Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09f71023-9049-4ecb-a8a5-7f08d8ead676/1/326131343a373538313a366664303a3a2f34342d3634203d3e20323135393334.roa
File:                     326131343a373538313a366664303a3a2f34342d3634203d3e20323135393334.roa (raw, json)
Hash identifier:          W0J6pGpY7USt3uOGn+2U/+zzKb37zNSvY+tzxs3qCuc=
Subject key identifier:   33:06:E8:0D:F9:17:5E:2A:E6:01:49:80:8F:CA:AE:A2:F8:DD:75:AF
Certificate issuer:       /CN=81E218874C7149A0F1BC56CDBEC9F94BF59C204F
Certificate serial:       41FB15BDF8246D5768676C98143117367FAB0A1E
Authority key identifier: 81:E2:18:87:4C:71:49:A0:F1:BC:56:CD:BE:C9:F9:4B:F5:9C:20:4F
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/81E218874C7149A0F1BC56CDBEC9F94BF59C204F.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09f71023-9049-4ecb-a8a5-7f08d8ead676/1/326131343a373538313a366664303a3a2f34342d3634203d3e20323135393334.roa
Signing time:             Wed 18 Sep 2024 06:31:37 +0000
ROA not before:           Wed 18 Sep 2024 06:26:37 +0000
ROA not after:            Wed 17 Sep 2025 06:31:37 +0000
asID:                     215934
IP address blocks:        2a14:7581:6fd0::/44 maxlen: 64

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09f71023-9049-4ecb-a8a5-7f08d8ead676/1/81E218874C7149A0F1BC56CDBEC9F94BF59C204F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09f71023-9049-4ecb-a8a5-7f08d8ead676/1/81E218874C7149A0F1BC56CDBEC9F94BF59C204F.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/81E218874C7149A0F1BC56CDBEC9F94BF59C204F.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:fb:15:bd:f8:24:6d:57:68:67:6c:98:14:31:17:36:7f:ab:0a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81E218874C7149A0F1BC56CDBEC9F94BF59C204F
        Validity
            Not Before: Sep 18 06:26:37 2024 GMT
            Not After : Sep 17 06:31:37 2025 GMT
        Subject: CN=3306E80DF9175E2AE60149808FCAAEA2F8DD75AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:79:70:4e:5e:c8:49:06:5e:ee:f2:23:d7:3b:
                    67:7c:c1:c4:a4:9d:2c:55:e8:50:89:59:a8:11:e1:
                    84:23:f7:56:d8:de:79:d4:03:89:dd:9b:17:e9:0d:
                    30:79:4e:ab:89:c7:c7:92:d1:dd:86:30:c0:37:6e:
                    b2:29:24:b6:bb:3b:a7:5c:09:42:8a:0f:a0:11:d6:
                    65:b8:d2:0e:5f:c7:67:03:33:0a:b0:22:34:09:d5:
                    d1:08:a5:89:0f:01:cf:70:8b:2b:94:22:c7:fa:a6:
                    bd:8b:f9:dd:11:ed:40:63:0a:b9:4b:a9:7e:82:6f:
                    1f:a8:4f:3d:61:0c:2b:30:97:cb:56:44:9c:03:5c:
                    3c:ac:3e:0c:1c:ab:17:3e:65:10:c7:df:e4:37:29:
                    5e:e8:a1:f9:91:7a:65:cc:d7:7d:78:28:7f:c2:d7:
                    3a:61:d0:36:fb:04:0f:58:d4:8b:79:2c:23:0b:0e:
                    b4:07:2b:1f:54:4e:c0:ac:8c:e0:bc:e9:5c:33:3d:
                    eb:e1:12:2e:d3:5e:a9:39:b1:d8:da:87:55:90:79:
                    b4:1e:62:89:6c:51:c9:95:3d:1a:76:69:44:3a:36:
                    c9:5c:3b:ec:b6:81:38:27:14:14:70:12:16:e1:11:
                    ae:91:e8:31:8c:b8:fe:a3:ad:6e:ee:5a:cc:4b:fe:
                    f6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:06:E8:0D:F9:17:5E:2A:E6:01:49:80:8F:CA:AE:A2:F8:DD:75:AF
            X509v3 Authority Key Identifier:
