Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/326131313a663263303a616361303a3a2f34342d3438203d3e20323132323435.roa
File:                     326131313a663263303a616361303a3a2f34342d3438203d3e20323132323435.roa (raw, json)
Hash identifier:          M4sh5KJNOWRqa/DdfimbC+d4Zaw3h4HlwxSvnOZft+c=
Subject key identifier:   5A:2F:88:27:96:A8:07:BD:E6:53:B5:83:97:25:CE:E8:2A:29:DE:7A
Certificate issuer:       /CN=11ad49c47e2d0e40cfc9b36a2bd2c514e2a6267b
Certificate serial:       1C623C639F511AB65B2CA3FCE02704A00A47145F
Authority key identifier: 11:AD:49:C4:7E:2D:0E:40:CF:C9:B3:6A:2B:D2:C5:14:E2:A6:26:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ea1JxH4tDkDPybNqK9LFFOKmJns.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/326131313a663263303a616361303a3a2f34342d3438203d3e20323132323435.roa
Signing time:             Fri 28 Apr 2023 19:13:48 +0000
ROA not before:           Fri 28 Apr 2023 19:08:48 +0000
ROA not after:            Fri 26 Apr 2024 19:13:48 +0000
asID:                     212245
IP address blocks:        2a11:f2c0:aca0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/11AD49C47E2D0E40CFC9B36A2BD2C514E2A6267B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/11AD49C47E2D0E40CFC9B36A2BD2C514E2A6267B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ea1JxH4tDkDPybNqK9LFFOKmJns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Mar 2024 03:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:62:3c:63:9f:51:1a:b6:5b:2c:a3:fc:e0:27:04:a0:0a:47:14:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11ad49c47e2d0e40cfc9b36a2bd2c514e2a6267b
        Validity
            Not Before: Apr 28 19:08:48 2023 GMT
            Not After : Apr 26 19:13:48 2024 GMT
        Subject: CN=5A2F882796A807BDE653B5839725CEE82A29DE7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9a:bd:f9:bc:8d:d6:de:7d:f4:7a:d8:f3:94:
                    cd:25:2d:37:d7:31:8b:4c:68:b1:74:23:5e:25:f1:
                    b9:01:3b:6a:1a:45:90:bb:22:f9:c1:7c:88:8d:d0:
                    fa:46:81:13:e5:fe:a9:ce:3c:e8:cd:0f:49:6c:08:
                    32:f0:69:c8:32:f7:58:0c:a0:61:4b:e7:ad:20:a7:
                    34:63:ea:8a:78:cd:cd:b8:47:e8:3e:4b:e7:70:df:
                    91:75:40:47:98:be:df:4e:68:d1:25:6c:5a:9d:bf:
                    b6:db:25:b6:72:0e:fe:91:30:a3:c4:3d:d2:87:a1:
                    1f:bd:80:64:d0:97:a5:88:67:88:0c:d3:e5:f0:e8:
                    c0:1c:3a:5b:c5:6e:95:ee:e8:1c:47:65:a6:e8:5a:
                    95:66:79:92:c6:3b:6a:0f:47:f8:2a:c8:41:f3:65:
                    88:b8:d6:b9:c0:e3:44:be:1f:86:d5:7f:c0:da:ec:
                    33:e5:3a:f0:56:5f:21:a2:c2:fb:48:89:0a:a0:f8:
                    a9:4f:4b:73:c0:cf:09:b1:db:9f:2a:64:58:b6:b8:
                    9b:fb:bd:ab:9f:1f:1b:11:bb:f9:b2:ea:a2:93:e4:
                    0a:13:2d:3c:09:de:75:5e:5e:d3:e3:be:13:a9:d2:
                    b9:af:6e:a3:b6:28:b9:ad:38:1c:e9:a6:99:7f:99:
                    43:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:2F:88:27:96:A8:07:BD:E6:53:B5:83:97:25:CE:E8:2A:29:DE:7A
            X509v3 Authority Key Identifier:
                keyid:11:AD:49:C4:7E:2D:0E:40:CF:C9:B3:6A:2B:D2:C5:14:E2:A6:26:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/11AD49C47E2D0E40CFC9B36A2BD2C514E2A6267B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ea1JxH4tDkDPybNqK9LFFOKmJns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/7/326131313a663263303a616361303a3a2f34342d3438203d3e20323132323435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f2c0:aca0::/44

    Signature Algorithm: sha256WithRSAEncryption
         32:34:8e:f7:b0:d6:ad:bd:c5:b4:76:31:f0:3b:8c:48:e8:ba:
         18:0b:bd:ef:81:16:8e:31:67:a4:11:e3:a4:fa:48:b6:df:f6:
         c6:4a:97:97:c7:5b:1d:9a:80:de:04:7e:14:d2:98:a3:61:91:
         3c:a7:e5:2d:e1:3d:93:fe:4b:0f:ef:2c:69:e4:e4:89:78:8a:
         51:43:26:66:48:d4:76:2d:db:38:c8:34:b4:cf:b3:5b:aa:b2:
         0a:64:93:76:eb:39:97:e0:b4:90:c0:7d:08:c4:4c:6b:ba:8c:
         3e:81:11:5f:29:9b:38:3a:91:06:2b:f5:ca:6e:53:15:a0:9d:
         5c:bd:80:ea:b1:df:f4:45:8a:c5:ad:e1:e3:37:f0:7c:64:dd:
         93:e3:ac:78:80:ff:26:b5:ff:67:67:12:02:8b:db:bf:e5:0a:
         aa:01:c0:6e:c5:5e:c6:f3:dc:e3:4c:15:44:48:cc:04:c5:e8:
         5c:49:e6:9f:ce:c6:ba:5f:58:78:1f:ad:6c:e9:1f:9a:12:3a:
         27:04:ce:36:77:70:36:73:e8:70:ac:a9:50:5c:3f:4c:68:77:
         b0:7d:d2:b8:b3:ef:d0:2e:00:37:97:90:47:c9:f6:df:e9:dd:
         b9:70:c3:4d:71:59:53:6c:a9:9d:3b:c5:d8:3f:af:92:f4:6c:
         25:f2:63:04
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIUHGI8Y59RGrZbLKP84CcEoApHFF8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTFhZDQ5YzQ3ZTJkMGU0MGNmYzliMzZhMmJkMmM1MTRl
MmE2MjY3YjAeFw0yMzA0MjgxOTA4NDhaFw0yNDA0MjYxOTEzNDhaMDMxMTAvBgNV
BAMTKDVBMkY4ODI3OTZBODA3QkRFNjUzQjU4Mzk3MjVDRUU4MkEyOURFN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUmr35vI3W3n30etjzlM0lLTfX
MYtMaLF0I14l8bkBO2oaRZC7IvnBfIiN0PpGgRPl/qnOPOjND0lsCDLwacgy91gM
oGFL560gpzRj6op4zc24R+g+S+dw35F1QEeYvt9OaNElbFqdv7bbJbZyDv6RMKPE
PdKHoR+9gGTQl6WIZ4gM0+Xw6MAcOlvFbpXu6BxHZaboWpVmeZLGO2oPR/gqyEHz
ZYi41rnA40S+H4bVf8Da7DPlOvBWXyGiwvtIiQqg+KlPS3PAzwmx258qZFi2uJv7
vaufHxsRu/my6qKT5AoTLTwJ3nVeXtPjvhOp0rmvbqO2KLmtOBzpppl/mUOFAgMB
AAGjggJKMIICRjAdBgNVHQ4EFgQUWi+IJ5aoB73mU7WDlyXO6Cop3nowHwYDVR0j
BBgwFoAUEa1JxH4tDkDPybNqK9LFFOKmJnswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2I1NzVlYTctNzg2Zi00YjJkLWE0NTUtNzlkN2ZjNDNl
Y2VlLzcvMTFBRDQ5QzQ3RTJEMEU0MENGQzlCMzZBMkJEMkM1MTRFMkE2MjY3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VhMUp4SDR0RGtEUHliTnFLOUxGRk9L
bUpucy5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2I1NzVlYTct
Nzg2Zi00YjJkLWE0NTUtNzlkN2ZjNDNlY2VlLzcvMzI2MTMxMzEzYTY2MzI2MzMw
M2E2MTYzNjEzMDNhM2EyZjM0MzQyZDM0MzgyMDNkM2UyMDMyMzEzMjMyMzQzNS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHBCoR8sCsoDANBgkqhkiG9w0BAQsFAAOCAQEAMjSO97DWrb3FtHYx
8DuMSOi6GAu974EWjjFnpBHjpPpItt/2xkqXl8dbHZqA3gR+FNKYo2GRPKflLeE9
k/5LD+8saeTkiXiKUUMmZkjUdi3bOMg0tM+zW6qyCmSTdus5l+C0kMB9CMRMa7qM
PoERXymbODqRBiv1ym5TFaCdXL2A6rHf9EWKxa3h4zfwfGTdk+OseID/JrX/Z2cS
Aovbv+UKqgHAbsVexvPc40wVREjMBMXoXEnmn87Gul9YeB+tbOkfmhI6JwTONndw
NnPocKypUFw/TGh3sH3SuLPv0C4AN5eQR8n23+nduXDDTXFZU2ypnTvF2D+vkvRs
JfJjBA==
-----END CERTIFICATE-----
Generated at Thu Feb 29 11:29:02 2024 by rpki-client on console-ams.rpki-client.org