Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32303a3a2f34382d3438203d3e20323130393835.roa
File:                     326131313a323963303a32303a3a2f34382d3438203d3e20323130393835.roa (raw, json)
Hash identifier:          GsywPPzuGbpytrvINEvQOQlb6L3bBp8N0ZOcbrXAFLE=
Subject key identifier:   87:FC:07:89:B3:AC:29:B5:A3:E8:FF:E3:5F:89:75:52:D1:E0:3D:1C
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       1DFE3D0E1296AB9665D78E968A6C754DE7F1FED9
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32303a3a2f34382d3438203d3e20323130393835.roa
Signing time:             Wed 19 Jun 2024 14:01:16 +0000
ROA not before:           Wed 19 Jun 2024 13:56:16 +0000
ROA not after:            Wed 18 Jun 2025 14:01:16 +0000
asID:                     210985
IP address blocks:        2a11:29c0:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:fe:3d:0e:12:96:ab:96:65:d7:8e:96:8a:6c:75:4d:e7:f1:fe:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jun 19 13:56:16 2024 GMT
            Not After : Jun 18 14:01:16 2025 GMT
        Subject: CN=87FC0789B3AC29B5A3E8FFE35F897552D1E03D1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:97:cb:90:49:51:c3:06:66:16:7d:8e:60:66:
                    71:2f:3e:11:18:ec:5f:95:71:32:48:ef:54:a2:54:
                    74:e0:ef:26:d9:26:b7:54:35:54:5f:2e:ce:96:44:
                    98:d0:89:5e:2b:57:06:01:66:a9:0f:26:f9:4d:43:
                    0e:df:ce:c5:db:cd:cc:99:19:74:78:80:fa:e0:cd:
                    cc:f7:7e:e1:3f:6b:d4:5e:c2:d0:73:2c:6f:b0:8a:
                    44:27:42:e9:b5:d4:73:5f:63:98:09:39:e5:7c:11:
                    7c:c5:b0:b4:df:a8:f9:a3:d1:83:d3:9d:dd:b6:02:
                    8f:36:35:1f:71:41:d6:d2:8c:03:40:2f:05:36:d5:
                    1f:67:b4:97:28:13:1c:8e:11:df:2b:87:0d:af:6d:
                    ea:0b:94:01:64:c7:ce:23:7c:5f:8b:9e:57:23:4b:
                    8b:8c:39:a1:a5:f1:4b:06:4b:9c:66:6e:bc:17:e9:
                    2a:d5:43:65:d9:c2:79:21:27:e6:ef:8b:28:72:57:
                    7d:22:74:b1:33:50:46:3e:94:ea:1b:3d:41:2a:14:
                    c3:ac:e4:7c:64:8f:14:b2:f7:54:a7:49:49:88:be:
                    76:90:db:0d:f2:43:f9:9a:8a:4e:33:e8:30:c9:35:
                    8b:ab:ff:21:e6:fc:e3:29:10:b8:a1:a8:9b:98:5c:
                    4c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:FC:07:89:B3:AC:29:B5:A3:E8:FF:E3:5F:89:75:52:D1:E0:3D:1C
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32303a3a2f34382d3438203d3e20323130393835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:98:8e:f0:8e:f6:c0:4e:d2:42:59:1d:d1:61:30:25:43:c7:
         68:10:7e:cb:b0:9f:46:d4:a6:b3:71:b0:bd:44:a1:19:60:16:
         cd:93:7b:de:51:89:d5:a2:51:a2:d5:a2:58:15:0b:a1:b5:9f:
         42:21:61:3f:16:dd:40:6f:a8:dc:2a:49:6c:3c:e2:33:1b:52:
         77:a9:75:b3:3a:d6:64:8f:4e:4a:cd:0a:20:22:b3:73:7b:03:
         d9:ea:81:f6:98:ca:95:3a:07:0b:25:e7:1b:08:6f:08:b9:f5:
         b9:a4:2d:7d:f1:50:a4:69:fe:2a:a7:ec:1b:ed:fe:a8:a5:e6:
         2c:90:f1:0b:67:4f:08:3c:b8:43:34:73:01:ff:58:b0:50:a8:
         a2:81:53:45:e0:bf:32:05:2f:97:89:19:b5:92:02:31:3c:40:
         29:a5:05:86:35:8e:d0:59:f0:b2:ed:30:00:72:eb:2d:af:94:
         b4:ff:a6:9b:73:a0:e5:fb:64:3e:ce:ad:9e:53:31:8e:33:92:
         52:90:83:14:77:b2:0c:17:d8:c8:1a:13:aa:bc:83:d4:e2:b7:
         13:73:26:09:40:c9:2f:49:b6:87:11:e7:70:33:bb:0d:04:6e:
         21:e0:fc:65:5f:33:cf:03:ec:b4:b3:1b:b1:a2:73:bb:ae:f0:
         b1:e9:1e:8e
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUHf49DhKWq5Zl146Wimx1Tefx/tkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDA2MTkxMzU2MTZaFw0yNTA2MTgxNDAxMTZaMDMxMTAvBgNV
BAMTKDg3RkMwNzg5QjNBQzI5QjVBM0U4RkZFMzVGODk3NTUyRDFFMDNEMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7l8uQSVHDBmYWfY5gZnEvPhEY
7F+VcTJI71SiVHTg7ybZJrdUNVRfLs6WRJjQiV4rVwYBZqkPJvlNQw7fzsXbzcyZ
GXR4gPrgzcz3fuE/a9RewtBzLG+wikQnQum11HNfY5gJOeV8EXzFsLTfqPmj0YPT
nd22Ao82NR9xQdbSjANALwU21R9ntJcoExyOEd8rhw2vbeoLlAFkx84jfF+Lnlcj
S4uMOaGl8UsGS5xmbrwX6SrVQ2XZwnkhJ+bviyhyV30idLEzUEY+lOobPUEqFMOs
5HxkjxSy91SnSUmIvnaQ2w3yQ/maik4z6DDJNYur/yHm/OMpELihqJuYXEyFAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUh/wHibOsKbWj6P/jX4l1UtHgPRwwHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzMjMwM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTMwMzkzODM1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKhEpwAAgMA0GCSqGSIb3DQEBCwUAA4IBAQBDmI7wjvbATtJCWR3RYTAl
Q8doEH7LsJ9G1KazcbC9RKEZYBbNk3veUYnVolGi1aJYFQuhtZ9CIWE/Ft1Ab6jc
KklsPOIzG1J3qXWzOtZkj05KzQogIrNzewPZ6oH2mMqVOgcLJecbCG8IufW5pC19
8VCkaf4qp+wb7f6opeYskPELZ08IPLhDNHMB/1iwUKiigVNF4L8yBS+XiRm1kgIx
PEAppQWGNY7QWfCy7TAAcustr5S0/6abc6Dl+2Q+zq2eUzGOM5JSkIMUd7IMF9jI
GhOqvIPU4rcTcyYJQMkvSbaHEedwM7sNBG4h4PxlXzPPA+y0sxuxonO7rvCx6R6O
-----END CERTIFICATE-----
Generated at Tue Jun 25 21:57:50 2024 by rpki-client on console-fra.rpki-client.org