Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a6265633a3a2f34372d3437203d3e20323136333131.roa
File:                     326130623a346530373a6265633a3a2f34372d3437203d3e20323136333131.roa (raw, json)
Hash identifier:          NpnZhAMUbBZD9pj8z/RvI5Uqbt4hgypvLftd8dy9BmA=
Subject key identifier:   03:98:22:A4:D4:88:3A:8C:19:40:71:99:E4:55:38:ED:B3:D2:2B:39
Certificate issuer:       /CN=D18207466AB0A7D7D1EF3C7CD02E80BED58340BC
Certificate serial:       0796FEFFD6451F57F9C0EBEDFC1A33C3714D4098
Authority key identifier: D1:82:07:46:6A:B0:A7:D7:D1:EF:3C:7C:D0:2E:80:BE:D5:83:40:BC
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a6265633a3a2f34372d3437203d3e20323136333131.roa
Signing time:             Thu 25 Jul 2024 10:49:11 +0000
ROA not before:           Thu 25 Jul 2024 10:44:11 +0000
ROA not after:            Thu 24 Jul 2025 10:49:11 +0000
asID:                     216311
IP address blocks:        2a0b:4e07:bec::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QuUI-6iWD0gHGxGazL9Xvb86gFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:96:fe:ff:d6:45:1f:57:f9:c0:eb:ed:fc:1a:33:c3:71:4d:40:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D18207466AB0A7D7D1EF3C7CD02E80BED58340BC
        Validity
            Not Before: Jul 25 10:44:11 2024 GMT
            Not After : Jul 24 10:49:11 2025 GMT
        Subject: CN=039822A4D4883A8C19407199E45538EDB3D22B39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:40:f0:75:76:e4:da:22:35:68:22:6d:e0:1a:
                    05:8b:f4:a9:02:77:2c:65:36:70:14:7d:6d:1a:9d:
                    1a:52:27:3d:20:d5:f3:6a:f5:f0:5d:05:27:50:d4:
                    6c:2e:57:37:c6:7a:c2:e0:c2:5e:26:db:6b:b4:a2:
                    3e:75:be:dc:1a:30:80:05:2f:0a:58:ca:62:01:f4:
                    5d:a5:75:c2:78:cd:96:04:63:6f:e4:b7:23:d4:bd:
                    d6:7b:78:eb:af:38:2c:83:63:64:8a:ef:a1:f7:33:
                    0f:d2:0d:f3:13:b9:e3:d9:a3:44:f9:a4:fc:c5:fa:
                    c3:e5:15:4f:41:c9:fb:e1:8f:fa:45:f1:fd:87:e3:
                    1e:9b:ee:b7:48:31:f9:ad:82:1f:1d:3d:16:9a:51:
                    45:f3:84:04:e5:96:a9:33:62:79:73:bf:21:f2:bd:
                    13:d6:4b:69:34:c6:d4:a1:9b:c0:5a:41:20:7e:91:
                    34:f3:7b:e8:8b:fd:17:59:81:c9:f7:78:d7:94:a8:
                    9c:f1:b9:80:59:4f:ef:87:53:8a:91:79:ad:98:be:
                    f1:e3:bf:ec:45:1c:f4:dc:e1:15:2a:3f:59:b6:93:
                    67:d6:79:92:74:82:63:8a:70:41:65:f2:4f:43:94:
                    9e:ac:c5:31:02:8a:ed:05:22:95:d6:ad:0a:2a:35:
                    a2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:98:22:A4:D4:88:3A:8C:19:40:71:99:E4:55:38:ED:B3:D2:2B:39
            X509v3 Authority Key Identifier:
                keyid:D1:82:07:46:6A:B0:A7:D7:D1:EF:3C:7C:D0:2E:80:BE:D5:83:40:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a6265633a3a2f34372d3437203d3e20323136333131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4e07:bec::/47

