Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/326130363a313238333a623161303a3a2f34342d3434203d3e20323136303532.roa
File:                     326130363a313238333a623161303a3a2f34342d3434203d3e20323136303532.roa (raw, json)
Hash identifier:          tfrnoHdIyspcbRMKr20yxuyLEsf4YcFM78iyjJ+tBFg=
Subject key identifier:   39:F0:C7:47:17:52:4D:4F:21:50:DC:4B:61:81:78:DA:49:5F:ED:34
Certificate issuer:       /CN=20595BDBAD09C7D604202305854D1DF14F190959
Certificate serial:       74206E91287657FB707E7FB15615D73712A9D854
Authority key identifier: 20:59:5B:DB:AD:09:C7:D6:04:20:23:05:85:4D:1D:F1:4F:19:09:59
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/20595BDBAD09C7D604202305854D1DF14F190959.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/326130363a313238333a623161303a3a2f34342d3434203d3e20323136303532.roa
Signing time:             Sun 15 Sep 2024 14:36:38 +0000
ROA not before:           Sun 15 Sep 2024 14:31:38 +0000
ROA not after:            Sun 14 Sep 2025 14:36:38 +0000
asID:                     216052
IP address blocks:        2a06:1283:b1a0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/20595BDBAD09C7D604202305854D1DF14F190959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/20595BDBAD09C7D604202305854D1DF14F190959.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/20595BDBAD09C7D604202305854D1DF14F190959.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 04:12:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:20:6e:91:28:76:57:fb:70:7e:7f:b1:56:15:d7:37:12:a9:d8:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20595BDBAD09C7D604202305854D1DF14F190959
        Validity
            Not Before: Sep 15 14:31:38 2024 GMT
            Not After : Sep 14 14:36:38 2025 GMT
        Subject: CN=39F0C74717524D4F2150DC4B618178DA495FED34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ac:f3:34:f6:c5:e6:af:9e:cf:2a:33:d1:76:
                    16:cf:0b:88:fd:9e:69:58:2f:0b:d5:a1:0d:d4:da:
                    cc:61:0c:cf:36:06:34:4d:1a:59:ce:de:92:ac:4c:
                    36:1e:39:e4:ad:4e:91:15:d8:8f:05:d6:6a:d0:91:
                    44:ae:6d:4e:7f:90:54:5c:fa:08:1e:87:fd:cd:a3:
                    57:53:79:1e:f9:c2:f4:17:47:0d:ad:29:0a:5c:66:
                    ce:33:3f:a8:2a:80:8d:d5:98:24:f2:e2:d4:01:9a:
                    5f:76:b1:68:66:68:5a:37:d3:4d:e8:62:77:d5:91:
                    5d:39:66:db:0d:14:55:d3:f4:dd:27:7c:4e:be:80:
                    d9:93:52:78:98:7a:99:b6:0c:31:d9:12:06:17:ff:
                    cb:a1:10:28:09:8c:57:c6:a6:eb:93:62:42:7d:ba:
                    c2:ab:0b:3d:b7:ba:00:18:53:92:52:f0:35:b7:31:
                    dc:ac:37:2a:e0:74:c1:aa:3b:81:17:71:19:e6:38:
                    5b:4d:c3:d0:31:b1:66:e4:b0:fc:c9:99:2d:97:42:
                    37:d5:b2:53:af:0c:aa:0f:eb:86:04:fa:fe:84:e9:
                    2d:69:88:3d:36:5d:f1:67:32:90:96:9a:ef:63:af:
                    f9:84:05:32:70:bc:50:fb:f1:0c:57:7e:54:23:43:
                    a0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:F0:C7:47:17:52:4D:4F:21:50:DC:4B:61:81:78:DA:49:5F:ED:34
            X509v3 Authority Key Identifier:
                keyid:20:59:5B:DB:AD:09:C7:D6:04:20:23:05:85:4D:1D:F1:4F:19:09:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/20595BDBAD09C7D604202305854D1DF14F190959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/20595BDBAD09C7D604202305854D1DF14F190959.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/326130363a313238333a623161303a3a2f34342d3434203d3e20323136303532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1283:b1a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         70:93:5a:df:c9:4d:ba:7c:2b:45:ba:b5:b3:74:b2:84:f7:9a:
         eb:62:3e:f3:ac:a3:65:44:4d:3f:4b:f9:e6:8d:f0:f0:95:ff:
         e2:9f:e7:97:8e:1e:29:54:18:f9:04:00:b7:6f:98:8c:13:3c:
         8c:90:27:6a:c3:3a:09:c6:db:a5:b6:c0:9d:db:4f:27:c9:1b:
         3b:c0:59:c9:44:79:e8:05:dc:ba:86:d2:63:33:c6:2d:d1:3e:
         9f:91:79:f3:dc:71:c3:6c:64:26:71:6f:6d:f9:9f:53:7a:1f:
         f7:23:9c:81:7d:e4:39:62:cb:c2:b7:98:f2:9c:a3:6b:65:c4:
         db:33:0d:ac:5f:da:92:ac:56:72:5e:cf:7d:6a:a4:d5:24:eb:
         b7:f2:25:80:82:b6:1d:1f:b6:3d:1e:59:ba:97:ee:dc:ad:a4:
         5a:8e:01:d5:62:02:7f:c1:45:f4:71:6c:23:13:9d:61:ee:53:
         6a:10:9a:4b:30:af:82:b0:f1:05:a6:00:91:89:cc:59:16:b7:
         8a:cd:6a:e6:a7:d2:d5:72:12:c0:d4:2f:e4:d3:30:c4:f0:d4:
         2a:2a:02:32:ed:74:08:67:33:2e:b1:e3:a6:e7:8a:79:6e:e0:
         42:c7:25:b2:2b:cc:82:a2:93:cc:7c:ff:c5:bf:8f:ea:63:f1:
         8a:b2:96:f3
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIUdCBukSh2V/twfn+xVhXXNxKp2FQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjA1OTVCREJBRDA5QzdENjA0MjAyMzA1ODU0RDFERjE0
RjE5MDk1OTAeFw0yNDA5MTUxNDMxMzhaFw0yNTA5MTQxNDM2MzhaMDMxMTAvBgNV
BAMTKDM5RjBDNzQ3MTc1MjRENEYyMTUwREM0QjYxODE3OERBNDk1RkVEMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDErPM09sXmr57PKjPRdhbPC4j9
nmlYLwvVoQ3U2sxhDM82BjRNGlnO3pKsTDYeOeStTpEV2I8F1mrQkUSubU5/kFRc
+ggeh/3No1dTeR75wvQXRw2tKQpcZs4zP6gqgI3VmCTy4tQBml92sWhmaFo3003o
YnfVkV05ZtsNFFXT9N0nfE6+gNmTUniYepm2DDHZEgYX/8uhECgJjFfGpuuTYkJ9
usKrCz23ugAYU5JS8DW3MdysNyrgdMGqO4EXcRnmOFtNw9AxsWbksPzJmS2XQjfV
slOvDKoP64YE+v6E6S1piD02XfFnMpCWmu9jr/mEBTJwvFD78QxXflQjQ6AdAgMB
AAGjggJ6MIICdjAdBgNVHQ4EFgQUOfDHRxdSTU8hUNxLYYF42klf7TQwHwYDVR0j
BBgwFoAUIFlb260Jx9YEICMFhU0d8U8ZCVkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMtMjA1OC00M2JiLTlhYzYtNWFiNDJkZmJm
NDA5LzEvMjA1OTVCREJBRDA5QzdENjA0MjAyMzA1ODU0RDFERjE0RjE5MDk1OS5j
cmwwgZMGCCsGAQUFBwEBBIGGMIGDMIGABggrBgEFBQcwAoZ0cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1
YzkxYmUzZjlkLzIvMjA1OTVCREJBRDA5QzdENjA0MjAyMzA1ODU0RDFERjE0RjE5
MDk1OS5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMt
MjA1OC00M2JiLTlhYzYtNWFiNDJkZmJmNDA5LzEvMzI2MTMwMzYzYTMxMzIzODMz
M2E2MjMxNjEzMDNhM2EyZjM0MzQyZDM0MzQyMDNkM2UyMDMyMzEzNjMwMzUzMi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHBCoGEoOxoDANBgkqhkiG9w0BAQsFAAOCAQEAcJNa38lNunwrRbq1
s3SyhPea62I+86yjZURNP0v55o3w8JX/4p/nl44eKVQY+QQAt2+YjBM8jJAnasM6
CcbbpbbAndtPJ8kbO8BZyUR56AXcuobSYzPGLdE+n5F589xxw2xkJnFvbfmfU3of
9yOcgX3kOWLLwreY8pyja2XE2zMNrF/akqxWcl7PfWqk1STrt/IlgIK2HR+2PR5Z
upfu3K2kWo4B1WICf8FF9HFsIxOdYe5TahCaSzCvgrDxBaYAkYnMWRa3is1q5qfS
1XISwNQv5NMwxPDUKioCMu10CGczLrHjpueKeW7gQsclsivMgqKTzHz/xb+P6mPx
irKW8w==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:50:40 2024 by rpki-client on console-fra.rpki-client.org