Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634343a623030623a3a2f34382d3438203d3e20313937393139.roa
File:                     326131343a366634343a623030623a3a2f34382d3438203d3e20313937393139.roa (raw, json)
Hash identifier:          GcC1OOQic3vs9xDhV0qGl8u3fvABcPb7eRlO7suqV/c=
Subject key identifier:   EB:8D:1D:E0:56:D9:8C:71:C8:8E:F3:FB:41:7A:B4:C5:C0:79:5D:F6
Certificate issuer:       /CN=3eeebb946a8d21d4083c93dc09cee557bb2ac32e
Certificate serial:       7998744EE2D368BF66D67353683784A8B449DF1F
Authority key identifier: 3E:EE:BB:94:6A:8D:21:D4:08:3C:93:DC:09:CE:E5:57:BB:2A:C3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634343a623030623a3a2f34382d3438203d3e20313937393139.roa
Signing time:             Sun 28 Jul 2024 10:44:01 +0000
ROA not before:           Sun 28 Jul 2024 10:39:01 +0000
ROA not after:            Sun 27 Jul 2025 10:44:01 +0000
asID:                     197919
IP address blocks:        2a14:6f44:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Nov 2024 18:58:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:98:74:4e:e2:d3:68:bf:66:d6:73:53:68:37:84:a8:b4:49:df:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eeebb946a8d21d4083c93dc09cee557bb2ac32e
        Validity
            Not Before: Jul 28 10:39:01 2024 GMT
            Not After : Jul 27 10:44:01 2025 GMT
        Subject: CN=EB8D1DE056D98C71C88EF3FB417AB4C5C0795DF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:97:67:e0:ae:bc:e5:3f:93:67:37:5f:db:d6:
                    54:ab:6e:e5:66:2d:51:e2:d8:c5:99:1c:e5:d1:64:
                    4c:8b:21:8c:db:db:ad:a3:3c:00:34:44:92:f7:ab:
                    7f:e2:bf:f7:35:e5:9c:73:01:48:e1:67:d9:66:40:
                    0d:fe:ec:e5:d4:fa:c7:09:f9:3f:73:37:48:84:6e:
                    eb:20:c0:49:23:83:5a:99:1f:1b:8c:77:1d:b9:40:
                    01:a2:32:33:04:da:74:b0:08:c6:64:13:c0:71:c0:
                    01:cf:71:03:52:3c:64:35:b1:89:ba:cc:b7:8a:f8:
                    60:ee:75:c4:11:c1:b9:63:c9:4f:bf:be:ff:c5:9f:
                    c8:1f:12:a7:e7:b8:e7:4c:5a:b0:46:8b:88:38:78:
                    8b:c3:ce:96:79:17:2c:39:a1:58:3d:8e:09:2c:85:
                    20:15:d3:15:69:2f:f7:e5:c2:26:c3:35:72:31:1b:
                    52:8d:28:56:8a:dd:df:e7:03:06:db:aa:08:a7:46:
                    93:79:87:f8:59:c8:a5:9e:b3:33:f4:e3:f9:ef:99:
                    e0:61:f5:56:72:ec:ac:01:a6:70:77:64:b4:34:fb:
                    92:1c:27:36:ec:5f:09:a3:af:b9:42:4a:03:7b:7c:
                    83:3b:e5:d0:b2:a7:7e:c2:0a:b9:56:d9:e7:ca:d0:
                    03:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8D:1D:E0:56:D9:8C:71:C8:8E:F3:FB:41:7A:B4:C5:C0:79:5D:F6
            X509v3 Authority Key Identifier:
                keyid:3E:EE:BB:94:6A:8D:21:D4:08:3C:93:DC:09:CE:E5:57:BB:2A:C3:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634343a623030623a3a2f34382d3438203d3e20313937393139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6f44:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:61:fb:3a:6f:77:96:9a:1c:e5:3a:e2:5b:95:06:cc:a5:0f:
         82:56:cb:e2:06:8e:ac:fd:06:23:9d:db:92:97:c7:60:df:5a:
         fa:96:6b:a5:ae:fc:cc:04:82:f5:4c:90:0b:38:f2:39:21:38:
         ac:da:fd:f8:40:a3:35:12:dc:a9:78:0f:2b:2e:4b:56:e3:8c:
         54:1e:37:ba:2b:63:69:c8:24:2b:03:ce:4a:f5:e8:03:0a:06:
         fa:5f:26:94:74:ec:46:bf:04:4d:e4:c1:70:da:25:16:ff:d1:
         8c:41:e3:7e:83:ae:56:f2:75:17:2c:81:07:60:9d:a6:33:a7:
         f7:07:6e:66:6c:16:95:9e:ce:c0:34:f0:4e:4e:36:ab:cc:ef:
         40:53:c0:4d:9f:35:35:85:39:74:4f:5d:fb:83:54:74:cb:6e:
         bd:6b:5d:43:50:b2:0b:cd:53:5a:72:62:25:7b:da:23:96:c3:
         25:b5:c9:4a:9f:78:a5:77:48:7f:34:4e:cd:54:af:4e:17:24:
         08:7a:6c:21:95:74:aa:dc:f6:d3:27:d9:ab:e8:b4:54:41:0c:
         1e:b0:ea:45:bf:00:35:39:36:2f:92:da:f4:13:82:33:ba:bb:
         2b:64:08:9d:56:5a:af:99:8a:20:ea:40:c6:3d:0c:93:cc:83:
         e5:f2:66:a0
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIUeZh0TuLTaL9m1nNTaDeEqLRJ3x8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2VlZWJiOTQ2YThkMjFkNDA4M2M5M2RjMDljZWU1NTdi
YjJhYzMyZTAeFw0yNDA3MjgxMDM5MDFaFw0yNTA3MjcxMDQ0MDFaMDMxMTAvBgNV
BAMTKEVCOEQxREUwNTZEOThDNzFDODhFRjNGQjQxN0FCNEM1QzA3OTVERjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCol2fgrrzlP5NnN1/b1lSrbuVm
LVHi2MWZHOXRZEyLIYzb262jPAA0RJL3q3/iv/c15ZxzAUjhZ9lmQA3+7OXU+scJ
+T9zN0iEbusgwEkjg1qZHxuMdx25QAGiMjME2nSwCMZkE8BxwAHPcQNSPGQ1sYm6
zLeK+GDudcQRwbljyU+/vv/Fn8gfEqfnuOdMWrBGi4g4eIvDzpZ5Fyw5oVg9jgks
hSAV0xVpL/flwibDNXIxG1KNKFaK3d/nAwbbqginRpN5h/hZyKWeszP04/nvmeBh
9VZy7KwBpnB3ZLQ0+5IcJzbsXwmjr7lCSgN7fIM75dCyp37CCrlW2efK0AMtAgMB
AAGjggJKMIICRjAdBgNVHQ4EFgQU640d4FbZjHHIjvP7QXq0xcB5XfYwHwYDVR0j
BBgwFoAUPu67lGqNIdQIPJPcCc7lV7sqwy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmZmN2E5ODktZWNkZi00M2Q2LTg2ZTEtZjZjMzkzNWI5
YjNkLzQvM0VFRUJCOTQ2QThEMjFENDA4M0M5M0RDMDlDRUU1NTdCQjJBQzMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1B1NjdsR3FOSWRRSVBKUGNDYzdsVjdz
cXd5NC5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmZmN2E5ODkt
ZWNkZi00M2Q2LTg2ZTEtZjZjMzkzNWI5YjNkLzQvMzI2MTMxMzQzYTM2NjYzNDM0
M2E2MjMwMzA2MjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMxMzkzNzM5MzEzOS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACoUb0SwCzANBgkqhkiG9w0BAQsFAAOCAQEAjmH7Om93lpoc5Tri
W5UGzKUPglbL4gaOrP0GI53bkpfHYN9a+pZrpa78zASC9UyQCzjyOSE4rNr9+ECj
NRLcqXgPKy5LVuOMVB43uitjacgkKwPOSvXoAwoG+l8mlHTsRr8ETeTBcNolFv/R
jEHjfoOuVvJ1FyyBB2CdpjOn9wduZmwWlZ7OwDTwTk42q8zvQFPATZ81NYU5dE9d
+4NUdMtuvWtdQ1CyC81TWnJiJXvaI5bDJbXJSp94pXdIfzROzVSvThckCHpsIZV0
qtz20yfZq+i0VEEMHrDqRb8ANTk2L5La9BOCM7q7K2QInVZar5mKIOpAxj0Mk8yD
5fJmoA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 02:01:30 2024 by rpki-client on console-fra.rpki-client.org