Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/326131343a316563373a666666653a3a2f34382d3438203d3e20323135343733.roa
File:                     326131343a316563373a666666653a3a2f34382d3438203d3e20323135343733.roa (raw, json)
Hash identifier:          9zay4odK3MzFXKkb5eRg0MTwSr+YbkDO1NvenSzdJK0=
Subject key identifier:   1B:8D:93:12:C4:6E:59:B2:40:34:7C:28:C5:4B:06:BF:A2:13:BF:20
Certificate issuer:       /CN=3134ee987e08d8b5583feef621a03150c4f35434
Certificate serial:       53C3C863EC46BFA5788CE6FFD14D658428A44791
Authority key identifier: 31:34:EE:98:7E:08:D8:B5:58:3F:EE:F6:21:A0:31:50:C4:F3:54:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/326131343a316563373a666666653a3a2f34382d3438203d3e20323135343733.roa
Signing time:             Fri 22 Mar 2024 20:21:40 +0000
ROA not before:           Fri 22 Mar 2024 20:16:40 +0000
ROA not after:            Fri 21 Mar 2025 20:21:40 +0000
asID:                     215473
IP address blocks:        2a14:1ec7:fffe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:c3:c8:63:ec:46:bf:a5:78:8c:e6:ff:d1:4d:65:84:28:a4:47:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3134ee987e08d8b5583feef621a03150c4f35434
        Validity
            Not Before: Mar 22 20:16:40 2024 GMT
            Not After : Mar 21 20:21:40 2025 GMT
        Subject: CN=1B8D9312C46E59B240347C28C54B06BFA213BF20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:04:34:d7:e9:a7:b0:b3:f6:0d:9f:f6:31:d4:
                    34:be:1f:ed:a6:70:45:59:c4:79:a9:50:dc:6d:a3:
                    c8:c1:11:c0:22:eb:f8:83:28:cc:74:32:1e:97:09:
                    21:d7:e7:c0:19:84:11:41:d6:a7:6e:3c:2c:39:8c:
                    93:86:5c:de:7d:b7:69:1a:80:2b:0f:f6:ed:71:7a:
                    14:42:f7:de:9e:db:5a:2d:09:c4:91:22:c2:3b:c7:
                    e5:d2:ec:7c:a9:be:74:b9:3d:df:b6:6c:bc:55:c9:
                    49:f8:23:b3:dd:82:06:75:66:64:1c:e5:b4:ed:d8:
                    d2:f1:51:98:40:7f:94:17:42:68:1c:00:31:7e:e1:
                    a0:a2:3c:79:94:5c:d4:f9:70:b6:73:d4:ed:bb:88:
                    8a:83:70:c5:4f:89:0c:b4:a8:4d:c3:2f:f9:90:99:
                    0b:c6:91:3e:f5:2f:f4:e7:6b:dd:a8:ba:59:7d:44:
                    3b:71:a5:36:87:3d:d0:0c:0c:fe:75:fc:b1:61:98:
                    be:0d:d4:14:44:b1:db:34:ec:d6:ba:85:69:4a:33:
                    d1:27:c2:34:ba:a1:9a:75:bb:ac:69:f6:8f:7c:a7:
                    71:96:2c:e5:bc:47:57:d4:69:f0:20:61:89:35:c8:
                    14:d3:32:b1:56:e5:53:66:c5:90:bf:5e:43:b5:6c:
                    64:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8D:93:12:C4:6E:59:B2:40:34:7C:28:C5:4B:06:BF:A2:13:BF:20
            X509v3 Authority Key Identifier:
