a313238333a633131663a3a2f34382d313238203d3e20323131303636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1283:c11f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:f1:cc:1f:5a:f6:b9:51:2a:c3:da:67:60:e8:3b:27:15:25:
         37:e2:02:ac:87:3a:5e:a7:66:46:e9:aa:aa:8d:62:2a:c5:eb:
         70:06:98:b3:c0:03:46:1d:20:8e:a5:49:e1:54:59:ca:50:08:
         94:a9:d7:da:3f:f5:bb:e2:d7:33:d7:7e:dd:c5:d9:bc:b9:3d:
         e7:df:f9:96:24:35:29:9f:61:e0:62:34:64:02:fb:7f:cd:84:
         22:9a:3c:4b:1a:39:34:ff:ac:a5:01:58:33:0f:ab:48:db:b4:
         e5:c6:8d:be:91:79:50:e4:c1:5a:af:eb:ac:87:9b:c4:cb:33:
         b5:21:87:cf:7a:76:ed:9e:ea:2f:74:b4:2f:96:72:f1:a3:7c:
         48:a3:f2:08:aa:f9:f5:ef:3d:e3:7f:25:d5:27:d0:6f:58:61:
         17:2c:9a:d4:7c:51:e0:00:01:f6:ca:f7:5b:72:c0:a8:89:d3:
         1b:4f:8a:18:0c:06:2a:c1:2a:9f:3d:18:b4:26:b6:89:d4:0b:
         32:46:eb:b5:16:8a:ce:a4:09:85:56:c2:00:ed:af:b1:50:fc:
         c9:ad:74:4d:f1:95:fc:f0:b0:1d:38:9c:2b:2f:44:b8:fe:a4:
         bf:c4:27:a9:9f:4b:ee:9c:9f:6d:88:6a:ec:d9:cf:35:cc:06:
         13:75:ef:d2
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgIUcFzONoHW8jtEivcTVCuRsMo8bcMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDU0RDQ0M0I2N0MxQ0M1RUExQjU0NDZFQTA2NDNDQUMz
QTdBOEIyQzAeFw0yNTA3MjAyMjI0MzZaFw0yNjA3MTkyMjI5MzZaMDMxMTAvBgNV
BAMTKEREREVGRUNBRjc2QzAxMzBDQTRFRTMxQTIzNzg5MjE1N0NEN0Q4MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvcqypRk0skVlPCYoo0ZluRYLG
Q3/qgW14thH+HdXXqL4/Pq48u5VHFTr71f53HvR2Kl1weoB2f2IgJFWvQdd/Y/Js
sy4uowIJ+rubc2WyjNrffMoob0j57Yp3T413d7r6doZ+XmV2sboqUgNZnYBa/k/R
aueFQW3TnE0059Qo8rAUKiCANKC1zdnTJmTic9P5wzf8aXpoRaF/jM4Q6DO5fosl
ZG8WrmMkUeSDEN4QLsGvye8A+j1CHndjM4aDo1mGoXSN2TDMJrwetzhzUB+2ViSm
y6BmXgJ/8K6USEjI9lqdgnAHSfgCSeU9Lhp7W8oo3UowTr0A1CwcSbfvdW8PAgMB
AAGjggKHMIICgzAdBgNVHQ4EFgQU3d7+yvdsATDKTuMaI3iSFXzX2DEwHwYDVR0j
BBgwFoAU1U1EO2fBzF6htURuoGQ8rDp6iywwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNjhhYmFiYmItZjA0OC00ZGUxLTkyMDYtOGQ0MGYwNzE4
MDhiLzYvRDU0RDQ0M0I2N0MxQ0M1RUExQjU0NDZFQTA2NDNDQUMzQTdBOEIyQy5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8yYWY3M2E5Yy0yMDU4LTQz
YmItOWFjNi01YWI0MmRmYmY0MDkvNC9ENTRENDQzQjY3QzFDQzVFQTFCNTQ0NkVB
MDY0M0NBQzNBN0E4QjJDLmNlcjCBuQYIKwYBBQUHAQsEgawwgakwgaYGCCsGAQUF
BzALhoGZcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS82OGFiYWJiYi1mMDQ4LTRkZTEtOTIwNi04ZDQwZjA3MTgwOGIvNi8zMjYxMzAz
NjNhMzEzMjM4MzMzYTYzMzEzMTY2M2EzYTJmMzQzODJkMzEzMjM4MjAzZDNlMjAz
MjMxMzEzMDM2MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYB
BQUHAQcBAf8EEzARMA8EAgACMAkDBwAqBhKDwR8wDQYJKoZIhvcNAQELBQADggEB
ABzxzB9a9rlRKsPaZ2DoOycVJTfiAqyHOl6nZkbpqqqNYirF63AGmLPAA0YdII6l
SeFUWcpQCJSp19o/9bvi1zPXft3F2by5Peff+ZYkNSmfYeBiNGQC+3/NhCKaPEsa
OTT/rKUBWDMPq0jbtOXGjb6ReVDkwVqv66yHm8TLM7Uhh896du2e6i90tC+WcvGj
fEij8giq+fXvPeN/JdUn0G9YYRcsmtR8UeAAAfbK91tywKiJ0xtPihgMBirBKp89
GLQmtonUCzJG67UWis6kCYVWwgDtr7FQ/MmtdE3xlfzwsB04nCsvRLj+pL/EJ6mf
S+6cn22IauzZzzXMBhN179I=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:15:54 2025 by rpki-client