Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a663a3a2f34382d3438203d3e203530333931.roa
File:                     326131313a323963303a663a3a2f34382d3438203d3e203530333931.roa (raw, json)
Hash identifier:          SG7fF2JDWRfhewpufx1cNxB5Ogq86hmwvmJVvjdrv9Q=
Subject key identifier:   F9:66:98:A0:92:B8:B6:7A:E2:76:E5:ED:13:CD:5B:16:72:6C:B5:4F
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       36B159FCAC3A990D9CB3ADDD3652E8F15CC90A1B
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a663a3a2f34382d3438203d3e203530333931.roa
Signing time:             Wed 19 Jun 2024 14:01:16 +0000
ROA not before:           Wed 19 Jun 2024 13:56:16 +0000
ROA not after:            Wed 18 Jun 2025 14:01:16 +0000
asID:                     50391
IP address blocks:        2a11:29c0:f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:b1:59:fc:ac:3a:99:0d:9c:b3:ad:dd:36:52:e8:f1:5c:c9:0a:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jun 19 13:56:16 2024 GMT
            Not After : Jun 18 14:01:16 2025 GMT
        Subject: CN=F96698A092B8B67AE276E5ED13CD5B16726CB54F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:af:e0:3f:ee:48:2b:79:05:21:70:21:b7:94:
                    68:9f:6f:d3:7c:ce:3f:ac:19:23:fb:8c:b3:d8:a8:
                    12:51:4a:39:4a:67:e8:c4:a8:bd:ba:0a:2c:f8:ed:
                    3d:b3:fb:7a:e1:6d:d4:e1:be:e7:4a:ec:11:b5:a7:
                    b8:4b:e7:f4:de:8f:d7:0d:1c:66:5f:d4:1c:01:a9:
                    10:52:4d:54:ac:4a:02:43:01:28:ad:f5:87:33:5a:
                    f7:ba:06:10:81:b6:e0:6e:4c:1f:7e:66:62:08:5f:
                    e2:d1:ac:47:c2:b5:12:f8:04:d8:2c:12:5f:21:5b:
                    b3:33:35:af:62:05:db:28:78:96:bf:cf:a8:e1:7c:
                    04:af:30:c0:7c:5b:61:ed:34:27:37:68:c9:da:18:
                    17:a9:8d:6b:b0:88:d6:ba:9c:a9:e4:56:a8:85:f9:
                    bc:7b:6c:44:46:a0:c9:24:55:db:a0:8b:7c:4f:b6:
                    1c:02:69:8c:01:13:66:1a:7f:0b:4b:06:66:c5:49:
                    16:a9:4e:e7:0e:6d:7d:48:46:82:85:3c:05:69:2b:
                    ca:48:b1:c1:43:7c:3b:a3:8d:9c:f8:dd:22:95:24:
                    a8:0b:3f:de:79:e9:f1:e2:90:34:c7:34:86:56:2d:
                    da:7e:25:6f:5d:80:26:31:e8:f4:a5:5c:b5:c2:32:
                    f0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:66:98:A0:92:B8:B6:7A:E2:76:E5:ED:13:CD:5B:16:72:6C:B5:4F
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a663a3a2f34382d3438203d3e203530333931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:eb:51:e1:fe:8e:10:ba:97:d8:35:30:04:9b:e2:06:e8:22:
         b3:ab:fc:e1:ce:06:05:4a:ee:7c:7b:13:1c:4b:f7:2f:39:3f:
         84:76:b2:4f:b5:89:9d:b2:ad:a2:86:c8:11:9e:2b:4a:87:b0:
         26:7a:7c:88:1e:4f:e3:e2:05:c9:18:69:a5:f7:c6:36:3a:f3:
         a6:d3:ec:b3:1f:e2:17:c5:67:66:05:42:d1:e0:99:1b:67:e5:
         88:84:91:a7:51:9c:60:4f:5d:db:3d:97:18:d0:8d:40:16:56:
         f2:a0:20:ae:e5:f1:d6:af:84:24:a2:52:75:31:38:9a:2a:84:
         6a:be:bd:22:92:e7:ff:c9:a0:af:ff:54:0d:b2:b1:04:66:22:
         e6:31:eb:7e:19:74:b5:9c:2f:e6:cd:a8:c2:17:7c:67:37:20:
         40:2a:27:6d:c4:32:21:82:dc:89:bc:0e:14:9a:c4:c5:a2:ee:
         c0:b6:c3:cd:3f:a9:78:d1:58:61:9f:30:67:c6:85:8b:ba:38:
         86:c9:73:bd:7e:f9:c6:f5:d0:91:d3:1e:44:dd:ae:4c:5b:2c:
         e6:3c:61:71:52:20:36:6b:27:f4:e1:ac:f2:1e:c9:70:4f:fb:
         be:0e:d2:00:d6:35:80:34:e2:84:57:4d:02:f2:04:d0:71:e1:
         96:19:2a:bc
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIUNrFZ/Kw6mQ2cs63dNlLo8VzJChswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDA2MTkxMzU2MTZaFw0yNTA2MTgxNDAxMTZaMDMxMTAvBgNV
BAMTKEY5NjY5OEEwOTJCOEI2N0FFMjc2RTVFRDEzQ0Q1QjE2NzI2Q0I1NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYr+A/7kgreQUhcCG3lGifb9N8
zj+sGSP7jLPYqBJRSjlKZ+jEqL26Ciz47T2z+3rhbdThvudK7BG1p7hL5/Tej9cN
HGZf1BwBqRBSTVSsSgJDASit9YczWve6BhCBtuBuTB9+ZmIIX+LRrEfCtRL4BNgs
El8hW7MzNa9iBdsoeJa/z6jhfASvMMB8W2HtNCc3aMnaGBepjWuwiNa6nKnkVqiF
+bx7bERGoMkkVdugi3xPthwCaYwBE2YafwtLBmbFSRapTucObX1IRoKFPAVpK8pI
scFDfDujjZz43SKVJKgLP9556fHikDTHNIZWLdp+JW9dgCYx6PSlXLXCMvCTAgMB
AAGjggJCMIICPjAdBgNVHQ4EFgQU+WaYoJK4tnriduXtE81bFnJstU8wHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2E2NjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDM1MzAzMzM5MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkD
BwAqESnAAA8wDQYJKoZIhvcNAQELBQADggEBABzrUeH+jhC6l9g1MASb4gboIrOr
/OHOBgVK7nx7ExxL9y85P4R2sk+1iZ2yraKGyBGeK0qHsCZ6fIgeT+PiBckYaaX3
xjY686bT7LMf4hfFZ2YFQtHgmRtn5YiEkadRnGBPXds9lxjQjUAWVvKgIK7l8dav
hCSiUnUxOJoqhGq+vSKS5//JoK//VA2ysQRmIuYx634ZdLWcL+bNqMIXfGc3IEAq
J23EMiGC3Im8DhSaxMWi7sC2w80/qXjRWGGfMGfGhYu6OIbJc71++cb10JHTHkTd
rkxbLOY8YXFSIDZrJ/ThrPIeyXBP+74O0gDWNYA04oRXTQLyBNBx4ZYZKrw=
-----END CERTIFICATE-----
Generated at Tue Jun 25 21:57:50 2024 by rpki-client on console-fra.rpki-client.org