                keyid:81:E2:18:87:4C:71:49:A0:F1:BC:56:CD:BE:C9:F9:4B:F5:9C:20:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09f71023-9049-4ecb-a8a5-7f08d8ead676/1/81E218874C7149A0F1BC56CDBEC9F94BF59C204F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/81E218874C7149A0F1BC56CDBEC9F94BF59C204F.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09f71023-9049-4ecb-a8a5-7f08d8ead676/1/326131343a373538313a366664303a3a2f34342d3634203d3e20323135393334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:6fd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:e3:a9:b2:94:d6:9c:07:aa:42:a4:de:95:7c:78:a9:60:5d:
         63:4d:c2:2e:eb:d1:ca:25:73:69:64:e6:05:51:5d:3d:ba:2c:
         71:e5:e3:20:d5:6a:4c:63:f7:1f:59:52:7d:7f:79:33:63:54:
         07:e5:2e:88:6f:dd:8b:73:79:d1:56:86:b0:c0:e7:3f:fb:a4:
         56:ff:66:d6:07:95:1e:aa:db:5e:3c:10:9c:fc:f0:15:b3:19:
         40:03:30:aa:1e:fb:c4:49:cf:d6:a5:0c:b2:1f:28:43:cd:fb:
         58:4a:14:ce:9b:93:ab:04:53:6f:ee:db:ed:e3:de:f0:99:35:
         bc:01:60:1d:20:f2:45:be:00:c4:04:29:aa:8f:bb:b8:a4:db:
         af:ce:c8:54:26:72:23:c5:15:87:76:0b:10:53:ae:ca:81:d2:
         45:e4:19:36:bd:02:43:d6:ce:a9:56:62:b5:b2:12:1b:4a:64:
         8e:81:75:e7:14:43:a2:3c:7a:40:23:4e:23:e2:9b:20:e8:19:
         dd:5c:ab:27:7d:4e:c6:00:c2:ae:3d:28:37:2a:99:20:b6:1e:
         a2:fb:18:10:18:eb:51:60:f2:6a:bd:f2:28:38:41:10:d2:2d:
         8f:fd:bb:77:26:fc:2a:bf:bf:5b:71:cb:fb:be:bd:8b:c7:9a:
         89:a5:94:5a
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUQfsVvfgkbVdoZ2yYFDEXNn+rCh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODFFMjE4ODc0QzcxNDlBMEYxQkM1NkNEQkVDOUY5NEJG
NTlDMjA0RjAeFw0yNDA5MTgwNjI2MzdaFw0yNTA5MTcwNjMxMzdaMDMxMTAvBgNV
BAMTKDMzMDZFODBERjkxNzVFMkFFNjAxNDk4MDhGQ0FBRUEyRjhERDc1QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCAeXBOXshJBl7u8iPXO2d8wcSk
nSxV6FCJWagR4YQj91bY3nnUA4ndmxfpDTB5TquJx8eS0d2GMMA3brIpJLa7O6dc
CUKKD6AR1mW40g5fx2cDMwqwIjQJ1dEIpYkPAc9wiyuUIsf6pr2L+d0R7UBjCrlL
qX6Cbx+oTz1hDCswl8tWRJwDXDysPgwcqxc+ZRDH3+Q3KV7oofmRemXM1314KH/C
1zph0Db7BA9Y1It5LCMLDrQHKx9UTsCsjOC86VwzPevhEi7TXqk5sdjah1WQebQe
YolsUcmVPRp2aUQ6NslcO+y2gTgnFBRwEhbhEa6R6DGMuP6jrW7uWsxL/vZHAgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQUMwboDfkXXirmAUmAj8quovjdda8wHwYDVR0j
BBgwFoAUgeIYh0xxSaDxvFbNvsn5S/WcIE8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDlmNzEwMjMtOTA0OS00ZWNiLWE4YTUtN2YwOGQ4ZWFk
Njc2LzEvODFFMjE4ODc0QzcxNDlBMEYxQkM1NkNEQkVDOUY5NEJGNTlDMjA0Ri5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC84MUUyMTg4NzRDNzE0OUEwRjFCQzU2Q0RC
RUM5Rjk0QkY1OUMyMDRGLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8wOWY3MTAyMy05MDQ5LTRlY2ItYThhNS03ZjA4ZDhlYWQ2NzYvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTM2NjY2NDMwM2EzYTJmMzQzNDJkMzYzNDIwM2QzZTIwMzIz
MTM1MzkzMzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcEKhR1gW/QMA0GCSqGSIb3DQEBCwUAA4IBAQAV
46mylNacB6pCpN6VfHipYF1jTcIu69HKJXNpZOYFUV09uixx5eMg1WpMY/cfWVJ9
f3kzY1QH5S6Ib92Lc3nRVoawwOc/+6RW/2bWB5UeqttePBCc/PAVsxlAAzCqHvvE
Sc/WpQyyHyhDzftYShTOm5OrBFNv7tvt497wmTW8AWAdIPJFvgDEBCmqj7u4pNuv
zshUJnIjxRWHdgsQU67KgdJF5Bk2vQJD1s6pVmK1shIbSmSOgXXnFEOiPHpAI04j
4psg6BndXKsnfU7GAMKuPSg3Kpkgth6i+xgQGOtRYPJqvfIoOEEQ0i2P/bt3Jvwq
v79bccv7vr2Lx5qJpZRa
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:15 2024 by rpki-client on console-ams.rpki-client.org