Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a33383a3a2f34382d3438203d3e20323135333735.roa
File:                     326131313a323963303a33383a3a2f34382d3438203d3e20323135333735.roa (raw, json)
Hash identifier:          kJ62ias+abI7fqlUqY9DP7LLmsrqA/ElQeCwVM+6I2U=
Subject key identifier:   D1:45:18:01:6A:CD:0F:AE:A2:14:2A:92:51:7B:45:A1:A1:4F:D1:0C
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       241DBE56B012CFD0311D0E045DABBCAB1588DEFD
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a33383a3a2f34382d3438203d3e20323135333735.roa
Signing time:             Tue 05 Mar 2024 11:50:31 +0000
ROA not before:           Tue 05 Mar 2024 11:45:31 +0000
ROA not after:            Tue 04 Mar 2025 11:50:31 +0000
asID:                     215375
IP address blocks:        2a11:29c0:38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:1d:be:56:b0:12:cf:d0:31:1d:0e:04:5d:ab:bc:ab:15:88:de:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Mar  5 11:45:31 2024 GMT
            Not After : Mar  4 11:50:31 2025 GMT
        Subject: CN=D14518016ACD0FAEA2142A92517B45A1A14FD10C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:09:6c:4a:0f:00:45:4d:c9:58:13:f9:6a:a9:
                    68:af:56:02:4b:6e:37:7c:a7:46:94:fd:b3:73:9d:
                    74:bd:10:96:ec:fe:70:e6:d4:85:ca:4e:f7:da:8e:
                    10:41:b2:42:e8:49:2b:63:83:62:6f:d2:86:6f:91:
                    11:50:9b:f4:21:95:b6:65:f2:46:29:09:ab:07:b5:
                    1d:4e:96:44:85:2b:50:d7:1a:57:6e:30:64:03:4b:
                    e5:d0:da:f4:72:7a:76:80:5a:25:3a:42:31:8e:48:
                    6d:f3:73:7d:0b:e6:68:f5:d8:77:ea:e0:41:48:84:
                    a7:0d:fd:3b:fa:33:2c:fd:19:e7:39:99:db:d7:e9:
                    e4:6b:45:67:d9:f0:62:06:9e:e3:9d:22:9d:a8:50:
                    0f:61:84:a5:94:7a:2e:6c:d0:0c:03:9e:a2:21:5b:
                    67:a4:7c:19:8a:d1:84:09:9b:0e:63:85:1f:43:99:
                    0d:bb:f8:48:7b:9d:c7:14:bf:c4:11:2d:3a:4d:58:
                    45:48:41:55:e8:06:48:0b:29:a5:80:0f:4f:ce:e2:
                    86:26:7b:00:ba:a6:ca:17:96:9a:07:8b:aa:e4:2c:
                    a9:e2:3e:1b:c1:48:fb:82:48:7e:03:87:ba:06:a5:
                    41:4c:c7:cd:94:19:5c:92:9c:1f:50:26:a0:d2:2e:
                    07:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:45:18:01:6A:CD:0F:AE:A2:14:2A:92:51:7B:45:A1:A1:4F:D1:0C
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a33383a3a2f34382d3438203d3e20323135333735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:38::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:1e:54:25:3b:bf:f0:24:5a:10:79:31:ce:c9:79:4c:2b:86:
         f3:80:10:8a:ee:10:06:5f:0f:37:32:09:19:0f:c0:23:03:10:
         94:6c:69:fe:49:dc:92:76:d7:14:ef:84:41:07:a9:10:5e:dc:
         ef:0e:ee:f1:b4:c6:89:55:ac:b1:f2:9d:b6:24:19:f3:a5:bf:
         fb:08:7d:c7:e0:cf:dd:d9:f3:1d:2b:a3:87:03:a2:3f:5c:6b:
         8f:c0:43:74:18:21:fa:eb:10:82:d6:93:c9:05:08:b7:19:93:
         fb:0b:4e:22:57:df:28:44:79:b6:50:b3:df:75:74:33:28:c5:
         60:d0:59:f3:a5:63:1a:ab:aa:6a:78:8f:41:e9:9e:84:ae:9e:
         40:87:87:0f:17:2c:b5:cc:8c:20:76:35:e5:1b:28:0e:6e:53:
         8d:04:22:da:6e:c5:3f:32:b6:6a:44:1f:22:9b:35:51:fb:90:
         1c:90:f9:dd:b6:09:6a:07:48:14:3a:02:20:53:f2:5c:2b:2d:
         04:d5:1a:b1:8b:56:5b:11:c1:6e:01:24:6f:0c:0a:41:99:65:
         ab:ee:06:82:eb:31:90:f6:f6:12:e6:95:8b:91:c1:13:f5:a4:
         3d:7b:ec:6b:84:f2:57:0f:99:98:80:26:be:d7:32:b4:bb:73:
         8b:1c:42:c3
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUJB2+VrASz9AxHQ4EXau8qxWI3v0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDAzMDUxMTQ1MzFaFw0yNTAzMDQxMTUwMzFaMDMxMTAvBgNV
BAMTKEQxNDUxODAxNkFDRDBGQUVBMjE0MkE5MjUxN0I0NUExQTE0RkQxMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHCWxKDwBFTclYE/lqqWivVgJL
bjd8p0aU/bNznXS9EJbs/nDm1IXKTvfajhBBskLoSStjg2Jv0oZvkRFQm/QhlbZl
8kYpCasHtR1OlkSFK1DXGlduMGQDS+XQ2vRyenaAWiU6QjGOSG3zc30L5mj12Hfq
4EFIhKcN/Tv6Myz9Gec5mdvX6eRrRWfZ8GIGnuOdIp2oUA9hhKWUei5s0AwDnqIh
W2ekfBmK0YQJmw5jhR9DmQ27+Eh7nccUv8QRLTpNWEVIQVXoBkgLKaWAD0/O4oYm
ewC6psoXlpoHi6rkLKniPhvBSPuCSH4Dh7oGpUFMx82UGVySnB9QJqDSLgfXAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQU0UUYAWrND66iFCqSUXtFoaFP0QwwHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzMzM4M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTM1MzMzNzM1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKhEpwAA4MA0GCSqGSIb3DQEBCwUAA4IBAQBvHlQlO7/wJFoQeTHOyXlM
K4bzgBCK7hAGXw83MgkZD8AjAxCUbGn+SdySdtcU74RBB6kQXtzvDu7xtMaJVayx
8p22JBnzpb/7CH3H4M/d2fMdK6OHA6I/XGuPwEN0GCH66xCC1pPJBQi3GZP7C04i
V98oRHm2ULPfdXQzKMVg0FnzpWMaq6pqeI9B6Z6Erp5Ah4cPFyy1zIwgdjXlGygO
blONBCLabsU/MrZqRB8imzVR+5AckPndtglqB0gUOgIgU/JcKy0E1Rqxi1ZbEcFu
ASRvDApBmWWr7gaC6zGQ9vYS5pWLkcET9aQ9e+xrhPJXD5mYgCa+1zK0u3OLHELD
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:59:02 2024 by rpki-client on console-fra.rpki-client.org