Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32393a3a2f34382d3438203d3e20323136303732.roa
File:                     326131313a323963303a32393a3a2f34382d3438203d3e20323136303732.roa (raw, json)
Hash identifier:          jEnuCfPh6xArQGV9sfeF6/t5YtkGwcizwucYuiRCSv4=
Subject key identifier:   19:28:FE:70:58:33:EC:BF:96:39:4A:3A:20:64:9F:24:FF:3A:34:3E
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       61F33A5E12381BDA3791568E8112DCD990DDD732
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32393a3a2f34382d3438203d3e20323136303732.roa
Signing time:             Tue 31 Oct 2023 14:31:37 +0000
ROA not before:           Tue 31 Oct 2023 14:26:37 +0000
ROA not after:            Tue 29 Oct 2024 14:31:37 +0000
asID:                     216072
IP address blocks:        2a11:29c0:29::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:f3:3a:5e:12:38:1b:da:37:91:56:8e:81:12:dc:d9:90:dd:d7:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Oct 31 14:26:37 2023 GMT
            Not After : Oct 29 14:31:37 2024 GMT
        Subject: CN=1928FE705833ECBF96394A3A20649F24FF3A343E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:94:d4:5f:5d:b8:d5:7d:30:d0:8d:3b:40:e1:
                    97:26:b7:1e:9c:f1:69:d5:85:51:e2:9b:5c:6e:22:
                    92:cc:85:e8:a4:4b:95:15:ee:d2:ec:db:4b:21:19:
                    17:3a:c3:95:2a:70:1c:80:a5:74:7d:a5:98:af:b2:
                    bb:0a:73:bc:af:bc:d1:90:6c:e5:f1:6e:a8:94:77:
                    04:4a:45:19:a8:f9:a4:a3:8d:a9:b6:68:67:ab:cd:
                    47:01:1b:a3:92:07:23:e0:23:db:99:de:71:56:fa:
                    6b:17:ec:8a:90:53:de:e5:14:1c:0c:d3:60:75:f0:
                    de:15:b1:60:dc:ba:8a:d6:5b:25:b3:2d:1e:d0:c8:
                    7d:6a:e8:7a:cc:97:45:d5:a5:10:29:42:ea:36:73:
                    e4:6c:dd:a9:06:91:00:13:e5:f5:ec:43:26:6c:3a:
                    2e:d7:57:d9:f3:8e:ad:4c:c9:49:0d:9b:64:c5:5f:
                    0e:79:b8:50:63:13:16:74:ef:eb:3f:b9:94:0c:e6:
                    c6:c7:a3:ab:32:2c:34:53:4a:b8:44:78:80:9a:ae:
                    91:c2:61:e0:28:44:bd:9f:03:23:99:5a:2b:52:e8:
                    bf:18:c8:82:0a:ba:4a:e5:20:82:3b:93:a5:da:94:
                    f6:ec:8f:4d:da:3d:cc:9d:54:50:2e:66:68:e9:e6:
                    c9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:28:FE:70:58:33:EC:BF:96:39:4A:3A:20:64:9F:24:FF:3A:34:3E
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32393a3a2f34382d3438203d3e20323136303732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:29::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:7e:bf:67:3c:c5:65:bd:9d:86:5a:b5:06:7d:90:7c:4d:da:
         1a:86:91:c0:1d:c9:90:6a:e3:c0:1c:51:fd:62:77:45:89:6e:
         2e:c5:c5:5e:ef:45:10:59:fe:8b:47:2a:40:3a:fb:84:3e:2b:
         ad:c3:d0:cd:9f:87:3a:bd:93:04:3c:13:57:fa:83:18:58:82:
         e5:e9:c2:9a:44:78:38:a2:d1:ff:77:ce:a0:07:cd:9d:0b:cc:
         65:c8:b8:85:54:b6:5e:ec:8d:5f:94:b0:3e:d9:61:20:0c:b9:
         2a:e9:72:f4:88:10:3d:b4:af:67:b1:ad:34:f3:85:33:d4:ac:
         6a:f7:31:30:24:60:92:90:0d:31:7e:8c:5e:10:e8:a6:4e:5d:
         ee:ea:7b:76:06:fd:9d:49:2f:b3:97:af:8b:a7:44:8f:49:75:
         06:04:33:7d:d5:e8:7d:27:c7:4f:6e:78:d1:20:bb:fa:ea:ec:
         79:1f:44:b3:a2:69:06:7e:f9:bc:d7:07:06:64:e5:a3:53:0a:
         20:c3:73:33:97:13:3c:5d:72:68:ab:21:d0:2a:89:9f:34:96:
         f9:f3:a0:e5:bf:99:c7:5d:e8:84:a5:21:28:83:a4:d6:03:17:
         29:7f:b7:bd:4c:2b:28:a8:30:19:73:3e:e1:20:79:8d:8c:79:
         a8:28:e1:52
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUYfM6XhI4G9o3kVaOgRLc2ZDd1zIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yMzEwMzExNDI2MzdaFw0yNDEwMjkxNDMxMzdaMDMxMTAvBgNV
BAMTKDE5MjhGRTcwNTgzM0VDQkY5NjM5NEEzQTIwNjQ5RjI0RkYzQTM0M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvlNRfXbjVfTDQjTtA4Zcmtx6c
8WnVhVHim1xuIpLMheikS5UV7tLs20shGRc6w5UqcByApXR9pZivsrsKc7yvvNGQ
bOXxbqiUdwRKRRmo+aSjjam2aGerzUcBG6OSByPgI9uZ3nFW+msX7IqQU97lFBwM
02B18N4VsWDcuorWWyWzLR7QyH1q6HrMl0XVpRApQuo2c+Rs3akGkQAT5fXsQyZs
Oi7XV9nzjq1MyUkNm2TFXw55uFBjExZ07+s/uZQM5sbHo6syLDRTSrhEeICarpHC
YeAoRL2fAyOZWitS6L8YyIIKukrlIII7k6XalPbsj03aPcydVFAuZmjp5skfAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUGSj+cFgz7L+WOUo6IGSfJP86ND4wHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzMjM5M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTM2MzAzNzMyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKhEpwAApMA0GCSqGSIb3DQEBCwUAA4IBAQB8fr9nPMVlvZ2GWrUGfZB8
TdoahpHAHcmQauPAHFH9YndFiW4uxcVe70UQWf6LRypAOvuEPiutw9DNn4c6vZME
PBNX+oMYWILl6cKaRHg4otH/d86gB82dC8xlyLiFVLZe7I1flLA+2WEgDLkq6XL0
iBA9tK9nsa0084Uz1Kxq9zEwJGCSkA0xfoxeEOimTl3u6nt2Bv2dSS+zl6+Lp0SP
SXUGBDN91eh9J8dPbnjRILv66ux5H0SzomkGfvm81wcGZOWjUwogw3MzlxM8XXJo
qyHQKomfNJb586Dlv5nHXeiEpSEog6TWAxcpf7e9TCsoqDAZcz7hIHmNjHmoKOFS
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:59:01 2024 by rpki-client on console-fra.rpki-client.org