Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/531e9720-0b62-43a8-8e1f-230684eaf9af/1/326130623a346530373a316330303a3a2f34382d3438203d3e20313531373034.roa
File:                     326130623a346530373a316330303a3a2f34382d3438203d3e20313531373034.roa (raw, json)
Hash identifier:          lmNISwXtJNWjiKcmw5GjTGP7+E6qXcw7mfSumJB2dso=
Subject key identifier:   39:97:11:88:DC:27:56:D9:63:E5:6C:47:BC:A5:BA:19:DF:AD:55:34
Certificate issuer:       /CN=2FA9A89EE8A4D03C0CE0DD350EB33995DDDC5297
Certificate serial:       681F45C497C734313B600CC395752437F0762131
Authority key identifier: 2F:A9:A8:9E:E8:A4:D0:3C:0C:E0:DD:35:0E:B3:39:95:DD:DC:52:97
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/2FA9A89EE8A4D03C0CE0DD350EB33995DDDC5297.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/531e9720-0b62-43a8-8e1f-230684eaf9af/1/326130623a346530373a316330303a3a2f34382d3438203d3e20313531373034.roa
Signing time:             Tue 08 Oct 2024 02:36:19 +0000
ROA not before:           Tue 08 Oct 2024 02:31:19 +0000
ROA not after:            Tue 07 Oct 2025 02:36:19 +0000
asID:                     151704
IP address blocks:        2a0b:4e07:1c00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/531e9720-0b62-43a8-8e1f-230684eaf9af/1/2FA9A89EE8A4D03C0CE0DD350EB33995DDDC5297.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/531e9720-0b62-43a8-8e1f-230684eaf9af/1/2FA9A89EE8A4D03C0CE0DD350EB33995DDDC5297.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/2FA9A89EE8A4D03C0CE0DD350EB33995DDDC5297.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QuUI-6iWD0gHGxGazL9Xvb86gFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Nov 2024 15:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:1f:45:c4:97:c7:34:31:3b:60:0c:c3:95:75:24:37:f0:76:21:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2FA9A89EE8A4D03C0CE0DD350EB33995DDDC5297
        Validity
            Not Before: Oct  8 02:31:19 2024 GMT
            Not After : Oct  7 02:36:19 2025 GMT
        Subject: CN=39971188DC2756D963E56C47BCA5BA19DFAD5534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ce:94:f3:03:af:d2:08:01:62:2b:86:9d:db:
                    a4:c0:cd:39:83:00:c6:57:76:8b:c6:3c:cf:a4:52:
                    c3:86:03:ef:63:fe:33:9f:03:c6:05:65:57:ca:cd:
                    91:93:a0:48:87:96:92:c6:d9:35:88:8e:15:78:0e:
                    72:08:af:ed:dc:4e:e2:b7:cb:c5:bd:00:12:ad:96:
                    b8:ad:60:e2:18:ea:2b:da:55:c4:4f:4e:b8:2c:2b:
                    4e:66:dd:2c:01:da:57:48:be:b7:fc:aa:f6:2b:9c:
                    48:ab:cb:a0:4d:89:75:c8:87:9c:94:81:71:6f:07:
                    69:b0:a9:07:76:6b:37:73:c6:1d:17:b6:46:4d:99:
                    72:fe:e3:2f:70:89:0b:7f:aa:7f:fe:af:88:ff:5b:
                    29:e0:c0:ba:4c:1c:b3:68:3a:77:52:ff:e6:0f:44:
                    cb:33:bd:66:00:25:70:7c:49:6a:a7:72:44:92:83:
                    ac:17:e6:d4:fc:a1:db:86:d0:39:87:4d:f0:c1:a6:
                    8c:04:6f:bb:1d:43:f9:e0:0a:93:41:41:7a:53:a2:
                    04:0e:ac:de:18:d3:85:68:ed:83:5c:26:2b:c0:b9:
                    6a:53:7d:d7:7a:09:44:91:44:25:09:d3:49:0a:11:
                    47:5d:b0:4c:ea:b3:82:34:34:f2:3a:04:45:29:7b:
                    b9:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:97:11:88:DC:27:56:D9:63:E5:6C:47:BC:A5:BA:19:DF:AD:55:34
            X509v3 Authority Key Identifier:
