Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a31313a3a2f34382d3438203d3e203530333931.roa
File:                     326131313a323963303a31313a3a2f34382d3438203d3e203530333931.roa (raw, json)
Hash identifier:          HXnnx/78awy8rs92lnj3bzsguD+zx3YS5m+ytkMudas=
Subject key identifier:   9C:08:0C:B7:52:0F:63:D8:10:28:B1:64:D9:F6:5C:7F:1B:52:4E:F0
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       6C6168A20E5D0BB8C2DC3B2F6A7CDFF44CFB5D73
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a31313a3a2f34382d3438203d3e203530333931.roa
Signing time:             Wed 19 Jun 2024 14:01:19 +0000
ROA not before:           Wed 19 Jun 2024 13:56:19 +0000
ROA not after:            Wed 18 Jun 2025 14:01:19 +0000
asID:                     50391
IP address blocks:        2a11:29c0:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:61:68:a2:0e:5d:0b:b8:c2:dc:3b:2f:6a:7c:df:f4:4c:fb:5d:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jun 19 13:56:19 2024 GMT
            Not After : Jun 18 14:01:19 2025 GMT
        Subject: CN=9C080CB7520F63D81028B164D9F65C7F1B524EF0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:bc:41:1c:d2:09:3e:88:bc:7c:39:24:cf:21:
                    15:d0:fc:48:24:d5:b9:c7:d3:05:54:86:ea:64:29:
                    cc:e9:61:12:30:73:54:a5:dd:40:9a:68:a7:51:52:
                    de:10:ae:39:a9:cb:cd:c8:d1:8c:48:0c:e0:94:b5:
                    63:0f:36:cd:8c:2d:13:db:29:5c:3a:51:ab:f1:33:
                    f5:9c:6d:fd:7a:c0:29:a8:8d:45:f8:86:96:40:11:
                    6f:8b:68:41:f3:b6:62:87:f9:d0:ea:39:5d:63:02:
                    40:d7:60:12:2d:95:ce:f1:e9:c2:b0:9e:42:1c:dd:
                    43:34:41:98:f2:a6:a4:b8:92:53:5c:25:46:66:f8:
                    48:aa:bb:bc:2c:c1:24:c4:74:0b:06:db:37:fd:30:
                    a2:b3:e1:cc:6d:b9:78:b4:80:7f:82:87:e3:f2:59:
                    a5:f7:93:17:0d:1a:ae:0d:5a:b7:6e:30:05:7d:52:
                    04:66:c8:c0:30:2a:2f:39:2a:ce:9b:c8:e7:ad:ac:
                    6b:79:fc:3e:4c:a5:b4:14:29:31:54:e7:c9:53:79:
                    24:62:1d:db:d6:9a:be:75:67:8b:f2:29:6e:01:f7:
                    bc:48:65:3b:b1:09:51:52:f2:9f:fe:be:43:1b:7b:
                    6b:5c:8d:9e:19:db:31:4e:88:ac:3a:57:10:06:91:
                    92:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:08:0C:B7:52:0F:63:D8:10:28:B1:64:D9:F6:5C:7F:1B:52:4E:F0
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a31313a3a2f34382d3438203d3e203530333931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:f4:47:71:ff:4f:f3:db:83:bd:91:2b:37:29:3d:7c:19:60:
         cf:4b:48:22:65:0e:92:ce:08:b0:14:4b:73:60:dc:e5:1b:2d:
         35:8f:b8:0f:a6:4c:14:21:7b:74:f7:30:c0:e3:24:19:80:c9:
         d8:e2:66:9c:80:17:28:17:ae:e5:79:96:98:a4:b4:83:50:f6:
         0c:be:02:a8:ea:47:e0:14:54:93:5b:97:b3:e2:2c:7f:90:c1:
         20:ae:91:39:12:a0:4a:61:c1:33:01:96:52:c0:54:8a:74:ce:
         38:86:be:19:f3:db:cb:25:42:76:a5:fd:2a:e6:6a:70:8c:85:
         f8:75:6b:24:b6:f5:76:46:c3:55:53:ae:13:b9:16:fd:8c:da:
         87:45:f8:b6:49:f0:cd:9d:c4:6d:46:f9:b3:d5:8f:30:16:85:
         28:73:e7:c2:d8:c2:11:62:e6:d0:0b:f7:0f:7b:1f:cf:4b:50:
         09:56:84:dd:d2:37:93:39:61:56:8e:b7:2a:6d:d3:8c:d8:28:
         bc:85:be:d1:3e:aa:bf:82:b5:09:47:81:ce:a0:9c:2b:b0:be:
         40:2f:d0:ee:9e:62:81:92:13:23:51:c0:c9:71:ef:6a:ca:cd:
         dd:f9:31:a1:19:07:be:df:5f:84:d3:70:36:3c:c4:1d:06:da:
         e3:d5:40:74
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUbGFoog5dC7jC3Dsvanzf9Ez7XXMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDA2MTkxMzU2MTlaFw0yNTA2MTgxNDAxMTlaMDMxMTAvBgNV
BAMTKDlDMDgwQ0I3NTIwRjYzRDgxMDI4QjE2NEQ5RjY1QzdGMUI1MjRFRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDivEEc0gk+iLx8OSTPIRXQ/Egk
1bnH0wVUhupkKczpYRIwc1Sl3UCaaKdRUt4Qrjmpy83I0YxIDOCUtWMPNs2MLRPb
KVw6UavxM/Wcbf16wCmojUX4hpZAEW+LaEHztmKH+dDqOV1jAkDXYBItlc7x6cKw
nkIc3UM0QZjypqS4klNcJUZm+Eiqu7wswSTEdAsG2zf9MKKz4cxtuXi0gH+Ch+Py
WaX3kxcNGq4NWrduMAV9UgRmyMAwKi85Ks6byOetrGt5/D5MpbQUKTFU58lTeSRi
HdvWmr51Z4vyKW4B97xIZTuxCVFS8p/+vkMbe2tcjZ4Z2zFOiKw6VxAGkZJJAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUnAgMt1IPY9gQKLFk2fZcfxtSTvAwHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzMTMxM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzUzMDMzMzkzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACoRKcAAETANBgkqhkiG9w0BAQsFAAOCAQEARPRHcf9P89uDvZErNyk9fBlg
z0tIImUOks4IsBRLc2Dc5RstNY+4D6ZMFCF7dPcwwOMkGYDJ2OJmnIAXKBeu5XmW
mKS0g1D2DL4CqOpH4BRUk1uXs+Isf5DBIK6RORKgSmHBMwGWUsBUinTOOIa+GfPb
yyVCdqX9KuZqcIyF+HVrJLb1dkbDVVOuE7kW/Yzah0X4tknwzZ3EbUb5s9WPMBaF
KHPnwtjCEWLm0Av3D3sfz0tQCVaE3dI3kzlhVo63Km3TjNgovIW+0T6qv4K1CUeB
zqCcK7C+QC/Q7p5igZITI1HAyXHvasrN3fkxoRkHvt9fhNNwNjzEHQba49VAdA==
-----END CERTIFICATE-----
Generated at Tue Jun 25 21:57:50 2024 by rpki-client on console-fra.rpki-client.org