Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a663a3a2f34382d3438203d3e203530333931.roa
File:                     326131313a323963303a663a3a2f34382d3438203d3e203530333931.roa (raw, json)
Hash identifier:          iPsG/Wxbf9rT3gmctlnwpBPS7ONWJWOgUV1fV+iceQs=
Subject key identifier:   42:7E:74:09:9D:7C:04:B8:8B:EA:73:7B:49:15:1A:EF:34:B3:03:2B
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       0E0982AE3AAD172A97FC0BF90909934BC6A071E6
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a663a3a2f34382d3438203d3e203530333931.roa
Signing time:             Wed 19 Jul 2023 13:30:00 +0000
ROA not before:           Wed 19 Jul 2023 13:25:00 +0000
ROA not after:            Wed 17 Jul 2024 13:30:00 +0000
asID:                     50391
IP address blocks:        2a11:29c0:f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:09:82:ae:3a:ad:17:2a:97:fc:0b:f9:09:09:93:4b:c6:a0:71:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jul 19 13:25:00 2023 GMT
            Not After : Jul 17 13:30:00 2024 GMT
        Subject: CN=427E74099D7C04B88BEA737B49151AEF34B3032B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ca:06:cd:fb:db:b4:3b:4e:69:95:e0:67:59:
                    86:e5:92:15:d9:14:f4:c5:74:47:4c:b0:5f:54:a6:
                    ff:b3:a7:7b:a3:38:99:af:8e:6d:a9:db:d0:e4:2a:
                    1b:5d:c9:f6:6b:7d:8c:fa:23:8c:a2:78:65:07:87:
                    14:b3:65:81:89:3d:6c:4c:36:76:e0:6d:9a:9d:a5:
                    99:42:c4:cf:ad:ff:14:51:87:28:ea:f3:12:6c:3f:
                    1c:51:f9:67:d0:f2:9d:a9:96:6c:26:72:46:2f:fc:
                    01:86:e8:32:37:5b:a4:4d:26:0d:08:5c:19:46:9c:
                    cf:25:59:f3:11:8c:17:55:09:91:fa:02:57:02:87:
                    05:63:e5:e5:6e:86:0e:aa:18:12:40:70:13:ba:d3:
                    ef:7e:49:60:de:94:cb:2b:fc:15:2a:9e:80:4d:5a:
                    2a:5f:56:18:73:7a:6a:3a:aa:00:ef:50:93:8b:ae:
                    e6:f7:ee:bd:88:d7:aa:5e:7f:41:af:9a:a2:b2:12:
                    51:30:19:9c:56:a1:6f:22:44:0e:64:b2:44:4f:07:
                    d9:07:72:a0:85:6b:1d:5f:01:1f:40:67:67:40:ea:
                    03:27:d4:b5:55:b2:52:08:90:24:f5:d5:ff:aa:fc:
                    14:a3:a5:9c:4b:fa:34:f4:bd:b4:59:39:bf:49:14:
                    5f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:7E:74:09:9D:7C:04:B8:8B:EA:73:7B:49:15:1A:EF:34:B3:03:2B
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a663a3a2f34382d3438203d3e203530333931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:54:34:b3:8a:8f:e8:55:43:d4:b4:9f:7f:aa:ac:73:5e:c5:
         2e:e6:5c:55:f1:b7:c7:07:a8:00:d1:cd:13:d4:e8:99:cb:0d:
         26:23:17:f7:76:3b:1c:1d:2b:ee:b1:8a:88:58:49:89:4f:4e:
         67:87:13:67:05:d6:fc:2e:9b:3e:58:1f:b7:20:99:b7:4d:fb:
         06:a9:8a:d6:42:7b:3a:51:9e:3d:43:1b:6a:a1:52:a1:d5:ce:
         1a:1f:07:db:ac:05:2e:50:b3:31:1c:4c:8f:2e:3d:13:be:e0:
         2e:cc:ea:e6:b0:cc:d3:f8:fe:00:ac:e3:87:6b:61:80:4b:75:
         85:11:9c:23:b0:8e:eb:b6:ce:a0:92:48:38:7c:03:9c:40:91:
         a5:dd:8c:a6:9e:00:3f:71:34:ee:54:77:08:65:a9:c7:77:f2:
         73:08:30:f6:72:38:1b:3d:46:fa:14:a4:4d:4e:76:17:f8:63:
         eb:03:95:54:4e:b7:6d:94:6c:51:23:28:1e:6a:a9:73:92:1c:
         dd:a5:7f:c7:b4:e8:96:2f:7e:38:d5:58:91:eb:67:22:ed:d3:
         18:29:ad:b9:c8:bd:71:ec:5c:02:c6:97:d8:b2:ce:1d:76:41:
         9e:56:35:be:2e:b9:45:5a:5e:ef:3d:7a:b9:a3:38:5c:48:db:
         84:07:08:11
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIUDgmCrjqtFyqX/Av5CQmTS8agceYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yMzA3MTkxMzI1MDBaFw0yNDA3MTcxMzMwMDBaMDMxMTAvBgNV
BAMTKDQyN0U3NDA5OUQ3QzA0Qjg4QkVBNzM3QjQ5MTUxQUVGMzRCMzAzMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqygbN+9u0O05pleBnWYblkhXZ
FPTFdEdMsF9Upv+zp3ujOJmvjm2p29DkKhtdyfZrfYz6I4yieGUHhxSzZYGJPWxM
NnbgbZqdpZlCxM+t/xRRhyjq8xJsPxxR+WfQ8p2plmwmckYv/AGG6DI3W6RNJg0I
XBlGnM8lWfMRjBdVCZH6AlcChwVj5eVuhg6qGBJAcBO60+9+SWDelMsr/BUqnoBN
WipfVhhzemo6qgDvUJOLrub37r2I16pef0GvmqKyElEwGZxWoW8iRA5kskRPB9kH
cqCFax1fAR9AZ2dA6gMn1LVVslIIkCT11f+q/BSjpZxL+jT0vbRZOb9JFF8nAgMB
AAGjggJCMIICPjAdBgNVHQ4EFgQUQn50CZ18BLiL6nN7SRUa7zSzAyswHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2E2NjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDM1MzAzMzM5MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkD
BwAqESnAAA8wDQYJKoZIhvcNAQELBQADggEBAJRUNLOKj+hVQ9S0n3+qrHNexS7m
XFXxt8cHqADRzRPU6JnLDSYjF/d2OxwdK+6xiohYSYlPTmeHE2cF1vwumz5YH7cg
mbdN+wapitZCezpRnj1DG2qhUqHVzhofB9usBS5QszEcTI8uPRO+4C7M6uawzNP4
/gCs44drYYBLdYURnCOwjuu2zqCSSDh8A5xAkaXdjKaeAD9xNO5Udwhlqcd38nMI
MPZyOBs9RvoUpE1Odhf4Y+sDlVROt22UbFEjKB5qqXOSHN2lf8e06JYvfjjVWJHr
ZyLt0xgprbnIvXHsXALGl9iyzh12QZ5WNb4uuUVaXu89ermjOFxI24QHCBE=
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:59:02 2024 by rpki-client on console-fra.rpki-client.org