Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a33343a3a2f34382d3438203d3e20323135393533.roa
File:                     326131313a323963303a33343a3a2f34382d3438203d3e20323135393533.roa (raw, json)
Hash identifier:          FgoNlq96l94ZGhv7gfNZbZbqKmietE3pzpN+TGc6uLY=
Subject key identifier:   2B:95:32:80:5E:70:A2:52:93:16:E0:B3:53:7A:47:BD:00:09:EE:C4
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       4B18C3D118FF23B2F690E9737BB6778784F524F1
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a33343a3a2f34382d3438203d3e20323135393533.roa
Signing time:             Thu 04 Jan 2024 12:11:42 +0000
ROA not before:           Thu 04 Jan 2024 12:06:42 +0000
ROA not after:            Thu 02 Jan 2025 12:11:42 +0000
asID:                     215953
IP address blocks:        2a11:29c0:34::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:18:c3:d1:18:ff:23:b2:f6:90:e9:73:7b:b6:77:87:84:f5:24:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jan  4 12:06:42 2024 GMT
            Not After : Jan  2 12:11:42 2025 GMT
        Subject: CN=2B9532805E70A2529316E0B3537A47BD0009EEC4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5b:21:dd:e3:f2:38:20:8a:d2:ac:b0:b9:11:
                    8f:3d:c8:b0:13:78:d5:eb:ba:41:ce:63:0c:3e:51:
                    56:66:aa:4e:b7:42:22:11:a4:6d:fc:00:2b:7f:0a:
                    b1:be:57:4f:d3:c2:f5:87:de:f9:7a:78:98:5f:57:
                    97:af:91:81:b4:3b:13:e7:39:9e:0b:5e:75:e7:da:
                    df:fb:5f:a6:05:ab:11:f4:7f:03:3e:8a:21:de:d8:
                    4c:dc:d7:85:72:ff:87:f5:e8:eb:fd:41:b1:0b:76:
                    df:cc:93:6b:f3:c9:c5:4c:7c:b1:3f:22:bd:8c:ff:
                    73:6b:dd:2f:25:e5:e3:dd:ba:74:7a:61:33:58:ab:
                    4a:91:34:db:15:cc:3c:ef:25:55:7c:05:44:ee:cc:
                    57:4c:b5:73:27:b0:a3:8c:7a:89:7c:db:aa:15:3b:
                    eb:91:1f:51:b9:e9:66:f8:5b:94:d6:15:a7:16:24:
                    03:40:01:37:f0:ee:28:f7:93:c3:9e:1c:3a:53:d0:
                    03:6f:ea:73:7d:27:de:4e:52:98:05:02:f7:79:df:
                    e3:57:83:0c:1a:6f:6b:92:0c:15:90:12:82:c9:e8:
                    00:d0:76:32:0c:ac:7d:12:cb:b6:f5:1a:45:63:e4:
                    3f:53:9f:d2:4f:27:cc:a0:8a:ba:f2:d3:bd:1e:4b:
                    72:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:95:32:80:5E:70:A2:52:93:16:E0:B3:53:7A:47:BD:00:09:EE:C4
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a33343a3a2f34382d3438203d3e20323135393533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:34::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:05:8c:a6:81:bb:8a:09:6e:01:c3:e1:10:dc:e2:ed:c8:19:
         71:e4:30:eb:bb:60:7f:a3:0e:9c:17:2f:c5:5c:4f:d7:3a:7d:
         cb:5c:02:d0:a1:fc:9e:43:f1:f3:82:73:7b:07:7a:d2:b9:e8:
         e5:30:b7:a2:4c:40:e6:ce:96:de:aa:c1:20:46:3d:9e:4a:0c:
         f5:79:cd:35:3d:bc:ef:82:92:39:6f:84:e4:a8:67:cd:1b:cf:
         9e:00:5f:a1:1d:64:36:bc:e8:0b:26:c1:43:0b:66:4e:a2:40:
         9d:44:ba:b5:9c:c3:cf:b7:4b:e3:7a:7e:7c:9f:a4:1b:f2:ab:
         3e:9d:74:1c:c5:eb:9d:fd:c8:01:78:c4:20:ef:97:a9:f0:e6:
         f8:52:96:56:3a:d0:7f:a8:d9:3d:fa:dd:ab:af:c0:b4:ab:ff:
         49:71:50:cf:31:02:4d:e8:cd:76:98:47:d1:69:39:44:e7:9a:
         b8:d0:da:a0:76:cd:80:c4:7a:92:60:dd:14:55:12:61:d4:75:
         33:ba:81:fa:91:af:87:26:f8:e3:16:58:03:12:be:8e:6c:5b:
         a1:f9:27:11:d6:27:33:c5:65:90:7d:e2:ca:ea:60:0c:ba:fc:
         63:9b:d8:b8:5c:92:8d:06:12:77:59:fd:22:71:31:83:c0:a4:
         cb:71:bb:bd
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUSxjD0Rj/I7L2kOlze7Z3h4T1JPEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDAxMDQxMjA2NDJaFw0yNTAxMDIxMjExNDJaMDMxMTAvBgNV
BAMTKDJCOTUzMjgwNUU3MEEyNTI5MzE2RTBCMzUzN0E0N0JEMDAwOUVFQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGWyHd4/I4IIrSrLC5EY89yLAT
eNXrukHOYww+UVZmqk63QiIRpG38ACt/CrG+V0/TwvWH3vl6eJhfV5evkYG0OxPn
OZ4LXnXn2t/7X6YFqxH0fwM+iiHe2Ezc14Vy/4f16Ov9QbELdt/Mk2vzycVMfLE/
Ir2M/3Nr3S8l5ePdunR6YTNYq0qRNNsVzDzvJVV8BUTuzFdMtXMnsKOMeol826oV
O+uRH1G56Wb4W5TWFacWJANAATfw7ij3k8OeHDpT0ANv6nN9J95OUpgFAvd53+NX
gwwab2uSDBWQEoLJ6ADQdjIMrH0Sy7b1GkVj5D9Tn9JPJ8ygirry070eS3KVAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUK5UygF5wolKTFuCzU3pHvQAJ7sQwHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzMzM0M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTM1MzkzNTMzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKhEpwAA0MA0GCSqGSIb3DQEBCwUAA4IBAQBaBYymgbuKCW4Bw+EQ3OLt
yBlx5DDru2B/ow6cFy/FXE/XOn3LXALQofyeQ/HzgnN7B3rSuejlMLeiTEDmzpbe
qsEgRj2eSgz1ec01PbzvgpI5b4TkqGfNG8+eAF+hHWQ2vOgLJsFDC2ZOokCdRLq1
nMPPt0vjen58n6Qb8qs+nXQcxeud/cgBeMQg75ep8Ob4UpZWOtB/qNk9+t2rr8C0
q/9JcVDPMQJN6M12mEfRaTlE55q40Nqgds2AxHqSYN0UVRJh1HUzuoH6ka+HJvjj
FlgDEr6ObFuh+ScR1iczxWWQfeLK6mAMuvxjm9i4XJKNBhJ3Wf0icTGDwKTLcbu9
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:58:21 2024 by rpki-client on console-ams.rpki-client.org