    Signature Algorithm: sha256WithRSAEncryption
         43:97:a6:9a:99:a5:8a:e8:40:77:3f:a2:68:c9:ab:4e:38:20:
         81:8e:1e:20:e8:0c:f0:b8:87:2e:fe:7f:de:10:2a:e1:96:19:
         8e:71:f5:5f:ad:40:dd:04:51:ea:1c:52:a8:35:50:43:ac:62:
         85:48:ff:b5:eb:ec:1c:8f:41:44:25:b2:84:5d:f7:ad:9f:37:
         62:dc:a8:25:d0:35:56:4d:13:6c:56:a9:e1:31:11:da:a8:a3:
         a9:84:47:45:1f:f2:10:28:1a:ba:cf:8c:3c:1e:27:e7:3f:af:
         81:5d:7a:e0:e4:1c:6a:cd:c8:4a:4c:67:1e:72:90:45:16:d9:
         8b:87:45:c3:d9:e6:bb:ab:71:d7:de:c1:a6:e9:5e:a7:38:39:
         1a:78:b7:7f:ab:38:ea:40:c4:3c:02:40:00:c1:b7:32:89:fc:
         77:3f:9f:c5:f9:4c:ce:23:fa:2a:30:07:67:92:fc:4e:f9:d7:
         9e:5b:82:e5:c9:6a:50:95:43:db:0b:fd:c9:54:83:54:fd:e5:
         02:18:9c:f9:58:b3:d1:c5:16:22:3d:62:e2:5c:ec:b8:7b:44:
         f7:c6:3c:c5:e7:64:27:85:2c:40:cf:8d:75:bf:7d:42:3b:80:
         f6:b0:5d:d5:74:a6:d5:6a:c2:bf:58:2c:f1:37:2c:89:5b:23:
         22:93:bd:73
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUB5b+/9ZFH1f5wOvt/Bozw3FNQJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDE4MjA3NDY2QUIwQTdEN0QxRUYzQzdDRDAyRTgwQkVE
NTgzNDBCQzAeFw0yNDA3MjUxMDQ0MTFaFw0yNTA3MjQxMDQ5MTFaMDMxMTAvBgNV
BAMTKDAzOTgyMkE0RDQ4ODNBOEMxOTQwNzE5OUU0NTUzOEVEQjNEMjJCMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwQPB1duTaIjVoIm3gGgWL9KkC
dyxlNnAUfW0anRpSJz0g1fNq9fBdBSdQ1GwuVzfGesLgwl4m22u0oj51vtwaMIAF
LwpYymIB9F2ldcJ4zZYEY2/ktyPUvdZ7eOuvOCyDY2SK76H3Mw/SDfMTuePZo0T5
pPzF+sPlFU9Byfvhj/pF8f2H4x6b7rdIMfmtgh8dPRaaUUXzhATllqkzYnlzvyHy
vRPWS2k0xtShm8BaQSB+kTTze+iL/RdZgcn3eNeUqJzxuYBZT++HU4qRea2YvvHj
v+xFHPTc4RUqP1m2k2fWeZJ0gmOKcEFl8k9DlJ6sxTECiu0FIpXWrQoqNaLVAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUA5gipNSIOowZQHGZ5FU47bPSKzkwHwYDVR0j
BBgwFoAU0YIHRmqwp9fR7zx80C6AvtWDQLwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGM3MDQwMWMtN2Y0MS00YTZiLTk0MzQtY2M4MGRjYTA5
M2U2LzIvRDE4MjA3NDY2QUIwQTdEN0QxRUYzQzdDRDAyRTgwQkVENTgzNDBCQy5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS83M2I4ZWMwMS04YmE1LTQ3
OWYtYTIyOS0wYWI3MGU0ODE1YmIvMC9EMTgyMDc0NjZBQjBBN0Q3RDFFRjNDN0NE
MDJFODBCRUQ1ODM0MEJDLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8wYzcwNDAxYy03ZjQxLTRhNmItOTQzNC1jYzgwZGNhMDkzZTYvMi8zMjYxMzA2
MjNhMzQ2NTMwMzczYTYyNjU2MzNhM2EyZjM0MzcyZDM0MzcyMDNkM2UyMDMyMzEz
NjMzMzEzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHASoLTgcL7DANBgkqhkiG9w0BAQsFAAOCAQEAQ5em
mpmliuhAdz+iaMmrTjgggY4eIOgM8LiHLv5/3hAq4ZYZjnH1X61A3QRR6hxSqDVQ
Q6xihUj/tevsHI9BRCWyhF33rZ83YtyoJdA1Vk0TbFap4TER2qijqYRHRR/yECga
us+MPB4n5z+vgV164OQcas3ISkxnHnKQRRbZi4dFw9nmu6tx197Bpulepzg5Gni3
f6s46kDEPAJAAMG3Mon8dz+fxflMziP6KjAHZ5L8TvnXnluC5clqUJVD2wv9yVSD
VP3lAhic+Viz0cUWIj1i4lzsuHtE98Y8xedkJ4UsQM+Ndb99QjuA9rBd1XSm1WrC
v1gs8TcsiVsjIpO9cw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 07:50:28 2024 by rpki-client on console-ams.rpki-client.org