Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/3/326130373a353463313a663030303a3a2f33362d3438203d3e20323038343533.roa
File:                     326130373a353463313a663030303a3a2f33362d3438203d3e20323038343533.roa (raw, json)
Hash identifier:          PoxwFIHy8kdey2mlHnL1hmx4hhF1/GhCPxY1mv6kDWE=
Subject key identifier:   81:41:F6:6B:05:A2:BB:D1:AE:99:D6:56:9C:E0:35:1C:30:CE:63:46
Certificate issuer:       /CN=0AFDB7222B9EBA33A65E29BBE3F29D7C5F4B09B9
Certificate serial:       33536EED565BBD503FB62765117B3864F642F920
Authority key identifier: 0A:FD:B7:22:2B:9E:BA:33:A6:5E:29:BB:E3:F2:9D:7C:5F:4B:09:B9
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/4/0AFDB7222B9EBA33A65E29BBE3F29D7C5F4B09B9.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/3/326130373a353463313a663030303a3a2f33362d3438203d3e20323038343533.roa
Signing time:             Sat 05 Jul 2025 12:48:14 +0000
ROA not before:           Sat 05 Jul 2025 12:43:14 +0000
ROA not after:            Sat 04 Jul 2026 12:48:14 +0000
asID:                     208453
IP address blocks:        2a07:54c1:f000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/3/0AFDB7222B9EBA33A65E29BBE3F29D7C5F4B09B9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/3/0AFDB7222B9EBA33A65E29BBE3F29D7C5F4B09B9.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/4/0AFDB7222B9EBA33A65E29BBE3F29D7C5F4B09B9.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/4/6FF76AC421894FD5CCD6332FA2A9CF330312CEA8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/4/6FF76AC421894FD5CCD6332FA2A9CF330312CEA8.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/6FF76AC421894FD5CCD6332FA2A9CF330312CEA8.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 13:34:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:53:6e:ed:56:5b:bd:50:3f:b6:27:65:11:7b:38:64:f6:42:f9:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0AFDB7222B9EBA33A65E29BBE3F29D7C5F4B09B9
        Validity
            Not Before: Jul  5 12:43:14 2025 GMT
            Not After : Jul  4 12:48:14 2026 GMT
        Subject: CN=8141F66B05A2BBD1AE99D6569CE0351C30CE6346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:31:d0:80:fb:1e:4a:77:81:8a:9c:6e:2a:a8:
                    37:67:15:33:a9:5b:82:d4:19:9a:8a:4a:f6:c8:85:
                    5e:2a:f8:f3:e5:45:67:66:1a:15:5b:8b:71:32:4b:
                    73:0f:c4:a9:a6:5e:82:bd:cd:3e:65:e0:09:06:e1:
                    1d:ce:f1:bb:d9:18:8c:1d:04:2a:50:f1:f0:49:31:
                    8d:bf:8f:4b:e0:ad:4e:98:32:a6:a4:94:06:d8:d4:
                    2d:e8:ae:1d:74:ae:21:c9:a4:bf:22:d4:25:96:44:
                    de:b4:69:16:6e:ae:bc:07:11:db:91:07:c1:86:2b:
                    2e:cd:07:8c:08:a5:30:0e:59:4e:e6:4b:4d:18:82:
                    62:75:cc:7d:88:09:f5:42:b0:81:26:1b:94:fd:c1:
                    cb:9a:7d:56:b2:96:32:40:74:c7:9a:79:b5:16:f8:
                    e5:b4:dd:59:45:7c:6a:81:25:57:11:83:83:12:54:
                    f7:bd:3a:cd:4f:25:5a:69:e0:03:c0:0b:0a:b2:3a:
                    58:84:07:9f:ee:8e:70:5b:f2:e6:ac:ef:a8:3e:de:
                    f8:a1:69:87:e7:55:f5:28:6a:5b:f6:97:b4:2b:45:
                    95:c6:78:8f:d2:95:9d:71:b0:1b:19:7f:42:40:b9:
                    ef:ba:07:d6:45:61:6c:1c:3f:01:69:4c:43:51:0e:
                    d0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:41:F6:6B:05:A2:BB:D1:AE:99:D6:56:9C:E0:35:1C:30:CE:63:46