                keyid:31:34:EE:98:7E:08:D8:B5:58:3F:EE:F6:21:A0:31:50:C4:F3:54:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/326131343a316563373a666666653a3a2f34382d3438203d3e20323135343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1ec7:fffe::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:91:59:99:c0:13:12:2d:9b:de:af:7c:0d:85:86:67:30:1b:
         b3:d8:37:20:71:cd:12:b9:3d:b0:b1:82:73:26:22:d9:25:e9:
         6c:26:0a:89:2e:8e:13:4c:c7:ad:a9:05:36:f2:f3:cc:8a:de:
         91:6c:8f:68:c9:56:bc:fe:46:c6:9f:d9:ce:6d:3f:20:8d:ad:
         68:5c:a2:71:3c:1f:f4:40:6a:26:aa:de:b9:f8:6b:5a:25:40:
         a3:fe:cf:34:1d:4e:f0:0c:44:ba:fa:5c:34:7d:60:0f:8b:80:
         b9:b7:58:00:91:f2:66:bd:7d:78:28:28:70:a0:77:68:69:14:
         ee:11:9b:cc:13:2d:62:8b:a4:c5:8b:7e:1d:fe:c8:29:33:ea:
         4b:81:ae:e0:b7:3f:b8:e0:3e:df:aa:c6:2b:5b:95:ea:4e:aa:
         0c:db:4a:ee:51:b8:59:8a:f2:de:dd:e0:d5:ca:b0:3e:ac:4e:
         b3:7e:a7:52:bb:e5:bd:8b:66:49:4a:65:8e:3b:56:8b:09:2d:
         de:6b:96:5c:98:73:cb:9e:5b:5d:3d:fd:1c:e5:d3:58:d5:3c:
         af:16:2a:ad:11:31:e1:c7:4e:59:0b:88:70:37:eb:d5:79:3a:
         3a:3f:a6:6c:ba:42:7c:2d:51:d1:f0:89:44:7e:35:dd:e6:9e:
         20:42:7f:72
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIUU8PIY+xGv6V4jOb/0U1lhCikR5EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzEzNGVlOTg3ZTA4ZDhiNTU4M2ZlZWY2MjFhMDMxNTBj
NGYzNTQzNDAeFw0yNDAzMjIyMDE2NDBaFw0yNTAzMjEyMDIxNDBaMDMxMTAvBgNV
BAMTKDFCOEQ5MzEyQzQ2RTU5QjI0MDM0N0MyOEM1NEIwNkJGQTIxM0JGMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyBDTX6aews/YNn/Yx1DS+H+2m
cEVZxHmpUNxto8jBEcAi6/iDKMx0Mh6XCSHX58AZhBFB1qduPCw5jJOGXN59t2ka
gCsP9u1xehRC996e21otCcSRIsI7x+XS7HypvnS5Pd+2bLxVyUn4I7PdggZ1ZmQc
5bTt2NLxUZhAf5QXQmgcADF+4aCiPHmUXNT5cLZz1O27iIqDcMVPiQy0qE3DL/mQ
mQvGkT71L/Tna92oull9RDtxpTaHPdAMDP51/LFhmL4N1BREsds07Na6hWlKM9En
wjS6oZp1u6xp9o98p3GWLOW8R1fUafAgYYk1yBTTMrFW5VNmxZC/XkO1bGQFAgMB
AAGjggJKMIICRjAdBgNVHQ4EFgQUG42TEsRuWbJANHwoxUsGv6ITvyAwHwYDVR0j
BBgwFoAUMTTumH4I2LVYP+72IaAxUMTzVDQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWEzYmI5M2YtOThhNC00YzdlLWEwZTEtODA1N2E0ZjA4
NmM5LzAvMzEzNEVFOTg3RTA4RDhCNTU4M0ZFRUY2MjFBMDMxNTBDNEYzNTQzNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL01UVHVtSDRJMkxWWVAtNzJJYUF4VU1U
elZEUS5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWEzYmI5M2Yt
OThhNC00YzdlLWEwZTEtODA1N2E0ZjA4NmM5LzAvMzI2MTMxMzQzYTMxNjU2MzM3
M2E2NjY2NjY2NTNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEzNTM0MzczMy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACoUHsf//jANBgkqhkiG9w0BAQsFAAOCAQEAWJFZmcATEi2b3q98
DYWGZzAbs9g3IHHNErk9sLGCcyYi2SXpbCYKiS6OE0zHrakFNvLzzIrekWyPaMlW
vP5Gxp/Zzm0/II2taFyicTwf9EBqJqreufhrWiVAo/7PNB1O8AxEuvpcNH1gD4uA
ubdYAJHyZr19eCgocKB3aGkU7hGbzBMtYoukxYt+Hf7IKTPqS4Gu4Lc/uOA+36rG
K1uV6k6qDNtK7lG4WYry3t3g1cqwPqxOs36nUrvlvYtmSUpljjtWiwkt3muWXJhz
y55bXT39HOXTWNU8rxYqrREx4cdOWQuIcDfr1Xk6Oj+mbLpCfC1R0fCJRH413eae
IEJ/cg==
-----END CERTIFICATE-----
Generated at Sat Jun 15 04:54:54 2024 by rpki-client on console-fra.rpki-client.org