Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/323030313a3766383a3134623a3a2f34382d3438203d3e2030.roa
File:                     323030313a3766383a3134623a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          X9hDIakZxMyYW09+8o3DY1NSDUaTkUm2cM6/XfJPWAU=
Subject key identifier:   05:4D:EB:0E:2B:E1:5C:B8:AC:F0:2F:B5:DB:4D:95:DC:D7:31:E6:80
Certificate issuer:       /CN=600579021287ea6495d7f934a6ded30ee2a5bb38
Certificate serial:       3AAC1238D2D08B0076739854468EC9094CA73810
Authority key identifier: 60:05:79:02:12:87:EA:64:95:D7:F9:34:A6:DE:D3:0E:E2:A5:BB:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/323030313a3766383a3134623a3a2f34382d3438203d3e2030.roa
Signing time:             Thu 28 Dec 2023 21:56:26 +0000
ROA not before:           Thu 28 Dec 2023 21:51:26 +0000
ROA not after:            Thu 26 Dec 2024 21:56:26 +0000
asID:                     0
IP address blocks:        2001:7f8:14b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ac:12:38:d2:d0:8b:00:76:73:98:54:46:8e:c9:09:4c:a7:38:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=600579021287ea6495d7f934a6ded30ee2a5bb38
        Validity
            Not Before: Dec 28 21:51:26 2023 GMT
            Not After : Dec 26 21:56:26 2024 GMT
        Subject: CN=054DEB0E2BE15CB8ACF02FB5DB4D95DCD731E680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:67:78:24:a8:73:b4:10:26:27:49:b2:19:9c:
                    66:e8:c9:f6:7f:3a:b8:37:80:50:3f:81:5c:d2:16:
                    8d:78:33:59:a2:44:df:ef:6e:92:7e:c6:05:7f:6f:
                    ae:0f:1f:ca:a2:15:d7:14:0e:65:37:ed:9a:98:07:
                    8c:74:5b:db:9d:70:fb:1a:46:0f:7d:ab:58:c6:98:
                    5c:cc:f3:43:fe:12:78:d6:54:9f:22:da:c9:a7:db:
                    7f:cb:35:34:ce:83:81:01:a8:c7:40:1c:fd:be:13:
                    8a:f7:12:e3:a0:b3:78:39:d4:64:3b:71:11:b5:3a:
                    fe:ac:63:b5:65:02:b8:5d:98:7f:b7:95:d5:a1:9c:
                    82:2f:96:5a:34:7a:40:f4:ed:67:9f:a2:2f:5a:db:
                    4e:31:60:27:4f:96:30:49:5d:fe:25:a7:3e:c9:43:
                    5c:41:f6:e6:6d:49:f4:35:50:d1:c1:84:3f:a2:27:
                    62:8c:e4:e1:03:fa:5c:28:3f:24:bd:33:49:4b:27:
                    30:08:4d:37:2d:df:cc:3a:d9:bf:54:2d:35:23:cb:
                    20:4b:a8:49:15:06:5d:42:7f:15:9d:13:b1:92:84:
                    57:37:8f:4e:2e:22:d4:c9:b4:16:e4:4a:41:b9:5a:
                    67:21:c3:bb:b0:fb:a1:ac:7a:cc:2b:a1:27:b5:8c:
                    f7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:4D:EB:0E:2B:E1:5C:B8:AC:F0:2F:B5:DB:4D:95:DC:D7:31:E6:80
            X509v3 Authority Key Identifier:
                keyid:60:05:79:02:12:87:EA:64:95:D7:F9:34:A6:DE:D3:0E:E2:A5:BB:38