            X509v3 Authority Key Identifier:
                keyid:0A:FD:B7:22:2B:9E:BA:33:A6:5E:29:BB:E3:F2:9D:7C:5F:4B:09:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/3/0AFDB7222B9EBA33A65E29BBE3F29D7C5F4B09B9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/4/0AFDB7222B9EBA33A65E29BBE3F29D7C5F4B09B9.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/3/326130373a353463313a663030303a3a2f33362d3438203d3e20323038343533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:54c1:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         5e:96:fe:5b:cd:10:a9:8e:df:af:f1:3e:e9:3f:30:a8:3f:60:
         6b:95:79:92:ff:dc:48:32:2a:d7:4d:9f:2c:60:14:6b:b2:e3:
         e5:58:27:ae:41:55:79:10:72:6d:62:59:78:5a:90:c7:d9:a8:
         b3:f2:a3:bb:69:5a:f5:1a:3b:46:c2:8b:58:dc:3f:d2:bd:be:
         2f:b8:c1:fa:e5:bd:2a:25:b5:8d:b2:75:21:f3:95:58:26:2d:
         69:43:8b:3b:13:16:37:bb:4a:bf:e9:0c:15:cb:1f:d9:c7:b2:
         1b:e8:69:ef:b0:63:5a:0e:e1:c4:37:99:e8:9f:93:1c:93:12:
         1f:10:3c:97:46:b1:ca:a6:c3:93:b2:57:4f:11:10:83:5b:19:
         e3:00:22:fe:32:2c:35:3e:b6:b4:fd:f0:c1:e7:5d:a3:24:52:
         82:3f:38:f4:8a:1c:af:96:de:3b:d2:7d:cb:1d:ad:ef:7f:a1:
         ea:1c:dd:62:41:5b:ea:a7:ec:0b:39:ab:05:47:98:96:a2:8d:
         02:f2:f5:1b:c6:87:a5:2d:6a:f7:9b:da:70:4c:42:40:b1:34:
         03:fa:03:d4:0f:0e:5c:4e:e5:67:28:0e:5d:6e:56:08:f0:e3:
         82:9c:0d:15:f1:be:2c:09:43:ae:64:fb:8d:34:3e:b7:7b:e2:
         98:ac:7f:88
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIUM1Nu7VZbvVA/tidlEXs4ZPZC+SAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMEFGREI3MjIyQjlFQkEzM0E2NUUyOUJCRTNGMjlEN0M1
RjRCMDlCOTAeFw0yNTA3MDUxMjQzMTRaFw0yNjA3MDQxMjQ4MTRaMDMxMTAvBgNV
BAMTKDgxNDFGNjZCMDVBMkJCRDFBRTk5RDY1NjlDRTAzNTFDMzBDRTYzNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeMdCA+x5Kd4GKnG4qqDdnFTOp
W4LUGZqKSvbIhV4q+PPlRWdmGhVbi3EyS3MPxKmmXoK9zT5l4AkG4R3O8bvZGIwd
BCpQ8fBJMY2/j0vgrU6YMqaklAbY1C3orh10riHJpL8i1CWWRN60aRZurrwHEduR
B8GGKy7NB4wIpTAOWU7mS00YgmJ1zH2ICfVCsIEmG5T9wcuafVayljJAdMeaebUW
+OW03VlFfGqBJVcRg4MSVPe9Os1PJVpp4APACwqyOliEB5/ujnBb8uas76g+3vih
aYfnVfUoalv2l7QrRZXGeI/SlZ1xsBsZf0JAue+6B9ZFYWwcPwFpTENRDtDzAgMB
AAGjggKEMIICgDAdBgNVHQ4EFgQUgUH2awWiu9GumdZWnOA1HDDOY0YwHwYDVR0j
BBgwFoAUCv23IiueujOmXim74/KdfF9LCbkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE0NzZkNjItOWNmYS00ODcxLWEyZDktZmFkZjU3ODFj
MTFiLzMvMEFGREI3MjIyQjlFQkEzM0E2NUUyOUJCRTNGMjlEN0M1RjRCMDlCOS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9hYTAwNGJhMS00MTliLTRk
YjUtYmJkMy01Y2NhNjMzY2FlM2YvNC8wQUZEQjcyMjJCOUVCQTMzQTY1RTI5QkJF
M0YyOUQ3QzVGNEIwOUI5LmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS83MTQ3NmQ2Mi05Y2ZhLTQ4NzEtYTJkOS1mYWRmNTc4MWMxMWIvMy8zMjYxMzAz
NzNhMzUzNDYzMzEzYTY2MzAzMDMwM2EzYTJmMzMzNjJkMzQzODIwM2QzZTIwMzIz
MDM4MzQzNTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUF
BwEHAQH/BBIwEDAOBAIAAjAIAwYEKgdUwfAwDQYJKoZIhvcNAQELBQADggEBAF6W
/lvNEKmO36/xPuk/MKg/YGuVeZL/3EgyKtdNnyxgFGuy4+VYJ65BVXkQcm1iWXha
kMfZqLPyo7tpWvUaO0bCi1jcP9K9vi+4wfrlvSoltY2ydSHzlVgmLWlDizsTFje7
Sr/pDBXLH9nHshvoae+wY1oO4cQ3meifkxyTEh8QPJdGscqmw5OyV08REINbGeMA
Iv4yLDU+trT98MHnXaMkUoI/OPSKHK+W3jvSfcsdre9/oeoc3WJBW+qn7As5qwVH
mJaijQLy9RvGh6Utaveb2nBMQkCxNAP6A9QPDlxO5WcoDl1uVgjw44KcDRXxviwJ
Q65k+400Prd74pisf4g=
-----END CERTIFICATE-----
Generated at Thu Jul 24 03:51:44 2025 by rpki-client