Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/326130663a383563313a3630303a3a2f34302d3430203d3e20323136333234.roa
File:                     326130663a383563313a3630303a3a2f34302d3430203d3e20323136333234.roa (raw, json)
Hash identifier:          /HAH9nC8dPQ7yd0oAcO7DOwkfVMv8S3IiLfZ728qwqU=
Subject key identifier:   45:E4:54:BE:C8:8D:C5:DF:BD:43:F8:CC:F2:99:37:F6:59:4A:69:BE
Certificate issuer:       /CN=069FAF47FF48AEF4C98F5097074530A74C111AB9
Certificate serial:       3A60395C226C9350E4A0A0E2298761CD03E49662
Authority key identifier: 06:9F:AF:47:FF:48:AE:F4:C9:8F:50:97:07:45:30:A7:4C:11:1A:B9
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/069FAF47FF48AEF4C98F5097074530A74C111AB9.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/326130663a383563313a3630303a3a2f34302d3430203d3e20323136333234.roa
Signing time:             Tue 30 Apr 2024 06:36:09 +0000
ROA not before:           Tue 30 Apr 2024 06:31:09 +0000
ROA not after:            Tue 29 Apr 2025 06:36:09 +0000
asID:                     216324
IP address blocks:        2a0f:85c1:600::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/069FAF47FF48AEF4C98F5097074530A74C111AB9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/069FAF47FF48AEF4C98F5097074530A74C111AB9.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/069FAF47FF48AEF4C98F5097074530A74C111AB9.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:60:39:5c:22:6c:93:50:e4:a0:a0:e2:29:87:61:cd:03:e4:96:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=069FAF47FF48AEF4C98F5097074530A74C111AB9
        Validity
            Not Before: Apr 30 06:31:09 2024 GMT
            Not After : Apr 29 06:36:09 2025 GMT
        Subject: CN=45E454BEC88DC5DFBD43F8CCF29937F6594A69BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ac:39:24:e4:d3:13:31:77:9d:57:37:95:98:
                    6b:dc:28:e8:0b:06:49:58:33:d8:99:0e:5f:d5:7b:
                    45:e7:2e:90:c5:9c:8d:cb:b8:8d:26:4f:01:55:c6:
                    6d:dd:fa:bc:61:76:c1:af:71:c3:4e:9a:07:71:59:
                    c7:c9:f7:39:73:a8:b5:31:fc:df:99:7e:4c:d7:50:
                    18:33:94:3a:0b:1e:58:0a:c5:b6:7f:6b:5f:af:80:
                    76:ce:10:f0:8c:5d:73:2b:a7:65:c7:f9:68:40:12:
                    d0:25:5d:7a:b8:2d:c8:08:f4:15:60:65:f8:86:e2:
                    4e:01:ce:d1:e9:dc:eb:39:51:b7:b0:b2:71:28:54:
                    83:f5:01:20:48:20:e4:8b:e6:74:01:e2:34:9c:a9:
                    c5:b3:db:7a:fa:ff:7a:0e:31:fc:e0:76:f0:72:6f:
                    5e:ab:15:63:96:ec:fd:29:08:0d:58:c5:fe:18:ec:
                    d1:29:4e:ce:32:0a:6f:cc:35:dc:a9:a0:05:24:9b:
                    35:c9:1c:b7:9d:b6:c0:d2:98:c4:9e:27:18:ba:50:
                    0c:44:94:f6:98:64:e5:b8:d2:46:e4:75:d7:a8:46:
                    06:2a:d6:18:46:e1:36:0d:62:6d:d6:f7:f0:2f:ba:
                    c3:16:d4:a5:cf:9a:10:b5:9e:7c:d2:9a:2b:e6:b5:
                    9e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E4:54:BE:C8:8D:C5:DF:BD:43:F8:CC:F2:99:37:F6:59:4A:69:BE
            X509v3 Authority Key Identifier:
                keyid:06:9F:AF:47:FF:48:AE:F4:C9:8F:50:97:07:45:30:A7:4C:11:1A:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/069FAF47FF48AEF4C98F5097074530A74C111AB9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/069FAF47FF48AEF4C98F5097074530A74C111AB9.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/326130663a383563313a3630303a3a2f34302d3430203d3e20323136333234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         96:78:f6:97:64:7a:91:37:2f:54:68:ca:98:24:34:54:be:5f:
         5d:46:d2:a0:82:58:2b:0a:22:5a:fd:21:43:2a:73:33:a6:54:
         c8:e0:40:04:19:02:c6:51:40:21:21:69:c9:b5:8f:b9:86:cd:
         fa:fa:cd:6a:f3:55:f4:30:a8:27:54:b1:f7:c4:bf:e7:fb:77:
         39:f0:64:e5:6d:1a:a0:f5:5e:6f:5d:19:1d:19:87:42:ce:6f:
         75:96:da:ed:b8:47:df:e6:d6:55:3d:43:8d:a9:ce:d6:29:8b:
         7e:79:5e:07:3d:04:13:6a:ab:14:c0:d7:db:d8:47:d1:39:c3:
         0e:06:98:74:2a:32:3a:9d:f7:9a:f8:dd:65:20:24:4c:4e:c0:
         9e:03:1f:7a:93:5d:65:de:72:84:c4:fa:46:92:8e:93:f1:9a:
         c7:ea:7e:1a:be:e5:6f:9c:a9:0c:66:f0:96:8d:e5:3f:8d:81:
         e2:0c:0c:93:c8:9b:a3:74:1d:17:cd:9e:fd:42:48:d1:5c:7b:
         55:57:96:61:48:9e:f2:07:36:7b:67:5c:8e:fb:a3:ec:ab:06:
         24:5b:40:04:11:6d:a8:30:cb:e6:de:47:08:a2:1f:1b:42:79:
         29:07:c1:fb:10:b5:0a:a8:5b:ca:0d:bc:03:e4:78:6c:cc:55:
         07:a1:44:59
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUOmA5XCJsk1DkoKDiKYdhzQPklmIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDY5RkFGNDdGRjQ4QUVGNEM5OEY1MDk3MDc0NTMwQTc0
QzExMUFCOTAeFw0yNDA0MzAwNjMxMDlaFw0yNTA0MjkwNjM2MDlaMDMxMTAvBgNV
BAMTKDQ1RTQ1NEJFQzg4REM1REZCRDQzRjhDQ0YyOTkzN0Y2NTk0QTY5QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3rDkk5NMTMXedVzeVmGvcKOgL
BklYM9iZDl/Ve0XnLpDFnI3LuI0mTwFVxm3d+rxhdsGvccNOmgdxWcfJ9zlzqLUx
/N+ZfkzXUBgzlDoLHlgKxbZ/a1+vgHbOEPCMXXMrp2XH+WhAEtAlXXq4LcgI9BVg
ZfiG4k4BztHp3Os5UbewsnEoVIP1ASBIIOSL5nQB4jScqcWz23r6/3oOMfzgdvBy
b16rFWOW7P0pCA1Yxf4Y7NEpTs4yCm/MNdypoAUkmzXJHLedtsDSmMSeJxi6UAxE
lPaYZOW40kbkddeoRgYq1hhG4TYNYm3W9/AvusMW1KXPmhC1nnzSmivmtZ6JAgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUReRUvsiNxd+9Q/jM8pk39llKab4wHwYDVR0j
BBgwFoAUBp+vR/9IrvTJj1CXB0Uwp0wRGrkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNkNWY2ODItYjUxYi00ODEyLWI4YjEtNDMwZTM4Njgz
NzQ4LzIvMDY5RkFGNDdGRjQ4QUVGNEM5OEY1MDk3MDc0NTMwQTc0QzExMUFCOS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9mYzIwYWRkMy1hODhlLTRi
YjItYTg0ZC01NWRhMjEyOGYxOTYvMC8wNjlGQUY0N0ZGNDhBRUY0Qzk4RjUwOTcw
NzQ1MzBBNzRDMTExQUI5LmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8yM2Q1ZjY4Mi1iNTFiLTQ4MTItYjhiMS00MzBlMzg2ODM3NDgvMi8zMjYxMzA2
NjNhMzgzNTYzMzEzYTM2MzAzMDNhM2EyZjM0MzAyZDM0MzAyMDNkM2UyMDMyMzEz
NjMzMzIzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcB
BwEB/wQSMBAwDgQCAAIwCAMGACoPhcEGMA0GCSqGSIb3DQEBCwUAA4IBAQCWePaX
ZHqRNy9UaMqYJDRUvl9dRtKgglgrCiJa/SFDKnMzplTI4EAEGQLGUUAhIWnJtY+5
hs36+s1q81X0MKgnVLH3xL/n+3c58GTlbRqg9V5vXRkdGYdCzm91ltrtuEff5tZV
PUONqc7WKYt+eV4HPQQTaqsUwNfb2EfROcMOBph0KjI6nfea+N1lICRMTsCeAx96
k11l3nKExPpGko6T8ZrH6n4avuVvnKkMZvCWjeU/jYHiDAyTyJujdB0XzZ79QkjR
XHtVV5ZhSJ7yBzZ7Z1yO+6PsqwYkW0AEEW2oMMvm3kcIoh8bQnkpB8H7ELUKqFvK
DbwD5HhszFUHoURZ
-----END CERTIFICATE-----
Generated at Sat Jun 15 17:58:02 2024 by rpki-client on console-ams.rpki-client.org