Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a34313a3a2f34382d3438203d3e20323135343534.roa
File:                     326131313a323963303a34313a3a2f34382d3438203d3e20323135343534.roa (raw, json)
Hash identifier:          PKnt6qHFYeEj8FBdhFhlAJaHvqDBvghyWBxoQ1XAdzA=
Subject key identifier:   D0:30:7F:0F:D0:F0:67:2F:59:B7:BE:BE:CC:33:04:9C:90:36:FC:BB
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       083A2ADFC28E9B971A9B975315A31E4BF7996667
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a34313a3a2f34382d3438203d3e20323135343534.roa
Signing time:             Tue 20 Feb 2024 11:01:23 +0000
ROA not before:           Tue 20 Feb 2024 10:56:23 +0000
ROA not after:            Tue 18 Feb 2025 11:01:23 +0000
asID:                     215454
IP address blocks:        2a11:29c0:41::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:3a:2a:df:c2:8e:9b:97:1a:9b:97:53:15:a3:1e:4b:f7:99:66:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Feb 20 10:56:23 2024 GMT
            Not After : Feb 18 11:01:23 2025 GMT
        Subject: CN=D0307F0FD0F0672F59B7BEBECC33049C9036FCBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:fe:e1:98:fe:8e:88:5e:dc:12:70:b6:7b:ad:
                    3a:51:80:88:94:c2:dd:52:08:61:27:da:7e:2a:b3:
                    d6:ee:31:cc:14:67:80:a4:ba:6f:44:c7:c4:1d:96:
                    e4:d5:17:b5:12:6b:ab:92:99:f3:ab:73:72:cc:30:
                    2d:9d:9d:e4:99:0c:ed:e9:a5:95:d7:39:8d:2b:bc:
                    b2:0f:ff:77:c4:df:d6:b3:6b:f9:b8:51:a7:b5:df:
                    d5:e3:95:bd:0f:6c:2d:ce:66:dd:bd:3f:7c:42:5b:
                    5c:84:a2:c3:cb:d1:35:82:f9:2d:77:f8:1d:5e:ee:
                    44:d7:a9:d9:f6:58:ec:27:ae:f4:45:dc:3d:ae:d8:
                    5e:42:3e:80:f4:bd:6e:a2:1b:e9:d6:57:98:1b:0a:
                    57:80:3e:c8:21:01:62:a1:71:38:ce:fd:08:7a:5d:
                    4a:00:b2:d8:d3:28:55:dc:07:33:88:cc:9d:91:c9:
                    d8:75:87:ec:9b:68:08:39:97:6d:d0:cc:3d:e5:e9:
                    58:2d:24:85:34:5e:0a:87:d3:a2:f3:65:2c:0d:77:
                    80:96:d9:94:30:5e:5e:fd:55:a1:5a:5e:a4:0a:f9:
                    39:6a:ed:8f:e0:b8:39:29:65:6d:f0:36:79:c5:fb:
                    df:ee:f7:1f:be:f0:70:58:6a:4b:4e:19:b5:54:dd:
                    52:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:30:7F:0F:D0:F0:67:2F:59:B7:BE:BE:CC:33:04:9C:90:36:FC:BB
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963303a34313a3a2f34382d3438203d3e20323135343534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:41::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:21:87:c0:c9:57:39:a5:e8:bb:83:ad:95:46:04:9a:13:75:
         6b:4f:3a:90:dc:13:c9:13:aa:fa:57:13:bd:c0:01:5f:8f:56:
         aa:ed:75:37:1c:4e:03:a8:c7:23:53:2b:cb:9a:cb:be:1a:c6:
         8a:f4:a3:ca:2a:99:1c:ae:ee:71:73:cc:71:8d:7e:11:99:c2:
         7a:92:da:f4:d9:16:dd:0c:f6:b9:94:8b:e9:9c:cd:ab:20:32:
         77:bb:c5:79:b0:2f:5d:7d:20:d4:0f:cd:1d:af:7e:c2:a1:9d:
         0b:75:6e:d4:34:21:27:11:ac:9e:6a:ef:44:f8:48:7a:d8:67:
         54:be:9e:51:54:84:f0:93:ac:e3:1f:7d:cb:3d:86:97:1e:74:
         1a:17:a0:1f:b4:2b:5a:03:3a:c4:ab:85:3c:21:d7:50:ff:e4:
         62:c6:6e:e9:cd:4a:61:47:c0:63:a5:84:c4:14:6b:bd:98:ad:
         67:ca:23:9f:84:53:95:52:11:60:b5:72:f1:1d:19:71:25:97:
         7d:e2:e9:61:f3:90:00:92:75:bd:27:f3:56:d6:1b:c2:49:eb:
         97:34:5a:57:86:d5:0a:b8:c4:b0:bb:49:41:5f:dc:64:21:4b:
         1d:d3:22:dd:e0:de:94:2f:84:a8:6e:c3:34:a0:2d:59:e1:e5:
         66:c1:7c:62
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUCDoq38KOm5cam5dTFaMeS/eZZmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDAyMjAxMDU2MjNaFw0yNTAyMTgxMTAxMjNaMDMxMTAvBgNV
BAMTKEQwMzA3RjBGRDBGMDY3MkY1OUI3QkVCRUNDMzMwNDlDOTAzNkZDQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd/uGY/o6IXtwScLZ7rTpRgIiU
wt1SCGEn2n4qs9buMcwUZ4Ckum9Ex8QdluTVF7USa6uSmfOrc3LMMC2dneSZDO3p
pZXXOY0rvLIP/3fE39aza/m4Uae139Xjlb0PbC3OZt29P3xCW1yEosPL0TWC+S13
+B1e7kTXqdn2WOwnrvRF3D2u2F5CPoD0vW6iG+nWV5gbCleAPsghAWKhcTjO/Qh6
XUoAstjTKFXcBzOIzJ2Rydh1h+ybaAg5l23QzD3l6VgtJIU0XgqH06LzZSwNd4CW
2ZQwXl79VaFaXqQK+Tlq7Y/guDkpZW3wNnnF+9/u9x++8HBYaktOGbVU3VI9AgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQU0DB/D9DwZy9Zt76+zDMEnJA2/LswHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzMw
M2EzNDMxM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTM1MzQzNTM0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKhEpwABBMA0GCSqGSIb3DQEBCwUAA4IBAQBIIYfAyVc5pei7g62VRgSa
E3VrTzqQ3BPJE6r6VxO9wAFfj1aq7XU3HE4DqMcjUyvLmsu+GsaK9KPKKpkcru5x
c8xxjX4RmcJ6ktr02RbdDPa5lIvpnM2rIDJ3u8V5sC9dfSDUD80dr37CoZ0LdW7U
NCEnEayeau9E+Eh62GdUvp5RVITwk6zjH33LPYaXHnQaF6AftCtaAzrEq4U8IddQ
/+Rixm7pzUphR8BjpYTEFGu9mK1nyiOfhFOVUhFgtXLxHRlxJZd94ulh85AAknW9
J/NW1hvCSeuXNFpXhtUKuMSwu0lBX9xkIUsd0yLd4N6UL4SobsM0oC1Z4eVmwXxi
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:06:13 2024 by rpki-client on console-fra.rpki-client.org