Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a31303a3a2f34382d3438203d3e203530333931.roa
File:                     326131313a323963303a31303a3a2f34382d3438203d3e203530333931.roa (raw, json)
Hash identifier:          6LRoBKPpt7GgJlkBxrNmFbvS0fsdhmEaLNMGgb2KuQI=
Subject key identifier:   FF:1B:E2:B9:4A:77:31:7F:97:FB:92:FF:1A:E1:05:21:F6:03:65:EE
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       50EF7102A123441C77D93FF4D796D805937E6D0D
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a31303a3a2f34382d3438203d3e203530333931.roa
Signing time:             Wed 19 Jun 2024 14:01:15 +0000
ROA not before:           Wed 19 Jun 2024 13:56:15 +0000
ROA not after:            Wed 18 Jun 2025 14:01:15 +0000
asID:                     50391
IP address blocks:        2a11:29c0:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:ef:71:02:a1:23:44:1c:77:d9:3f:f4:d7:96:d8:05:93:7e:6d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jun 19 13:56:15 2024 GMT
            Not After : Jun 18 14:01:15 2025 GMT
        Subject: CN=FF1BE2B94A77317F97FB92FF1AE10521F60365EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:92:66:02:96:3b:2b:81:ec:6a:e0:fd:28:9b:
                    b1:f3:54:ed:6c:cc:0c:aa:c3:51:64:c7:ce:d7:37:
                    cf:09:66:84:49:9e:f6:81:de:f6:9e:58:cd:2a:b8:
                    25:09:48:08:22:be:59:13:c6:fb:4d:0f:f2:fb:e4:
                    b6:b2:f2:40:c6:be:3f:5b:f7:46:0f:a5:19:95:11:
                    8e:29:3b:f5:ee:11:03:4c:3e:42:57:91:33:2e:4f:
                    71:83:c0:8d:e2:24:66:c0:1c:ba:31:ce:09:6d:87:
                    22:27:9d:3f:d7:a4:fc:9d:63:9a:ff:16:f4:4f:ee:
                    1e:2d:a1:38:99:2f:d4:26:2c:10:7a:d7:32:e8:19:
                    19:5f:b7:b7:08:2c:c7:b9:59:38:88:73:c2:6e:e0:
                    e6:1a:e1:33:18:88:0d:ac:43:62:4c:87:62:dd:cf:
                    c9:e9:ad:c4:44:9c:67:82:4b:bd:f4:7a:c1:f6:f7:
                    54:af:82:87:43:a9:95:82:c3:93:eb:0c:fd:41:a4:
                    02:be:9a:0c:78:4e:02:15:58:2b:39:bf:7e:73:25:
                    f6:67:b1:f8:59:25:5c:0b:7b:b0:63:58:fb:c1:8f:
                    20:93:35:58:8b:71:00:d5:8f:09:18:30:07:5c:ad:
                    77:34:a8:ea:da:31:a1:a0:bd:82:f2:e2:15:b7:57:
                    b8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:1B:E2:B9:4A:77:31:7F:97:FB:92:FF:1A:E1:05:21:F6:03:65:EE
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a31303a3a2f34382d3438203d3e203530333931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:e0:13:66:cc:b6:c0:05:a5:14:3b:e7:3e:56:06:61:a5:00:
         72:3b:18:3b:c3:c2:2a:47:51:09:f5:78:85:06:d5:a6:a2:99:
         a3:19:23:c8:8f:e0:8f:52:ee:db:98:5b:01:b6:53:89:ae:66:
         41:44:8d:3c:eb:c2:e5:23:52:53:1a:b1:a3:d0:b2:d8:54:a1:
         73:a7:c3:ef:74:ac:72:72:d3:ae:84:ca:d2:49:d0:d4:86:66:
         d1:d4:44:55:58:cf:d4:5b:0e:56:33:a5:ca:75:65:6e:19:74:
         82:81:dd:f2:ea:c6:c1:18:d7:e7:cf:d1:12:e2:de:d4:a8:41:
         d4:f5:e8:b6:2d:a5:66:98:a6:75:d5:ad:af:14:0b:5d:2f:53:
         3c:4c:dd:ac:53:aa:0c:fe:b7:7b:62:85:c2:8f:c1:50:6f:8d:
         a1:4e:93:da:ae:b8:84:73:d5:62:8b:df:34:9b:16:cd:4e:da:
         ae:9c:62:a4:6a:94:7e:a5:74:57:ed:d8:a7:a2:38:10:74:b6:
         f4:f4:35:54:da:20:79:ab:23:5c:8a:31:f4:c1:69:f8:4a:c0:
         35:98:3a:90:80:dc:20:46:44:6d:bf:96:4e:29:ea:7d:c5:2b:
         bb:27:47:19:28:5f:aa:d5:eb:62:ee:16:db:b6:ea:40:ca:6d:
         c8:8e:dc:79
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUUO9xAqEjRBx32T/015bYBZN+bQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDA2MTkxMzU2MTVaFw0yNTA2MTgxNDAxMTVaMDMxMTAvBgNV
BAMTKEZGMUJFMkI5NEE3NzMxN0Y5N0ZCOTJGRjFBRTEwNTIxRjYwMzY1RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3kmYCljsrgexq4P0om7HzVO1s
zAyqw1Fkx87XN88JZoRJnvaB3vaeWM0quCUJSAgivlkTxvtND/L75Lay8kDGvj9b
90YPpRmVEY4pO/XuEQNMPkJXkTMuT3GDwI3iJGbAHLoxzglthyInnT/XpPydY5r/
FvRP7h4toTiZL9QmLBB61zLoGRlft7cILMe5WTiIc8Ju4OYa4TMYiA2sQ2JMh2Ld
z8nprcREnGeCS730esH291SvgodDqZWCw5PrDP1BpAK+mgx4TgIVWCs5v35zJfZn
sfhZJVwLe7BjWPvBjyCTNViLcQDVjwkYMAdcrXc0qOraMaGgvYLy4hW3V7g5AgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQU/xviuUp3MX+X+5L/GuEFIfYDZe4wHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzMTMwM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzUzMDMzMzkzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACoRKcAAEDANBgkqhkiG9w0BAQsFAAOCAQEAj+ATZsy2wAWlFDvnPlYGYaUA
cjsYO8PCKkdRCfV4hQbVpqKZoxkjyI/gj1Lu25hbAbZTia5mQUSNPOvC5SNSUxqx
o9Cy2FShc6fD73SscnLTroTK0knQ1IZm0dREVVjP1FsOVjOlynVlbhl0goHd8urG
wRjX58/REuLe1KhB1PXoti2lZpimddWtrxQLXS9TPEzdrFOqDP63e2KFwo/BUG+N
oU6T2q64hHPVYovfNJsWzU7arpxipGqUfqV0V+3Yp6I4EHS29PQ1VNogeasjXIox
9MFp+ErANZg6kIDcIEZEbb+WTinqfcUruydHGShfqtXrYu4W27bqQMptyI7ceQ==
-----END CERTIFICATE-----
Generated at Tue Jun 25 20:25:27 2024 by rpki-client on console-ams.rpki-client.org