Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/311e47c4-02f0-4657-9022-d2b83cff8755/4/326131343a373538313a343832303a3a2f34342d3438203d3e20323135323233.roa
File:                     326131343a373538313a343832303a3a2f34342d3438203d3e20323135323233.roa (raw, json)
Hash identifier:          uw3KMHJgZ6Bs1XgZHu5jmQaEivCBCHNoA88XalRkJlM=
Subject key identifier:   11:01:CD:2D:BB:54:D7:8D:C7:2A:B1:18:2C:9C:E0:82:E3:1E:78:71
Certificate issuer:       /CN=8E07D31C6452F7A6B24E63CDDC490E12E0AFB38C
Certificate serial:       0BB80172C9CB4FA6C1A16E9570D334998EF21263
Authority key identifier: 8E:07:D3:1C:64:52:F7:A6:B2:4E:63:CD:DC:49:0E:12:E0:AF:B3:8C
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/8E07D31C6452F7A6B24E63CDDC490E12E0AFB38C.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/311e47c4-02f0-4657-9022-d2b83cff8755/4/326131343a373538313a343832303a3a2f34342d3438203d3e20323135323233.roa
Signing time:             Wed 27 Mar 2024 11:02:31 +0000
ROA not before:           Wed 27 Mar 2024 10:57:31 +0000
ROA not after:            Wed 26 Mar 2025 11:02:31 +0000
asID:                     215223
IP address blocks:        2a14:7581:4820::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/311e47c4-02f0-4657-9022-d2b83cff8755/4/8E07D31C6452F7A6B24E63CDDC490E12E0AFB38C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/311e47c4-02f0-4657-9022-d2b83cff8755/4/8E07D31C6452F7A6B24E63CDDC490E12E0AFB38C.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/8E07D31C6452F7A6B24E63CDDC490E12E0AFB38C.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:b8:01:72:c9:cb:4f:a6:c1:a1:6e:95:70:d3:34:99:8e:f2:12:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8E07D31C6452F7A6B24E63CDDC490E12E0AFB38C
        Validity
            Not Before: Mar 27 10:57:31 2024 GMT
            Not After : Mar 26 11:02:31 2025 GMT
        Subject: CN=1101CD2DBB54D78DC72AB1182C9CE082E31E7871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:28:92:6d:af:20:b8:f2:fb:cb:d1:00:c3:9d:
                    69:a7:66:57:64:cb:e3:28:67:57:0b:e4:d5:1f:a2:
                    ed:95:e0:54:2f:97:c4:52:ba:55:92:df:38:96:8f:
                    d9:89:0f:15:df:39:c8:06:ff:c9:cf:84:03:4a:44:
                    b9:cf:c2:13:e2:79:00:16:ee:00:48:c5:70:85:a6:
                    59:ca:2b:24:58:25:ad:98:ce:49:85:e3:e8:be:7a:
                    5e:4b:ed:c2:e4:e6:93:eb:c0:38:9a:b7:2a:35:92:
                    86:c1:59:b7:95:1e:a7:bc:c3:0a:66:03:2d:08:05:
                    10:c1:aa:ef:65:07:dc:90:bf:f4:db:a0:07:9b:b2:
                    90:25:02:6f:53:75:26:cd:56:1e:b1:ca:87:e0:c5:
                    1c:43:4f:25:86:ce:3e:32:ec:9a:2b:ab:22:55:39:
                    6a:a8:07:37:3b:5d:f0:9a:aa:81:a3:7c:10:6f:e7:
                    e0:3f:a4:01:2e:53:28:5e:77:cb:ef:47:29:8d:c9:
                    42:ab:40:19:c5:1f:2e:19:6f:b4:3d:9b:43:fa:26:
                    79:e3:49:9a:06:5d:97:57:1c:70:fb:d7:5f:6e:5b:
                    d1:fe:0f:22:18:23:7e:13:c5:57:46:df:08:17:9c:
                    95:32:09:45:78:06:c2:06:ac:07:fe:2c:a8:8c:82:
                    0e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:01:CD:2D:BB:54:D7:8D:C7:2A:B1:18:2C:9C:E0:82:E3:1E:78:71
            X509v3 Authority Key Identifier:
                keyid:8E:07:D3:1C:64:52:F7:A6:B2:4E:63:CD:DC:49:0E:12:E0:AF:B3:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/311e47c4-02f0-4657-9022-d2b83cff8755/4/8E07D31C6452F7A6B24E63CDDC490E12E0AFB38C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/8E07D31C6452F7A6B24E63CDDC490E12E0AFB38C.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/311e47c4-02f0-4657-9022-d2b83cff8755/4/326131343a373538313a343832303a3a2f34342d3438203d3e20323135323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:4820::/44

    Signature Algorithm: sha256WithRSAEncryption
         03:4a:3b:24:ba:66:26:f0:f3:b9:8e:b2:60:63:1f:b0:7f:a1:
         a5:d0:a0:b9:db:a9:f3:3a:b2:2d:c0:f8:28:3d:08:22:13:bb:
         3c:51:46:6e:22:d2:f7:b6:9e:05:23:82:01:29:67:a4:ce:dc:
         a7:59:d3:49:33:4e:6a:f4:e6:11:5b:a3:ca:6d:94:41:e5:8a:
         18:16:bb:12:18:d3:78:ac:40:b8:f3:bb:20:8c:94:ed:18:aa:
         cc:33:6a:56:04:ed:08:67:db:e8:b3:19:f1:d2:03:ed:1e:9e:
         ac:bc:89:af:2c:49:a6:49:a8:14:4d:33:ac:d5:3f:98:61:7e:
         f5:4c:d5:bc:03:87:35:4c:32:66:73:6a:7c:e5:ae:47:da:1c:
         4a:09:2a:3a:9d:15:c3:72:ee:3a:c6:25:cd:76:c7:c5:e3:66:
         32:6e:40:10:0c:39:ad:18:ed:b2:91:ca:1a:51:1d:79:4b:e2:
         f5:da:4e:1d:72:13:d7:32:af:ac:ac:73:7e:01:13:9c:1d:4f:
         d6:c9:1a:90:ac:bc:d9:11:4c:d1:88:6c:ec:44:8e:10:4b:87:
         2d:08:23:7b:2c:5b:f3:e5:7a:e9:b6:cb:f7:e0:1d:fb:da:2a:
         e3:d3:00:f7:4b:ca:d9:bb:c8:4f:a8:fb:f6:dd:b9:ad:8e:cb:
         de:06:8b:c1
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUC7gBcsnLT6bBoW6VcNM0mY7yEmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEUwN0QzMUM2NDUyRjdBNkIyNEU2M0NEREM0OTBFMTJF
MEFGQjM4QzAeFw0yNDAzMjcxMDU3MzFaFw0yNTAzMjYxMTAyMzFaMDMxMTAvBgNV
BAMTKDExMDFDRDJEQkI1NEQ3OERDNzJBQjExODJDOUNFMDgyRTMxRTc4NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNKJJtryC48vvL0QDDnWmnZldk
y+MoZ1cL5NUfou2V4FQvl8RSulWS3ziWj9mJDxXfOcgG/8nPhANKRLnPwhPieQAW
7gBIxXCFplnKKyRYJa2YzkmF4+i+el5L7cLk5pPrwDiatyo1kobBWbeVHqe8wwpm
Ay0IBRDBqu9lB9yQv/TboAebspAlAm9TdSbNVh6xyofgxRxDTyWGzj4y7JorqyJV
OWqoBzc7XfCaqoGjfBBv5+A/pAEuUyhed8vvRymNyUKrQBnFHy4Zb7Q9m0P6Jnnj
SZoGXZdXHHD7119uW9H+DyIYI34TxVdG3wgXnJUyCUV4BsIGrAf+LKiMgg41AgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQUEQHNLbtU143HKrEYLJzgguMeeHEwHwYDVR0j
BBgwFoAUjgfTHGRS96ayTmPN3EkOEuCvs4wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzExZTQ3YzQtMDJmMC00NjU3LTkwMjItZDJiODNjZmY4
NzU1LzQvOEUwN0QzMUM2NDUyRjdBNkIyNEU2M0NEREM0OTBFMTJFMEFGQjM4Qy5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC84RTA3RDMxQzY0NTJGN0E2QjI0RTYzQ0RE
QzQ5MEUxMkUwQUZCMzhDLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMTFlNDdjNC0wMmYwLTQ2NTctOTAyMi1kMmI4M2NmZjg3NTUvNC8zMjYxMzEz
NDNhMzczNTM4MzEzYTM0MzgzMjMwM2EzYTJmMzQzNDJkMzQzODIwM2QzZTIwMzIz
MTM1MzIzMjMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcEKhR1gUggMA0GCSqGSIb3DQEBCwUAA4IBAQAD
SjskumYm8PO5jrJgYx+wf6Gl0KC526nzOrItwPgoPQgiE7s8UUZuItL3tp4FI4IB
KWekztynWdNJM05q9OYRW6PKbZRB5YoYFrsSGNN4rEC487sgjJTtGKrMM2pWBO0I
Z9vosxnx0gPtHp6svImvLEmmSagUTTOs1T+YYX71TNW8A4c1TDJmc2p85a5H2hxK
CSo6nRXDcu46xiXNdsfF42YybkAQDDmtGO2ykcoaUR15S+L12k4dchPXMq+srHN+
AROcHU/WyRqQrLzZEUzRiGzsRI4QS4ctCCN7LFvz5Xrptsv34B372irj0wD3S8rZ
u8hPqPv23bmtjsveBovB
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:58:16 2024 by rpki-client on console-ams.rpki-client.org