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/323030313a3766383a3134623a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:14b::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:d8:ec:8f:50:78:84:67:5e:77:7b:0d:23:e9:e8:7e:b9:8f:
         cb:ae:54:8c:18:5f:66:32:f5:63:d4:5a:bc:a6:24:42:79:d1:
         8c:4e:8d:3b:8a:cc:a2:03:fc:7a:e7:a3:5b:d1:31:19:5c:b3:
         0e:b2:a3:43:45:b2:bd:38:8c:7a:b6:0c:9f:dd:f2:b8:f5:d9:
         97:77:9a:07:b3:3e:68:32:12:e5:19:36:e0:d8:a8:48:8e:00:
         8d:2a:ff:ed:97:2d:2a:f1:ae:9a:54:0f:b6:56:38:58:e8:1a:
         2d:8b:cf:22:3b:77:b8:ec:85:7c:c2:ad:6a:7d:f7:79:5b:df:
         d5:13:31:76:d0:06:fe:fa:bb:c2:d1:fe:e5:25:6a:05:5f:01:
         0e:04:6a:f8:32:6e:d4:d7:98:9c:ba:1c:d2:e5:57:52:3e:82:
         ea:3d:36:c5:53:92:1d:01:eb:30:7c:85:96:c0:11:9e:a9:9a:
         ec:83:9e:52:a4:90:8d:ff:8a:c5:ab:e6:8e:94:dd:e1:88:68:
         89:82:a8:2f:17:93:eb:51:51:2a:14:e4:7f:c6:4d:f9:02:4f:
         2b:fd:59:bc:d1:be:28:c5:be:7a:45:2d:a6:82:b2:11:e4:78:
         a3:8b:81:b8:79:25:f1:f6:d9:ef:82:8c:a5:0c:50:a8:be:e3:
         13:11:d8:b1
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUOqwSONLQiwB2c5hURo7JCUynOBAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAwNTc5MDIxMjg3ZWE2NDk1ZDdmOTM0YTZkZWQzMGVl
MmE1YmIzODAeFw0yMzEyMjgyMTUxMjZaFw0yNDEyMjYyMTU2MjZaMDMxMTAvBgNV
BAMTKDA1NERFQjBFMkJFMTVDQjhBQ0YwMkZCNURCNEQ5NURDRDczMUU2ODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z3gkqHO0ECYnSbIZnGboyfZ/
Org3gFA/gVzSFo14M1miRN/vbpJ+xgV/b64PH8qiFdcUDmU37ZqYB4x0W9udcPsa
Rg99q1jGmFzM80P+EnjWVJ8i2smn23/LNTTOg4EBqMdAHP2+E4r3EuOgs3g51GQ7
cRG1Ov6sY7VlArhdmH+3ldWhnIIvllo0ekD07Wefoi9a204xYCdPljBJXf4lpz7J
Q1xB9uZtSfQ1UNHBhD+iJ2KM5OED+lwoPyS9M0lLJzAITTct38w62b9ULTUjyyBL
qEkVBl1CfxWdE7GShFc3j04uItTJtBbkSkG5Wmchw7uw+6GseswroSe1jPfzAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUBU3rDivhXLis8C+1202V3Ncx5oAwHwYDVR0j
BBgwFoAUYAV5AhKH6mSV1/k0pt7TDuKluzgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTk3OWYwMTUtMmQ2OS00OGYxLWJiNTItMzU4MWM0ZGY0
OGZhLzAvNjAwNTc5MDIxMjg3RUE2NDk1RDdGOTM0QTZERUQzMEVFMkE1QkIzOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1lBVjVBaEtINm1TVjFfazBwdDdURHVL
bHV6Zy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTk3OWYwMTUt
MmQ2OS00OGYxLWJiNTItMzU4MWM0ZGY0OGZhLzAvMzIzMDMwMzEzYTM3NjYzODNh
MzEzNDYyM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQf4
AUswDQYJKoZIhvcNAQELBQADggEBAKfY7I9QeIRnXnd7DSPp6H65j8uuVIwYX2Yy
9WPUWrymJEJ50YxOjTuKzKID/Hrno1vRMRlcsw6yo0NFsr04jHq2DJ/d8rj12Zd3
mgezPmgyEuUZNuDYqEiOAI0q/+2XLSrxrppUD7ZWOFjoGi2LzyI7d7jshXzCrWp9
93lb39UTMXbQBv76u8LR/uUlagVfAQ4EavgybtTXmJy6HNLlV1I+guo9NsVTkh0B
6zB8hZbAEZ6pmuyDnlKkkI3/isWr5o6U3eGIaImCqC8Xk+tRUSoU5H/GTfkCTyv9
WbzRvijFvnpFLaaCshHkeKOLgbh5JfH22e+CjKUMUKi+4xMR2LE=
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:58:16 2024 by rpki-client on console-ams.rpki-client.org