Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3130303a3a2f34382d3438203d3e20323136333234.roa
File:                     326131343a373538313a3130303a3a2f34382d3438203d3e20323136333234.roa (raw, json)
Hash identifier:          fhAY5zWZhAzl0MEo5A1bcsOJrEo4u6tDChGTlNTUJJE=
Subject key identifier:   21:1A:91:C5:21:7E:0A:D1:06:E7:DA:BB:21:FA:6F:4B:EE:C3:3D:C5
Certificate issuer:       /CN=30EC341CC59263F48799F70A95490826E78E6E11
Certificate serial:       0A592434F5608729CE5DDE7E234FF0563C8D582F
Authority key identifier: 30:EC:34:1C:C5:92:63:F4:87:99:F7:0A:95:49:08:26:E7:8E:6E:11
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3130303a3a2f34382d3438203d3e20323136333234.roa
Signing time:             Tue 05 Mar 2024 14:39:01 +0000
ROA not before:           Tue 05 Mar 2024 14:34:01 +0000
ROA not after:            Tue 04 Mar 2025 14:39:01 +0000
asID:                     216324
IP address blocks:        2a14:7581:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/30EC341CC59263F48799F70A95490826E78E6E11.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/30EC341CC59263F48799F70A95490826E78E6E11.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 07:04:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:59:24:34:f5:60:87:29:ce:5d:de:7e:23:4f:f0:56:3c:8d:58:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30EC341CC59263F48799F70A95490826E78E6E11
        Validity
            Not Before: Mar  5 14:34:01 2024 GMT
            Not After : Mar  4 14:39:01 2025 GMT
        Subject: CN=211A91C5217E0AD106E7DABB21FA6F4BEEC33DC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:80:9d:c5:be:38:64:63:1c:24:79:28:b1:36:
                    cf:15:ba:01:49:40:5d:46:24:ce:75:90:09:f0:de:
                    b1:2d:5b:f4:f7:f5:29:74:f2:06:25:78:bf:08:cd:
                    fc:a8:b2:e2:56:85:e7:59:4f:c4:f6:76:a3:3b:7f:
                    ce:56:08:a1:9d:7b:07:85:b0:ae:d2:ef:90:aa:7d:
                    69:42:0a:ff:e0:ca:15:ab:e2:6b:ab:a4:01:a1:4e:
                    9c:2f:c3:e5:41:04:52:66:8f:6a:27:44:65:9c:60:
                    c3:a4:64:c8:23:c0:2f:5b:93:38:bf:c5:1c:d7:93:
                    2d:5d:19:8c:4c:a6:c8:60:a7:2a:fe:dc:53:27:dc:
                    e3:49:bf:32:66:c8:b1:86:5b:77:08:63:a6:ad:ac:
                    d9:ab:10:f8:c2:c6:29:45:5f:15:4d:bb:8a:83:dd:
                    86:ec:58:cb:51:05:38:f3:30:ed:62:a8:2f:c4:5d:
                    dd:24:a5:e9:e3:7a:c0:94:b6:39:52:65:0d:d4:8f:
                    30:1b:94:2f:7d:37:5c:d4:12:bc:08:00:c3:d1:9b:
                    a8:15:6c:20:e7:b0:70:e7:7e:74:b3:25:f7:63:63:
                    1d:08:89:5e:1c:23:0f:bf:97:d4:09:f2:1d:9a:14:
                    5f:e9:57:aa:11:8e:ea:f3:02:a8:0f:40:8e:a5:d6:
                    6a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1A:91:C5:21:7E:0A:D1:06:E7:DA:BB:21:FA:6F:4B:EE:C3:3D:C5
            X509v3 Authority Key Identifier:
                keyid:30:EC:34:1C:C5:92:63:F4:87:99:F7:0A:95:49:08:26:E7:8E:6E:11

