Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/3/323030313a3637633a6438633a3a2f34382d313238203d3e203437323732.roa
File:                     323030313a3637633a6438633a3a2f34382d313238203d3e203437323732.roa (raw, json)
Hash identifier:          /jF4OiRKoSzGnVtZwuFYIxmTit/+rezvS+u0DWhSpDg=
Subject key identifier:   85:F4:6A:5C:61:C7:09:5C:79:7E:F1:B7:42:5E:FD:45:BD:6B:8E:7A
Certificate issuer:       /CN=1ec805e37c5b53351c6a182763530a50d9308c7e
Certificate serial:       5F5968C5DB82AE110DC884A256D5B1262E4653B7
Authority key identifier: 1E:C8:05:E3:7C:5B:53:35:1C:6A:18:27:63:53:0A:50:D9:30:8C:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HsgF43xbUzUcahgnY1MKUNkwjH4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/3/323030313a3637633a6438633a3a2f34382d313238203d3e203437323732.roa
Signing time:             Wed 24 Jan 2024 10:59:38 +0000
ROA not before:           Wed 24 Jan 2024 10:54:38 +0000
ROA not after:            Wed 22 Jan 2025 10:59:38 +0000
asID:                     47272
IP address blocks:        2001:67c:d8c::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/3/1EC805E37C5B53351C6A182763530A50D9308C7E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/3/1EC805E37C5B53351C6A182763530A50D9308C7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HsgF43xbUzUcahgnY1MKUNkwjH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:59:68:c5:db:82:ae:11:0d:c8:84:a2:56:d5:b1:26:2e:46:53:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ec805e37c5b53351c6a182763530a50d9308c7e
        Validity
            Not Before: Jan 24 10:54:38 2024 GMT
            Not After : Jan 22 10:59:38 2025 GMT
        Subject: CN=85F46A5C61C7095C797EF1B7425EFD45BD6B8E7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4f:de:bb:ac:9f:9b:49:65:cd:48:13:d7:d1:
                    7e:40:37:de:f0:80:52:d1:1b:9b:1d:10:47:45:2f:
                    6c:f7:dc:b3:97:64:47:b1:c2:d4:31:81:46:ee:f6:
                    06:b9:9c:32:d9:80:c7:98:cb:b2:f7:e7:a0:6d:9f:
                    6b:6e:41:c6:2d:36:c1:a0:00:ed:66:f8:cc:11:f3:
                    82:35:53:30:15:89:01:4d:ad:87:05:02:08:77:e8:
                    98:0a:23:37:b1:83:b2:20:25:90:14:f7:e1:5b:f4:
                    df:aa:a3:31:72:59:12:ad:2a:9f:df:9a:b7:90:c9:
                    5b:8b:54:5f:50:48:f1:96:9d:07:66:fa:b1:6e:fc:
                    40:bc:db:f0:e1:bd:3c:33:bf:90:ae:74:d4:f4:7e:
                    14:0b:2c:2d:d3:81:43:54:66:64:df:83:77:3b:a8:
                    8c:ad:af:0a:93:ae:c8:55:3c:2e:80:da:ce:6a:20:
                    da:6a:8e:dc:60:43:8c:bb:41:95:06:e2:a1:79:30:
                    b6:10:65:fd:b5:2b:6a:76:a9:c7:ee:d5:6d:97:21:
                    27:73:f2:ca:39:75:5d:92:e2:c6:27:d2:74:a4:1e:
                    53:12:bc:98:ba:fa:8a:68:99:30:4d:63:c5:b2:ee:
                    f8:4d:d6:65:b2:82:60:ea:c5:2f:d6:3d:f6:e8:0c:
                    82:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F4:6A:5C:61:C7:09:5C:79:7E:F1:B7:42:5E:FD:45:BD:6B:8E:7A
            X509v3 Authority Key Identifier:
                keyid:1E:C8:05:E3:7C:5B:53:35:1C:6A:18:27:63:53:0A:50:D9:30:8C:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/3/1EC805E37C5B53351C6A182763530A50D9308C7E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HsgF43xbUzUcahgnY1MKUNkwjH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/3/323030313a3637633a6438633a3a2f34382d313238203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:af:96:82:8a:ab:53:45:3b:53:a1:97:b8:f5:8b:0b:2b:12:
         a2:dc:0e:e2:26:70:50:24:c8:44:95:1a:dd:9f:96:37:cb:bd:
         23:ca:5b:f7:cd:90:ac:2b:66:ee:be:92:9b:75:1c:f8:43:4c:
         21:6c:33:54:0a:1c:45:6a:93:62:80:f7:4d:23:09:74:ed:0a:
         98:b1:e0:c5:c5:7f:65:ab:bc:7c:76:6b:ab:69:08:90:bc:02:
         6f:60:d7:20:26:cd:a1:53:56:bb:b5:3d:4b:6c:65:78:cd:ad:
         54:cf:b9:8f:6d:d9:37:8d:9b:26:d7:17:3e:99:4e:43:ac:40:
         43:b8:8f:c5:7b:5c:1a:58:3c:14:11:63:8d:41:41:37:d2:bd:
         d8:94:79:ee:d4:de:d1:61:45:86:4e:ce:e4:a4:04:e2:92:ef:
         d5:42:eb:92:0d:7d:bd:84:26:ce:c9:f2:17:6a:17:21:86:0a:
         41:e2:19:ba:e3:ee:5a:2b:ea:40:16:52:33:85:9c:41:57:55:
         17:d7:a6:d0:95:5b:d4:92:61:fd:4a:0d:85:fd:d3:08:33:3a:
         3b:0b:a7:68:7e:59:b5:b5:84:07:0d:50:c3:c6:f9:e7:38:bd:
         f4:7a:a6:9a:fc:82:e1:d3:61:91:01:cb:a2:d0:05:5f:18:f5:
         0d:5d:57:0c
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUX1loxduCrhENyISiVtWxJi5GU7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWVjODA1ZTM3YzViNTMzNTFjNmExODI3NjM1MzBhNTBk
OTMwOGM3ZTAeFw0yNDAxMjQxMDU0MzhaFw0yNTAxMjIxMDU5MzhaMDMxMTAvBgNV
BAMTKDg1RjQ2QTVDNjFDNzA5NUM3OTdFRjFCNzQyNUVGRDQ1QkQ2QjhFN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2T967rJ+bSWXNSBPX0X5AN97w
gFLRG5sdEEdFL2z33LOXZEexwtQxgUbu9ga5nDLZgMeYy7L356Btn2tuQcYtNsGg
AO1m+MwR84I1UzAViQFNrYcFAgh36JgKIzexg7IgJZAU9+Fb9N+qozFyWRKtKp/f
mreQyVuLVF9QSPGWnQdm+rFu/EC82/DhvTwzv5CudNT0fhQLLC3TgUNUZmTfg3c7
qIytrwqTrshVPC6A2s5qINpqjtxgQ4y7QZUG4qF5MLYQZf21K2p2qcfu1W2XISdz
8so5dV2S4sYn0nSkHlMSvJi6+opomTBNY8Wy7vhN1mWygmDqxS/WPfboDILNAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUhfRqXGHHCVx5fvG3Ql79Rb1rjnowHwYDVR0j
BBgwFoAUHsgF43xbUzUcahgnY1MKUNkwjH4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzMvMUVDODA1RTM3QzVCNTMzNTFDNkExODI3NjM1MzBBNTBEOTMwOEM3RS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0hzZ0Y0M3hiVXpVY2FoZ25ZMU1LVU5r
d2pINC5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMt
ZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1YzdkLzMvMzIzMDMwMzEzYTM2Mzc2MzNh
NjQzODYzM2EzYTJmMzQzODJkMzEzMjM4MjAzZDNlMjAzNDM3MzIzNzMyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEGfA2MMA0GCSqGSIb3DQEBCwUAA4IBAQB0r5aCiqtTRTtToZe49YsL
KxKi3A7iJnBQJMhElRrdn5Y3y70jylv3zZCsK2buvpKbdRz4Q0whbDNUChxFapNi
gPdNIwl07QqYseDFxX9lq7x8dmuraQiQvAJvYNcgJs2hU1a7tT1LbGV4za1Uz7mP
bdk3jZsm1xc+mU5DrEBDuI/Fe1waWDwUEWONQUE30r3YlHnu1N7RYUWGTs7kpATi
ku/VQuuSDX29hCbOyfIXahchhgpB4hm64+5aK+pAFlIzhZxBV1UX16bQlVvUkmH9
Sg2F/dMIMzo7C6doflm1tYQHDVDDxvnnOL30eqaa/ILh02GRAcui0AVfGPUNXVcM
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:18:03 2024 by rpki-client on console-ams.rpki-client.org