Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/326131313a663263303a3a2f34382d3438203d3e20323037393630.roa
File:                     326131313a663263303a3a2f34382d3438203d3e20323037393630.roa (raw, json)
Hash identifier:          N0AB2ASRi8hcSVODcfBRPNKNwkn4j8gT7Q515OQPCKA=
Subject key identifier:   9D:5E:DB:BD:78:7F:DD:D8:78:86:B7:14:54:14:9E:AC:91:78:EC:7F
Certificate issuer:       /CN=11ad49c47e2d0e40cfc9b36a2bd2c514e2a6267b
Certificate serial:       3B4F4399DD8CF5A82F4AF57F5E0D9A6F17CCFB6F
Authority key identifier: 11:AD:49:C4:7E:2D:0E:40:CF:C9:B3:6A:2B:D2:C5:14:E2:A6:26:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ea1JxH4tDkDPybNqK9LFFOKmJns.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/326131313a663263303a3a2f34382d3438203d3e20323037393630.roa
Signing time:             Mon 13 Nov 2023 21:10:13 +0000
ROA not before:           Mon 13 Nov 2023 21:05:13 +0000
ROA not after:            Mon 11 Nov 2024 21:10:13 +0000
asID:                     207960
IP address blocks:        2a11:f2c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/11AD49C47E2D0E40CFC9B36A2BD2C514E2A6267B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/11AD49C47E2D0E40CFC9B36A2BD2C514E2A6267B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ea1JxH4tDkDPybNqK9LFFOKmJns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:4f:43:99:dd:8c:f5:a8:2f:4a:f5:7f:5e:0d:9a:6f:17:cc:fb:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11ad49c47e2d0e40cfc9b36a2bd2c514e2a6267b
        Validity
            Not Before: Nov 13 21:05:13 2023 GMT
            Not After : Nov 11 21:10:13 2024 GMT
        Subject: CN=9D5EDBBD787FDDD87886B71454149EAC9178EC7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:37:e1:6c:d8:a2:92:c6:4b:f8:4a:6e:14:0e:
                    83:d1:24:69:53:ae:3c:35:07:2f:40:44:8f:17:d0:
                    d8:1a:dc:3e:74:e9:3b:78:1d:a5:c8:35:cf:57:2a:
                    6a:39:d8:4c:8e:41:b3:8e:05:71:99:8e:d9:fa:b4:
                    7a:01:b3:fe:93:bb:2d:96:6d:93:6c:24:97:5b:89:
                    81:4d:a7:56:c0:9a:28:cd:bb:91:b1:e3:cb:70:d5:
                    ed:47:3e:41:04:4d:2e:95:fe:6c:83:05:ae:e0:bf:
                    0a:b1:3f:38:52:ff:da:61:e8:15:9e:ce:86:ec:53:
                    30:7c:96:62:a1:2b:f4:aa:9d:7e:d9:50:ad:4a:16:
                    c9:8e:fa:9d:8b:68:ac:dd:91:61:7f:49:37:bf:79:
                    98:ed:a1:e3:0d:6f:9b:39:26:14:78:2f:24:82:9f:
                    34:47:85:43:0c:71:87:2b:c6:3e:64:41:4a:a0:26:
                    17:41:73:cd:1e:78:63:f7:85:5a:04:8e:4a:94:66:
                    fa:33:3c:d7:1c:29:64:d5:8c:24:c9:55:a3:e5:fc:
                    16:20:16:e3:09:03:b2:e4:1b:cb:ea:f7:1e:9b:33:
                    0b:d1:6a:0a:21:09:f4:ff:08:f1:70:83:8c:91:2e:
                    35:67:80:fb:be:f8:ae:39:47:f7:53:f4:4b:b2:ba:
                    ba:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:5E:DB:BD:78:7F:DD:D8:78:86:B7:14:54:14:9E:AC:91:78:EC:7F
            X509v3 Authority Key Identifier:
                keyid:11:AD:49:C4:7E:2D:0E:40:CF:C9:B3:6A:2B:D2:C5:14:E2:A6:26:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/11AD49C47E2D0E40CFC9B36A2BD2C514E2A6267B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ea1JxH4tDkDPybNqK9LFFOKmJns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/326131313a663263303a3a2f34382d3438203d3e20323037393630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f2c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:e4:b0:c9:48:63:60:5a:c3:b0:df:53:71:8f:5f:4b:79:f5:
         41:a9:89:a8:b1:6b:75:f1:61:e5:20:ad:8c:f9:b9:23:d6:9b:
         e1:ce:77:e1:82:ba:9b:fc:5c:0c:bf:0c:b5:fb:52:79:1f:20:
         e9:68:21:ec:a2:8e:e1:60:ad:44:50:c3:71:76:52:ce:31:3b:
         9e:64:c9:9d:89:49:6b:f6:9c:df:bd:7a:1f:16:fb:36:c3:5b:
         ca:05:8c:ee:50:1a:e6:db:92:21:c2:55:29:25:3b:51:bc:b6:
         10:91:53:61:29:13:26:65:9f:3b:a9:a3:73:93:b3:94:19:3a:
         7f:c8:87:7d:12:51:c7:83:c7:99:2c:b6:c6:6f:c8:f0:8b:47:
         06:8c:63:4c:19:8c:f2:07:70:34:5d:38:a1:7c:65:c8:4d:84:
         72:ea:8e:23:20:74:af:c9:e0:a7:26:f9:91:ab:a6:49:81:a7:
         cc:fc:8e:88:f2:df:9c:86:05:3d:a3:5f:54:9f:09:27:51:50:
         fc:8d:46:bd:f6:cc:e3:ba:c7:ea:a2:67:af:7a:72:1e:db:6f:
         73:97:bb:b7:57:8c:c3:be:3f:7e:66:88:77:33:00:be:61:7b:
         eb:4e:1d:4b:55:50:cd:a7:3f:e2:29:df:8f:e9:ce:0a:27:29:
         81:19:c7:65
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIUO09Dmd2M9agvSvV/Xg2abxfM+28wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTFhZDQ5YzQ3ZTJkMGU0MGNmYzliMzZhMmJkMmM1MTRl
MmE2MjY3YjAeFw0yMzExMTMyMTA1MTNaFw0yNDExMTEyMTEwMTNaMDMxMTAvBgNV
BAMTKDlENUVEQkJENzg3RkRERDg3ODg2QjcxNDU0MTQ5RUFDOTE3OEVDN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTN+Fs2KKSxkv4Sm4UDoPRJGlT
rjw1By9ARI8X0Nga3D506Tt4HaXINc9XKmo52EyOQbOOBXGZjtn6tHoBs/6Tuy2W
bZNsJJdbiYFNp1bAmijNu5Gx48tw1e1HPkEETS6V/myDBa7gvwqxPzhS/9ph6BWe
zobsUzB8lmKhK/SqnX7ZUK1KFsmO+p2LaKzdkWF/STe/eZjtoeMNb5s5JhR4LySC
nzRHhUMMcYcrxj5kQUqgJhdBc80eeGP3hVoEjkqUZvozPNccKWTVjCTJVaPl/BYg
FuMJA7LkG8vq9x6bMwvRagohCfT/CPFwg4yRLjVngPu++K45R/dT9EuyurqdAgMB
AAGjggJAMIICPDAdBgNVHQ4EFgQUnV7bvXh/3dh4hrcUVBSerJF47H8wHwYDVR0j
BBgwFoAUEa1JxH4tDkDPybNqK9LFFOKmJnswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2I1NzVlYTctNzg2Zi00YjJkLWE0NTUtNzlkN2ZjNDNl
Y2VlLzcvMTFBRDQ5QzQ3RTJEMEU0MENGQzlCMzZBMkJEMkM1MTRFMkE2MjY3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VhMUp4SDR0RGtEUHliTnFLOUxGRk9L
bUpucy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2I1NzVlYTct
Nzg2Zi00YjJkLWE0NTUtNzlkN2ZjNDNlY2VlLzcvMzI2MTMxMzEzYTY2MzI2MzMw
M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMDM3MzkzNjMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcA
KhHywAAAMA0GCSqGSIb3DQEBCwUAA4IBAQAI5LDJSGNgWsOw31Nxj19LefVBqYmo
sWt18WHlIK2M+bkj1pvhznfhgrqb/FwMvwy1+1J5HyDpaCHsoo7hYK1EUMNxdlLO
MTueZMmdiUlr9pzfvXofFvs2w1vKBYzuUBrm25IhwlUpJTtRvLYQkVNhKRMmZZ87
qaNzk7OUGTp/yId9ElHHg8eZLLbGb8jwi0cGjGNMGYzyB3A0XTihfGXITYRy6o4j
IHSvyeCnJvmRq6ZJgafM/I6I8t+chgU9o19UnwknUVD8jUa99szjusfqomevenIe
229zl7u3V4zDvj9+Zoh3MwC+YXvrTh1LVVDNpz/iKd+P6c4KJymBGcdl
-----END CERTIFICATE-----
Generated at Fri Mar 29 13:00:33 2024 by rpki-client on console-ams.rpki-client.org