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/30EC341CC59263F48799F70A95490826E78E6E11.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3130303a3a2f34382d3438203d3e20323136333234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:e9:02:1f:3a:87:92:de:97:44:a7:06:08:16:0f:fc:1d:c8:
         9b:66:d8:b8:5f:c1:8d:ea:12:b0:51:9e:f8:5b:ce:b4:ed:64:
         80:86:2e:bb:2e:f3:1d:16:ac:80:53:f4:ba:39:21:f3:9d:ee:
         e8:5a:43:38:6f:4c:37:77:e8:71:18:f7:b6:72:4e:7a:ba:91:
         90:f6:83:a6:fa:48:a8:4e:95:14:c6:02:77:98:4e:b5:82:bc:
         a5:0d:75:a7:25:46:51:db:7d:cd:36:e7:b8:f6:93:f1:22:2e:
         b0:a7:4e:26:55:8d:9c:c5:7b:8b:58:86:67:31:ce:ce:ce:fb:
         c0:e7:9c:5f:e2:ae:c0:a8:32:5a:fe:58:70:95:99:cf:85:cc:
         4d:45:7c:02:36:05:52:32:fc:3b:74:a6:a3:67:b4:b2:e9:20:
         b2:7e:21:25:a0:4d:c3:a3:a2:5e:9c:37:20:8d:64:ca:01:5d:
         be:88:a7:c0:91:8b:86:ba:84:d3:d7:a9:aa:b2:40:5e:6d:f8:
         93:76:ca:fd:ca:9b:03:1d:bd:91:11:b2:1d:cb:17:5f:74:08:
         f8:1a:ba:7e:ca:8f:91:c5:6a:2e:22:33:91:a3:ce:51:40:25:
         0e:9c:ae:8e:ce:b4:03:e9:08:f2:4b:6c:74:1d:7a:1a:87:33:
         c7:13:f0:ca
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUClkkNPVghynOXd5+I0/wVjyNWC8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzBFQzM0MUNDNTkyNjNGNDg3OTlGNzBBOTU0OTA4MjZF
NzhFNkUxMTAeFw0yNDAzMDUxNDM0MDFaFw0yNTAzMDQxNDM5MDFaMDMxMTAvBgNV
BAMTKDIxMUE5MUM1MjE3RTBBRDEwNkU3REFCQjIxRkE2RjRCRUVDMzNEQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXgJ3FvjhkYxwkeSixNs8VugFJ
QF1GJM51kAnw3rEtW/T39Sl08gYleL8IzfyosuJWhedZT8T2dqM7f85WCKGdeweF
sK7S75CqfWlCCv/gyhWr4murpAGhTpwvw+VBBFJmj2onRGWcYMOkZMgjwC9bkzi/
xRzXky1dGYxMpshgpyr+3FMn3ONJvzJmyLGGW3cIY6atrNmrEPjCxilFXxVNu4qD
3YbsWMtRBTjzMO1iqC/EXd0kpenjesCUtjlSZQ3UjzAblC99N1zUErwIAMPRm6gV
bCDnsHDnfnSzJfdjYx0IiV4cIw+/l9QJ8h2aFF/pV6oRjurzAqgPQI6l1mpfAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUIRqRxSF+CtEG59q7IfpvS+7DPcUwHwYDVR0j
BBgwFoAUMOw0HMWSY/SHmfcKlUkIJueObhEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNkNWY2ODItYjUxYi00ODEyLWI4YjEtNDMwZTM4Njgz
NzQ4LzEvMzBFQzM0MUNDNTkyNjNGNDg3OTlGNzBBOTU0OTA4MjZFNzhFNkUxMS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8zMEVDMzQxQ0M1OTI2M0Y0ODc5OUY3MEE5
NTQ5MDgyNkU3OEU2RTExLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8yM2Q1ZjY4Mi1iNTFiLTQ4MTItYjhiMS00MzBlMzg2ODM3NDgvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTMxMzAzMDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEz
NjMzMzIzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoUdYEBADANBgkqhkiG9w0BAQsFAAOCAQEAhekC
HzqHkt6XRKcGCBYP/B3Im2bYuF/BjeoSsFGe+FvOtO1kgIYuuy7zHRasgFP0ujkh
853u6FpDOG9MN3focRj3tnJOerqRkPaDpvpIqE6VFMYCd5hOtYK8pQ11pyVGUdt9
zTbnuPaT8SIusKdOJlWNnMV7i1iGZzHOzs77wOecX+KuwKgyWv5YcJWZz4XMTUV8
AjYFUjL8O3Smo2e0sukgsn4hJaBNw6OiXpw3II1kygFdvoinwJGLhrqE09epqrJA
Xm34k3bK/cqbAx29kRGyHcsXX3QI+Bq6fsqPkcVqLiIzkaPOUUAlDpyujs60A+kI
8ktsdB16GoczxxPwyg==
-----END CERTIFICATE-----
Generated at Sat Jun 15 17:58:02 2024 by rpki-client on console-ams.rpki-client.org