Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/326130363a313238333a633032323a3a2f34382d3438203d3e20323136303635.roa
File:                     326130363a313238333a633032323a3a2f34382d3438203d3e20323136303635.roa (raw, json)
Hash identifier:          ft0xDZ0m3YrmXnJDuJ36EGFpl51/SlgsgXIQjDVz9KU=
Subject key identifier:   FB:CC:3A:9E:0C:94:9B:83:DC:E4:AF:56:15:D9:81:72:C3:E7:1D:D1
Certificate issuer:       /CN=20595BDBAD09C7D604202305854D1DF14F190959
Certificate serial:       4817E5B629E7E1B1DDC1350014F46DC0416B11B3
Authority key identifier: 20:59:5B:DB:AD:09:C7:D6:04:20:23:05:85:4D:1D:F1:4F:19:09:59
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/20595BDBAD09C7D604202305854D1DF14F190959.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/326130363a313238333a633032323a3a2f34382d3438203d3e20323136303635.roa
Signing time:             Sun 15 Sep 2024 14:36:36 +0000
ROA not before:           Sun 15 Sep 2024 14:31:36 +0000
ROA not after:            Sun 14 Sep 2025 14:36:36 +0000
asID:                     216065
IP address blocks:        2a06:1283:c022::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/20595BDBAD09C7D604202305854D1DF14F190959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/20595BDBAD09C7D604202305854D1DF14F190959.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/20595BDBAD09C7D604202305854D1DF14F190959.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:27:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:17:e5:b6:29:e7:e1:b1:dd:c1:35:00:14:f4:6d:c0:41:6b:11:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20595BDBAD09C7D604202305854D1DF14F190959
        Validity
            Not Before: Sep 15 14:31:36 2024 GMT
            Not After : Sep 14 14:36:36 2025 GMT
        Subject: CN=FBCC3A9E0C949B83DCE4AF5615D98172C3E71DD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b8:ff:06:1c:a4:c1:60:11:04:6f:1c:d3:81:
                    ab:ee:eb:b5:87:1d:4d:95:44:3a:73:c1:78:48:c4:
                    99:a9:cf:20:12:16:98:2a:5b:53:36:0f:12:f0:cb:
                    9b:9a:37:ed:a2:d7:e3:ff:f6:ee:29:18:c0:c1:89:
                    45:72:50:f7:cc:7a:e9:3d:95:d8:7c:44:eb:82:0c:
                    dc:5d:83:97:64:7b:52:bb:88:5c:dd:87:b1:60:50:
                    8c:ca:f6:22:77:02:68:79:08:e8:fa:03:4c:68:15:
                    8f:3b:6b:84:a0:11:27:a5:5d:8c:8d:f2:1f:4d:47:
                    15:07:79:84:ae:95:ab:17:81:ab:c9:9b:56:a4:d9:
                    8c:6d:be:ca:4f:56:f3:a0:fa:13:23:ce:06:31:a5:
                    fb:a0:9c:f8:25:ea:8b:71:2a:2f:e1:10:83:0e:f5:
                    28:ee:21:78:b9:c3:08:aa:0a:1e:c8:0e:8a:13:10:
                    54:95:ae:65:c9:ba:ef:9f:80:45:02:29:7e:32:ff:
                    db:a6:7b:83:a4:d9:31:75:36:de:ae:0f:5d:a3:21:
                    12:e5:b2:84:ba:5c:ac:1f:76:2f:46:6a:ca:61:96:
                    8e:c7:f9:51:ac:e0:24:2b:34:3a:eb:f5:48:01:f1:
                    38:78:0c:6e:17:49:98:bb:65:f2:9b:95:3c:af:03:
                    ec:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:CC:3A:9E:0C:94:9B:83:DC:E4:AF:56:15:D9:81:72:C3:E7:1D:D1
            X509v3 Authority Key Identifier:
                keyid:20:59:5B:DB:AD:09:C7:D6:04:20:23:05:85:4D:1D:F1:4F:19:09:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/20595BDBAD09C7D604202305854D1DF14F190959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/20595BDBAD09C7D604202305854D1DF14F190959.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/1/326130363a313238333a633032323a3a2f34382d3438203d3e20323136303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1283:c022::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:3f:74:41:92:2c:9a:49:a7:d2:38:fa:0a:f8:fd:b0:67:6d:
         8a:e4:a9:fe:5d:2c:9d:0a:51:8c:5f:ac:63:aa:cb:9b:99:76:
         25:17:92:a9:af:1b:bb:81:c0:3a:67:47:49:e1:41:00:27:cd:
         8c:89:00:bd:1f:f2:c3:7b:43:0b:f6:6e:0a:23:0f:ee:57:e4:
         7b:a3:99:89:4f:e8:93:35:c6:3c:98:cc:be:f5:5d:a0:8b:89:
         5d:fd:40:7e:88:0d:90:ca:05:d9:2e:f9:20:eb:1c:c5:7b:bd:
         e0:37:09:80:5f:fe:41:3a:f5:79:d0:96:41:b1:dd:d1:a8:ba:
         ee:a6:0a:ba:c1:2d:1a:f0:e4:6b:57:3f:6b:ff:69:fb:37:26:
         b3:19:5e:ca:64:2a:1a:58:75:68:a5:8b:91:fa:89:9b:df:30:
         86:8a:43:e7:93:8d:d5:d2:23:4b:75:19:7c:cd:0b:23:20:9b:
         d7:ce:63:f6:bc:d9:12:6b:ea:01:48:96:f2:13:5d:b2:79:6b:
         b8:23:13:be:25:92:29:2f:a2:01:c6:4c:dc:66:dc:15:ff:e3:
         cd:3e:f5:fe:15:16:c4:dd:67:66:56:32:d0:44:ad:7e:d5:81:
         b5:35:8b:24:7a:6c:76:99:53:cd:8d:25:be:4c:23:b0:40:0a:
         b7:f7:07:58
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIUSBfltinn4bHdwTUAFPRtwEFrEbMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjA1OTVCREJBRDA5QzdENjA0MjAyMzA1ODU0RDFERjE0
RjE5MDk1OTAeFw0yNDA5MTUxNDMxMzZaFw0yNTA5MTQxNDM2MzZaMDMxMTAvBgNV
BAMTKEZCQ0MzQTlFMEM5NDlCODNEQ0U0QUY1NjE1RDk4MTcyQzNFNzFERDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1uP8GHKTBYBEEbxzTgavu67WH
HU2VRDpzwXhIxJmpzyASFpgqW1M2DxLwy5uaN+2i1+P/9u4pGMDBiUVyUPfMeuk9
ldh8ROuCDNxdg5dke1K7iFzdh7FgUIzK9iJ3Amh5COj6A0xoFY87a4SgESelXYyN
8h9NRxUHeYSulasXgavJm1ak2YxtvspPVvOg+hMjzgYxpfugnPgl6otxKi/hEIMO
9SjuIXi5wwiqCh7IDooTEFSVrmXJuu+fgEUCKX4y/9ume4Ok2TF1Nt6uD12jIRLl
soS6XKwfdi9Gasphlo7H+VGs4CQrNDrr9UgB8Th4DG4XSZi7ZfKblTyvA+zBAgMB
AAGjggJ6MIICdjAdBgNVHQ4EFgQU+8w6ngyUm4Pc5K9WFdmBcsPnHdEwHwYDVR0j
BBgwFoAUIFlb260Jx9YEICMFhU0d8U8ZCVkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMtMjA1OC00M2JiLTlhYzYtNWFiNDJkZmJm
NDA5LzEvMjA1OTVCREJBRDA5QzdENjA0MjAyMzA1ODU0RDFERjE0RjE5MDk1OS5j
cmwwgZMGCCsGAQUFBwEBBIGGMIGDMIGABggrBgEFBQcwAoZ0cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1
YzkxYmUzZjlkLzIvMjA1OTVCREJBRDA5QzdENjA0MjAyMzA1ODU0RDFERjE0RjE5
MDk1OS5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMt
MjA1OC00M2JiLTlhYzYtNWFiNDJkZmJmNDA5LzEvMzI2MTMwMzYzYTMxMzIzODMz
M2E2MzMwMzIzMjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEzNjMwMzYzNS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACoGEoPAIjANBgkqhkiG9w0BAQsFAAOCAQEAwT90QZIsmkmn0jj6
Cvj9sGdtiuSp/l0snQpRjF+sY6rLm5l2JReSqa8bu4HAOmdHSeFBACfNjIkAvR/y
w3tDC/ZuCiMP7lfke6OZiU/okzXGPJjMvvVdoIuJXf1AfogNkMoF2S75IOscxXu9
4DcJgF/+QTr1edCWQbHd0ai67qYKusEtGvDka1c/a/9p+zcmsxleymQqGlh1aKWL
kfqJm98whopD55ON1dIjS3UZfM0LIyCb185j9rzZEmvqAUiW8hNdsnlruCMTviWS
KS+iAcZM3GbcFf/jzT71/hUWxN1nZlYy0EStftWBtTWLJHpsdplTzY0lvkwjsEAK
t/cHWA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:13:20 2024 by rpki-client on console-fra.rpki-client.org