Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32653a3a2f34382d3438203d3e20323135393837.roa
File:                     326131313a323963303a32653a3a2f34382d3438203d3e20323135393837.roa (raw, json)
Hash identifier:          Uh/NuGMrhaPr/eZJGVZuWblOzZn/cfulwINNNj9RChU=
Subject key identifier:   D8:07:F0:62:5C:0A:08:00:A8:42:00:7D:85:BA:7C:92:38:97:46:89
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       3C0DBB205FC455F7C40C1710FD5C2EC32C4D67EC
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32653a3a2f34382d3438203d3e20323135393837.roa
Signing time:             Sun 06 Jul 2025 21:05:57 +0000
ROA not before:           Sun 06 Jul 2025 21:00:57 +0000
ROA not after:            Sun 05 Jul 2026 21:05:57 +0000
asID:                     215987
IP address blocks:        2a11:29c0:2e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 07:51:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:0d:bb:20:5f:c4:55:f7:c4:0c:17:10:fd:5c:2e:c3:2c:4d:67:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jul  6 21:00:57 2025 GMT
            Not After : Jul  5 21:05:57 2026 GMT
        Subject: CN=D807F0625C0A0800A842007D85BA7C9238974689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:51:9b:0b:c0:28:3b:30:1a:28:d5:c7:78:9a:
                    a3:bd:06:81:09:a0:f0:42:5c:e5:cd:c6:64:4e:75:
                    23:1e:e7:bb:89:d0:3f:15:de:ff:c7:19:f9:01:cb:
                    3a:5c:d2:23:8d:dd:19:6c:ef:5b:a4:74:4b:cc:dc:
                    98:bb:02:01:cc:13:fd:a6:b0:02:96:af:a5:f0:25:
                    f1:a4:d3:4f:f6:7d:25:5b:03:1b:ec:e5:0e:a9:c0:
                    50:16:b0:e6:94:a2:13:63:16:b8:d5:69:21:3b:52:
                    31:e4:30:56:3e:3b:3f:47:79:48:53:75:09:17:9e:
                    84:57:69:17:a6:f2:56:75:4f:81:a8:8e:e2:9a:d4:
                    a1:0e:29:5c:06:a2:1d:b2:0a:ab:a2:05:7b:a7:6d:
                    13:5c:5f:eb:82:ba:09:05:7e:19:94:4e:23:ad:8d:
                    c5:a6:18:6f:bd:6d:66:bb:94:de:a3:3c:3b:ff:e5:
                    1c:4c:9a:28:90:60:d6:f5:6c:ba:63:68:88:18:06:
                    c9:15:4c:a1:f8:7f:c2:1d:5e:46:0b:74:cc:24:00:
                    f9:3c:a8:8b:50:d7:00:e1:3d:fc:fc:d3:24:ce:c4:
                    0c:ae:ec:9e:de:07:e7:21:67:a3:24:6e:85:df:06:
                    07:b2:f0:f0:28:dc:6d:ed:f0:06:22:11:9c:b5:ac:
                    55:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:07:F0:62:5C:0A:08:00:A8:42:00:7D:85:BA:7C:92:38:97:46:89
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a32653a3a2f34382d3438203d3e20323135393837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:2e::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:0c:36:e4:fe:e5:a2:c5:61:1f:0c:5f:fe:ee:58:30:94:21:
         83:1c:c8:55:87:16:c5:e7:37:50:b8:f9:6c:68:c9:5e:a0:e7:
         9f:78:64:f3:95:be:b1:46:67:c4:ed:df:d5:e1:48:9c:20:fc:
         37:82:7e:2b:00:c0:5a:80:38:c5:cd:9b:8e:1c:9d:1f:0e:39:
         c7:38:26:fa:41:e2:bf:98:5f:76:00:86:07:cf:7e:81:80:f1:
         d2:45:24:df:3e:18:9f:73:ce:a8:3a:ad:30:67:ce:82:24:33:
         c2:ff:87:1a:42:e8:e9:f1:4d:98:49:f3:ac:81:65:55:d3:df:
         c7:3b:a8:fe:5c:cd:80:2b:7f:55:88:17:08:ca:f8:05:b6:9c:
         e2:d1:26:56:c4:f9:c4:b1:18:ef:c5:6b:d3:ee:dd:4f:bc:11:
         72:43:c0:31:57:63:ff:8a:b8:2e:e8:ab:65:52:86:16:e5:d7:
         1f:fa:31:57:12:6e:ca:76:a7:f8:4f:fc:a9:0c:24:24:5d:6b:
         db:b8:f1:9c:74:04:d1:76:fb:4c:ae:87:bc:62:a2:d7:2d:3c:
         61:52:6a:14:cb:be:42:f0:ef:8a:8f:d3:6c:da:bc:db:df:41:
         07:5c:df:67:ff:53:3b:f4:86:c6:c9:21:f1:52:60:0e:64:83:
         d4:07:4f:48
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUPA27IF/EVffEDBcQ/VwuwyxNZ+wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNTA3MDYyMTAwNTdaFw0yNjA3MDUyMTA1NTdaMDMxMTAvBgNV
BAMTKEQ4MDdGMDYyNUMwQTA4MDBBODQyMDA3RDg1QkE3QzkyMzg5NzQ2ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvUZsLwCg7MBoo1cd4mqO9BoEJ
oPBCXOXNxmROdSMe57uJ0D8V3v/HGfkByzpc0iON3Rls71ukdEvM3Ji7AgHME/2m
sAKWr6XwJfGk00/2fSVbAxvs5Q6pwFAWsOaUohNjFrjVaSE7UjHkMFY+Oz9HeUhT
dQkXnoRXaRem8lZ1T4GojuKa1KEOKVwGoh2yCquiBXunbRNcX+uCugkFfhmUTiOt
jcWmGG+9bWa7lN6jPDv/5RxMmiiQYNb1bLpjaIgYBskVTKH4f8IdXkYLdMwkAPk8
qItQ1wDhPfz80yTOxAyu7J7eB+chZ6MkboXfBgey8PAo3G3t8AYiEZy1rFVLAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQU2AfwYlwKCACoQgB9hbp8kjiXRokwHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzMjY1M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTM1MzkzODM3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKhEpwAAuMA0GCSqGSIb3DQEBCwUAA4IBAQBYDDbk/uWixWEfDF/+7lgw
lCGDHMhVhxbF5zdQuPlsaMleoOefeGTzlb6xRmfE7d/V4UicIPw3gn4rAMBagDjF
zZuOHJ0fDjnHOCb6QeK/mF92AIYHz36BgPHSRSTfPhifc86oOq0wZ86CJDPC/4ca
Qujp8U2YSfOsgWVV09/HO6j+XM2AK39ViBcIyvgFtpzi0SZWxPnEsRjvxWvT7t1P
vBFyQ8AxV2P/irgu6KtlUoYW5dcf+jFXEm7Kdqf4T/ypDCQkXWvbuPGcdATRdvtM
roe8YqLXLTxhUmoUy75C8O+Kj9Ns2rzb30EHXN9n/1M79IbGySHxUmAOZIPUB09I
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:52:25 2025 by rpki-client