Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a6263363a3a2f34382d3438203d3e20323134333132.roa
File:                     326130623a346530373a6263363a3a2f34382d3438203d3e20323134333132.roa (raw, json)
Hash identifier:          IQCiJOrT/IGm+e39ccF3g0EprEEjvFJ2FvEIPxjdKvk=
Subject key identifier:   C9:CB:BE:5C:44:25:A7:B4:1D:99:5D:03:DE:10:73:39:89:04:32:2B
Certificate issuer:       /CN=D18207466AB0A7D7D1EF3C7CD02E80BED58340BC
Certificate serial:       12C6E1139A20040A1C045030FC5CA24674A305F6
Authority key identifier: D1:82:07:46:6A:B0:A7:D7:D1:EF:3C:7C:D0:2E:80:BE:D5:83:40:BC
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a6263363a3a2f34382d3438203d3e20323134333132.roa
Signing time:             Mon 02 Sep 2024 11:55:50 +0000
ROA not before:           Mon 02 Sep 2024 11:50:50 +0000
ROA not after:            Mon 01 Sep 2025 11:55:50 +0000
asID:                     214312
IP address blocks:        2a0b:4e07:bc6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QuUI-6iWD0gHGxGazL9Xvb86gFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:c6:e1:13:9a:20:04:0a:1c:04:50:30:fc:5c:a2:46:74:a3:05:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D18207466AB0A7D7D1EF3C7CD02E80BED58340BC
        Validity
            Not Before: Sep  2 11:50:50 2024 GMT
            Not After : Sep  1 11:55:50 2025 GMT
        Subject: CN=C9CBBE5C4425A7B41D995D03DE1073398904322B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:7c:f0:36:ec:66:7d:9b:ee:e9:3c:7d:08:ef:
                    6c:6e:2b:af:ca:8d:44:43:a8:02:c7:4d:1a:32:0e:
                    5d:06:c2:42:6d:32:7b:ed:7c:4f:d0:86:91:7c:e4:
                    ae:98:09:79:e0:e7:49:bc:48:9c:22:5d:23:b2:a9:
                    fc:00:54:9c:bb:0d:f9:f9:e2:c3:c6:9e:9b:1e:9f:
                    00:b5:4c:90:d1:ec:f1:ce:eb:d0:48:89:e0:b9:03:
                    33:6d:d7:cd:68:35:f9:2f:5a:21:4f:c6:dc:ab:98:
                    92:28:63:5f:45:6f:61:e0:a0:8c:98:48:0b:82:8f:
                    70:a8:03:2a:9b:b9:dd:da:4e:6b:9e:f8:03:df:54:
                    69:18:74:df:10:2b:52:b1:d3:0d:b3:d6:6a:59:39:
                    81:76:51:80:f8:5c:5e:3b:2e:c8:91:35:d8:8d:eb:
                    3a:86:8f:85:13:db:18:4c:a5:5e:d7:2e:91:c4:b0:
                    d9:b5:3a:d9:ea:4b:66:33:bc:1e:8b:9b:e1:b2:70:
                    f1:c7:da:50:ef:95:0e:5c:98:df:15:61:cf:5f:95:
                    1b:4c:2b:36:86:e4:f8:ba:5e:02:25:1a:0e:5b:53:
                    53:fc:80:fe:ab:6f:68:93:7a:31:e4:c9:45:0f:19:
                    e0:9a:5a:c1:40:36:fa:0e:58:f8:e1:89:d9:11:f4:
                    64:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:CB:BE:5C:44:25:A7:B4:1D:99:5D:03:DE:10:73:39:89:04:32:2B
            X509v3 Authority Key Identifier:
                keyid:D1:82:07:46:6A:B0:A7:D7:D1:EF:3C:7C:D0:2E:80:BE:D5:83:40:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a6263363a3a2f34382d3438203d3e20323134333132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4e07:bc6::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:e7:78:a1:a9:99:ba:52:4a:0c:52:22:11:c6:f8:6a:2d:6a:
         5c:99:1d:2d:f9:ff:e9:0a:ee:7c:19:ef:3c:39:ec:e9:c2:c3:
         85:ea:df:03:a5:a0:ef:82:a1:4e:96:23:c2:50:57:86:22:ac:
         75:a1:87:80:37:34:9e:00:43:f5:0d:cf:c5:ac:5f:21:d1:64:
         32:5b:15:a8:51:22:b2:81:a2:13:02:ee:ae:0a:7c:57:24:b1:
         38:b7:7d:ec:06:0a:bb:29:3c:2c:40:44:91:d8:f9:67:74:9d:
         6c:9e:8b:c8:6a:37:77:4a:d9:96:7b:0d:f0:1d:c1:09:6e:41:
         5f:ec:3b:1f:87:2e:f8:20:66:25:ef:01:d3:ec:40:ae:2d:ac:
         7f:42:f9:f5:f7:8e:36:75:79:72:30:cc:ad:7c:b3:9f:56:38:
         4e:b6:19:ca:73:07:bf:e7:64:b1:19:55:44:bb:c6:6c:02:3f:
         da:df:50:3e:d1:a6:bb:46:4d:80:d1:b1:ed:7f:d6:65:fa:cc:
         b4:2b:8e:a2:68:50:e2:d7:f4:4e:14:1c:9a:bc:89:a2:93:a7:
         9a:4b:80:8a:2a:9e:e9:d3:fc:37:e5:ed:9f:5c:f5:42:17:c9:
         c2:8c:47:31:c8:ae:be:b5:a4:1b:ee:9b:c2:cc:22:16:08:40:
         e3:0a:77:5a
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUEsbhE5ogBAocBFAw/FyiRnSjBfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDE4MjA3NDY2QUIwQTdEN0QxRUYzQzdDRDAyRTgwQkVE
NTgzNDBCQzAeFw0yNDA5MDIxMTUwNTBaFw0yNTA5MDExMTU1NTBaMDMxMTAvBgNV
BAMTKEM5Q0JCRTVDNDQyNUE3QjQxRDk5NUQwM0RFMTA3MzM5ODkwNDMyMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdfPA27GZ9m+7pPH0I72xuK6/K
jURDqALHTRoyDl0GwkJtMnvtfE/QhpF85K6YCXng50m8SJwiXSOyqfwAVJy7Dfn5
4sPGnpsenwC1TJDR7PHO69BIieC5AzNt181oNfkvWiFPxtyrmJIoY19Fb2HgoIyY
SAuCj3CoAyqbud3aTmue+APfVGkYdN8QK1Kx0w2z1mpZOYF2UYD4XF47LsiRNdiN
6zqGj4UT2xhMpV7XLpHEsNm1OtnqS2YzvB6Lm+GycPHH2lDvlQ5cmN8VYc9flRtM
KzaG5Pi6XgIlGg5bU1P8gP6rb2iTejHkyUUPGeCaWsFANvoOWPjhidkR9GSnAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUycu+XEQlp7QdmV0D3hBzOYkEMiswHwYDVR0j
BBgwFoAU0YIHRmqwp9fR7zx80C6AvtWDQLwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGM3MDQwMWMtN2Y0MS00YTZiLTk0MzQtY2M4MGRjYTA5
M2U2LzIvRDE4MjA3NDY2QUIwQTdEN0QxRUYzQzdDRDAyRTgwQkVENTgzNDBCQy5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS83M2I4ZWMwMS04YmE1LTQ3
OWYtYTIyOS0wYWI3MGU0ODE1YmIvMC9EMTgyMDc0NjZBQjBBN0Q3RDFFRjNDN0NE
MDJFODBCRUQ1ODM0MEJDLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8wYzcwNDAxYy03ZjQxLTRhNmItOTQzNC1jYzgwZGNhMDkzZTYvMi8zMjYxMzA2
MjNhMzQ2NTMwMzczYTYyNjMzNjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEz
NDMzMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoLTgcLxjANBgkqhkiG9w0BAQsFAAOCAQEAOOd4
oamZulJKDFIiEcb4ai1qXJkdLfn/6QrufBnvPDns6cLDherfA6Wg74KhTpYjwlBX
hiKsdaGHgDc0ngBD9Q3PxaxfIdFkMlsVqFEisoGiEwLurgp8VySxOLd97AYKuyk8
LEBEkdj5Z3SdbJ6LyGo3d0rZlnsN8B3BCW5BX+w7H4cu+CBmJe8B0+xAri2sf0L5
9feONnV5cjDMrXyzn1Y4TrYZynMHv+dksRlVRLvGbAI/2t9QPtGmu0ZNgNGx7X/W
ZfrMtCuOomhQ4tf0ThQcmryJopOnmkuAiiqe6dP8N+Xtn1z1QhfJwoxHMciuvrWk
G+6bwswiFghA4wp3Wg==
-----END CERTIFICATE-----
Generated at Thu Nov 21 08:09:03 2024 by rpki-client on console-fra.rpki-client.org