Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32303a3a2f34382d3438203d3e20323130393835.roa
File:                     326131313a323963303a32303a3a2f34382d3438203d3e20323130393835.roa (raw, json)
Hash identifier:          DwkTPsDR7MWM+GM7xO4qthkVFbjg+yjh+71AzpRE+Os=
Subject key identifier:   7C:7A:D6:2E:A3:0B:13:55:FE:37:90:3F:EB:8D:B9:5B:99:5D:48:3D
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       4018255F6A74513B899C567FA8D8D09A819F1C0B
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32303a3a2f34382d3438203d3e20323130393835.roa
Signing time:             Wed 19 Jul 2023 13:30:27 +0000
ROA not before:           Wed 19 Jul 2023 13:25:27 +0000
ROA not after:            Wed 17 Jul 2024 13:30:27 +0000
asID:                     210985
IP address blocks:        2a11:29c0:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:18:25:5f:6a:74:51:3b:89:9c:56:7f:a8:d8:d0:9a:81:9f:1c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jul 19 13:25:27 2023 GMT
            Not After : Jul 17 13:30:27 2024 GMT
        Subject: CN=7C7AD62EA30B1355FE37903FEB8DB95B995D483D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b2:a1:a0:56:89:7c:ad:50:e7:d9:3d:aa:83:
                    b5:b1:bf:7c:08:0d:cf:d8:c5:ef:26:34:3e:e3:d6:
                    c2:26:c0:cd:67:84:70:f7:e0:8c:80:a4:b9:77:70:
                    98:6b:34:24:16:8c:6a:a4:c4:21:f8:6b:f7:f2:c4:
                    68:2a:2a:39:57:8b:e0:2f:22:96:46:5c:08:8b:45:
                    92:68:27:17:02:0e:84:64:b5:8d:96:a8:ee:10:1a:
                    12:5c:20:bb:41:d0:3d:55:cf:d8:da:74:ff:ac:2e:
                    aa:0f:7f:c5:93:98:aa:0a:cc:1e:83:4e:ca:c3:b2:
                    93:e7:42:12:f5:28:9b:c5:41:29:b9:63:03:15:2c:
                    78:39:48:15:0c:c4:97:86:8a:fc:14:56:08:0a:05:
                    3d:4e:89:16:36:7d:0d:cf:6c:f7:21:76:3f:e3:5f:
                    d0:75:ba:6d:cf:60:3b:b5:a6:02:db:9f:3f:54:e2:
                    6e:0d:ec:55:4d:04:12:d0:de:99:31:0b:2d:19:6b:
                    76:86:6f:2a:c7:98:60:f6:dc:03:de:f3:91:8d:37:
                    88:92:7a:16:78:90:fc:6c:51:8b:65:ef:20:fa:dd:
                    2e:13:19:be:ad:09:58:67:30:9d:fa:95:3a:05:6b:
                    da:cd:44:23:a8:d3:52:c3:c1:84:00:dc:64:cb:bd:
                    f6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7A:D6:2E:A3:0B:13:55:FE:37:90:3F:EB:8D:B9:5B:99:5D:48:3D
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32303a3a2f34382d3438203d3e20323130393835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:ae:fc:1a:84:b1:71:b4:a2:d3:6b:4c:46:9b:3b:c4:de:9d:
         7d:1a:80:2f:58:dc:b9:3d:7a:0f:2b:8c:28:e0:6d:da:37:3f:
         a6:75:f2:e2:44:1c:ea:f2:9e:20:44:32:95:44:b9:6b:bf:4a:
         5a:fb:41:13:85:de:9d:ac:b3:ef:5e:c0:45:14:47:22:9a:1f:
         98:ca:50:b6:fc:a9:4e:61:10:86:5b:50:b9:80:12:d5:f4:c9:
         b4:de:a9:04:b8:c6:89:40:5e:d4:b4:0c:7c:67:70:52:2c:e0:
         95:30:61:b8:19:66:d3:92:f1:40:a1:26:ab:b6:c9:57:44:78:
         e0:54:f5:6f:fc:d9:92:06:8b:10:87:da:2a:24:01:7e:1d:9b:
         1e:22:13:de:c0:93:e4:01:6c:7f:2b:ea:4b:fe:55:ab:06:e3:
         d1:c8:e3:a5:82:90:9e:3a:54:51:f2:1d:7b:84:28:4e:76:d2:
         b4:a3:29:87:d3:b3:e4:3a:7e:dc:c1:7c:df:cf:5a:ca:98:c0:
         36:09:05:9e:cc:a1:21:f4:ab:27:ab:97:0a:6c:7b:e4:1e:af:
         b9:7b:9d:e0:c4:6e:d0:10:13:f6:52:4b:14:e9:eb:ec:4d:c9:
         01:37:3b:03:27:38:26:f4:bb:77:5d:40:5d:1d:32:f8:bd:91:
         dd:1c:d3:3c
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUQBglX2p0UTuJnFZ/qNjQmoGfHAswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yMzA3MTkxMzI1MjdaFw0yNDA3MTcxMzMwMjdaMDMxMTAvBgNV
BAMTKDdDN0FENjJFQTMwQjEzNTVGRTM3OTAzRkVCOERCOTVCOTk1RDQ4M0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3sqGgVol8rVDn2T2qg7Wxv3wI
Dc/Yxe8mND7j1sImwM1nhHD34IyApLl3cJhrNCQWjGqkxCH4a/fyxGgqKjlXi+Av
IpZGXAiLRZJoJxcCDoRktY2WqO4QGhJcILtB0D1Vz9jadP+sLqoPf8WTmKoKzB6D
TsrDspPnQhL1KJvFQSm5YwMVLHg5SBUMxJeGivwUVggKBT1OiRY2fQ3PbPchdj/j
X9B1um3PYDu1pgLbnz9U4m4N7FVNBBLQ3pkxCy0Za3aGbyrHmGD23APe85GNN4iS
ehZ4kPxsUYtl7yD63S4TGb6tCVhnMJ36lToFa9rNRCOo01LDwYQA3GTLvfbTAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUfHrWLqMLE1X+N5A/6425W5ldSD0wHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzMjMwM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTMwMzkzODM1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKhEpwAAgMA0GCSqGSIb3DQEBCwUAA4IBAQCqrvwahLFxtKLTa0xGmzvE
3p19GoAvWNy5PXoPK4wo4G3aNz+mdfLiRBzq8p4gRDKVRLlrv0pa+0EThd6drLPv
XsBFFEcimh+YylC2/KlOYRCGW1C5gBLV9Mm03qkEuMaJQF7UtAx8Z3BSLOCVMGG4
GWbTkvFAoSartslXRHjgVPVv/NmSBosQh9oqJAF+HZseIhPewJPkAWx/K+pL/lWr
BuPRyOOlgpCeOlRR8h17hChOdtK0oymH07PkOn7cwXzfz1rKmMA2CQWezKEh9Ksn
q5cKbHvkHq+5e53gxG7QEBP2UksU6evsTckBNzsDJzgm9Lt3XUBdHTL4vZHdHNM8
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:59:01 2024 by rpki-client on console-fra.rpki-client.org