                keyid:2F:A9:A8:9E:E8:A4:D0:3C:0C:E0:DD:35:0E:B3:39:95:DD:DC:52:97

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/531e9720-0b62-43a8-8e1f-230684eaf9af/1/2FA9A89EE8A4D03C0CE0DD350EB33995DDDC5297.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/2FA9A89EE8A4D03C0CE0DD350EB33995DDDC5297.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/531e9720-0b62-43a8-8e1f-230684eaf9af/1/326130623a346530373a316330303a3a2f34382d3438203d3e20313531373034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4e07:1c00::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:12:5b:78:b5:b1:d9:97:f1:24:f8:2c:7d:68:2b:43:d9:fe:
         70:d4:61:54:f0:5c:3e:9c:26:db:3f:1d:bc:90:29:bb:4e:e0:
         83:f9:98:a9:a4:67:fb:30:4f:67:61:ba:8e:ee:84:c2:0f:c1:
         c5:07:d5:3c:52:31:30:fa:28:0d:28:d3:b3:4d:4b:ef:38:fb:
         b1:f0:e2:17:8a:69:a1:bf:94:c5:86:d4:e5:eb:6b:a2:18:c0:
         9e:bc:7e:fe:ba:b0:ca:f6:b0:2e:a3:18:f4:94:6b:83:28:5a:
         77:d1:f9:1e:68:9d:17:3a:b4:be:ef:c4:66:d7:80:34:50:51:
         53:3a:f9:cd:b2:65:c0:7d:b2:7b:31:48:2e:05:a2:58:35:85:
         f7:46:a5:5c:31:6c:63:b1:6a:da:a5:27:cf:fe:c9:40:b1:6f:
         3b:2f:a4:bd:c5:e1:a7:68:3a:e1:60:ce:4f:8a:ad:68:7f:c7:
         9f:29:19:22:3a:30:a4:6d:48:3b:f7:ce:51:b2:46:d3:aa:bc:
         df:67:42:0b:b3:62:86:38:8b:b8:25:c2:6d:0e:83:bf:37:85:
         32:38:29:6a:e4:23:1c:6b:a7:ac:37:b2:08:53:1f:19:f8:e0:
         10:30:94:0a:7f:f9:4e:d1:9c:51:0f:1f:f8:1b:85:6f:37:c9:
         d7:eb:01:9f
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUaB9FxJfHNDE7YAzDlXUkN/B2ITEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkZBOUE4OUVFOEE0RDAzQzBDRTBERDM1MEVCMzM5OTVE
RERDNTI5NzAeFw0yNDEwMDgwMjMxMTlaFw0yNTEwMDcwMjM2MTlaMDMxMTAvBgNV
BAMTKDM5OTcxMTg4REMyNzU2RDk2M0U1NkM0N0JDQTVCQTE5REZBRDU1MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnzpTzA6/SCAFiK4ad26TAzTmD
AMZXdovGPM+kUsOGA+9j/jOfA8YFZVfKzZGToEiHlpLG2TWIjhV4DnIIr+3cTuK3
y8W9ABKtlritYOIY6ivaVcRPTrgsK05m3SwB2ldIvrf8qvYrnEiry6BNiXXIh5yU
gXFvB2mwqQd2azdzxh0XtkZNmXL+4y9wiQt/qn/+r4j/WyngwLpMHLNoOndS/+YP
RMszvWYAJXB8SWqnckSSg6wX5tT8oduG0DmHTfDBpowEb7sdQ/ngCpNBQXpTogQO
rN4Y04Vo7YNcJivAuWpTfdd6CUSRRCUJ00kKEUddsEzqs4I0NPI6BEUpe7kRAgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQUOZcRiNwnVtlj5WxHvKW6Gd+tVTQwHwYDVR0j
BBgwFoAUL6monuik0DwM4N01DrM5ld3cUpcwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTMxZTk3MjAtMGI2Mi00M2E4LThlMWYtMjMwNjg0ZWFm
OWFmLzEvMkZBOUE4OUVFOEE0RDAzQzBDRTBERDM1MEVCMzM5OTVERERDNTI5Ny5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8wYzcwNDAxYy03ZjQxLTRh
NmItOTQzNC1jYzgwZGNhMDkzZTYvMi8yRkE5QTg5RUU4QTREMDNDMENFMEREMzUw
RUIzMzk5NUREREM1Mjk3LmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS81MzFlOTcyMC0wYjYyLTQzYTgtOGUxZi0yMzA2ODRlYWY5YWYvMS8zMjYxMzA2
MjNhMzQ2NTMwMzczYTMxNjMzMDMwM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzEz
NTMxMzczMDM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAKgtOBxwAMA0GCSqGSIb3DQEBCwUAA4IBAQCk
Elt4tbHZl/Ek+Cx9aCtD2f5w1GFU8Fw+nCbbPx28kCm7TuCD+ZippGf7ME9nYbqO
7oTCD8HFB9U8UjEw+igNKNOzTUvvOPux8OIXimmhv5TFhtTl62uiGMCevH7+urDK
9rAuoxj0lGuDKFp30fkeaJ0XOrS+78Rm14A0UFFTOvnNsmXAfbJ7MUguBaJYNYX3
RqVcMWxjsWrapSfP/slAsW87L6S9xeGnaDrhYM5Piq1of8efKRkiOjCkbUg7985R
skbTqrzfZ0ILs2KGOIu4JcJtDoO/N4UyOClq5CMca6esN7IIUx8Z+OAQMJQKf/lO
0ZxRDx/4G4VvN8nX6wGf
-----END CERTIFICATE-----
Generated at Tue Nov 12 21:16:34 2024 by rpki-client on console-ams.rpki-client.org