Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963343a623030623a3a2f34382d3438203d3e20323132313439.roa
File:                     326131313a323963343a623030623a3a2f34382d3438203d3e20323132313439.roa (raw, json)
Hash identifier:          wX2tYUymDc3EVqCJedFd5u76OIaKHdgawnH95seFZuw=
Subject key identifier:   41:29:11:37:E1:0D:6F:0A:19:ED:2C:69:DF:8D:19:FB:E8:C6:5C:D9
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       4AA2F15FBA5F2112D45D7FA22E18FDEDD398FC78
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963343a623030623a3a2f34382d3438203d3e20323132313439.roa
Signing time:             Wed 19 Jun 2024 14:01:17 +0000
ROA not before:           Wed 19 Jun 2024 13:56:17 +0000
ROA not after:            Wed 18 Jun 2025 14:01:17 +0000
asID:                     212149
IP address blocks:        2a11:29c4:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:a2:f1:5f:ba:5f:21:12:d4:5d:7f:a2:2e:18:fd:ed:d3:98:fc:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jun 19 13:56:17 2024 GMT
            Not After : Jun 18 14:01:17 2025 GMT
        Subject: CN=41291137E10D6F0A19ED2C69DF8D19FBE8C65CD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3c:23:bf:b4:4e:3e:a6:10:67:3e:9d:12:eb:
                    d2:f3:b8:8f:08:65:37:1e:07:83:88:92:14:c4:6a:
                    36:55:69:7f:1c:4d:0c:72:56:e8:57:f8:e6:6f:7c:
                    25:ba:f5:84:5b:78:75:81:d1:a7:1d:e1:5a:f2:d1:
                    14:c6:ae:10:8a:2d:92:47:f7:2b:24:da:8b:98:b9:
                    a5:69:e9:c1:19:5c:ae:d3:d4:1e:68:f3:29:b2:2c:
                    cd:e6:1c:bf:0d:63:73:9b:6d:42:29:e8:44:e7:8d:
                    1e:46:4f:68:26:fc:b2:6c:45:db:6e:2e:e3:7a:fd:
                    47:f4:98:c0:30:45:be:1a:a3:35:63:1f:08:ee:0e:
                    fa:18:39:46:76:e0:1e:10:66:48:5b:b2:6b:50:a7:
                    48:75:65:1f:6e:4b:09:bb:68:71:fb:d6:9f:a9:2a:
                    9f:d1:b5:1a:bd:1c:b5:65:64:77:12:98:02:e8:c6:
                    96:a5:85:1e:79:64:7f:c0:d5:6d:59:fb:e3:2d:3a:
                    e6:11:9d:d5:bb:7e:79:35:81:9d:23:85:8a:fc:34:
                    8a:4c:a4:d1:b3:72:fc:4b:66:2a:21:1c:28:18:50:
                    cf:d1:3b:5e:86:7c:87:19:f3:3a:47:1a:73:ee:b8:
                    86:0d:55:8e:f9:44:28:a4:36:6c:67:67:27:b1:d9:
                    08:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:29:11:37:E1:0D:6F:0A:19:ED:2C:69:DF:8D:19:FB:E8:C6:5C:D9
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/326131313a323963343a623030623a3a2f34382d3438203d3e20323132313439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c4:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:68:3a:0d:0c:24:40:18:69:e8:9c:7e:54:eb:ec:f7:d1:d8:
         61:82:cb:e3:a0:cb:86:c3:1c:c2:30:57:20:bf:ca:9f:79:a1:
         03:d4:8c:be:33:c4:07:77:bf:d4:e0:db:f7:e7:82:30:cc:2d:
         72:f3:ad:89:9a:3c:14:52:c2:c5:30:c3:f3:f2:2f:9e:04:80:
         30:0a:06:2e:5c:d3:bc:9e:69:01:98:31:cf:e2:28:f5:c0:c4:
         22:31:b4:d0:09:db:90:dd:a8:de:f2:a2:53:f8:bc:9d:07:0f:
         d6:1b:05:f6:b1:71:02:27:03:47:75:1b:90:2f:e8:ef:cb:0e:
         86:73:74:8f:90:4e:29:d4:b8:ab:c2:44:4b:5b:13:09:a6:32:
         58:53:d8:72:32:a7:4c:b5:89:f8:3e:ea:2f:4e:75:59:89:ec:
         1d:8a:15:3b:2a:55:54:2a:03:e1:1c:9e:63:f2:e1:13:2e:dd:
         dd:e3:93:68:24:b5:8e:46:44:67:75:f3:0b:ad:f1:11:6c:77:
         61:37:d8:5f:c6:d0:7a:c8:a6:c8:25:17:5b:40:a4:7d:d9:05:
         50:4c:06:40:dd:b3:fb:56:78:91:6d:b6:93:a9:94:63:d3:f8:
         d6:a2:c3:29:4f:22:d1:89:3b:dc:b5:5e:c0:32:55:84:47:f3:
         f3:38:ff:de
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIUSqLxX7pfIRLUXX+iLhj97dOY/HgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDA2MTkxMzU2MTdaFw0yNTA2MTgxNDAxMTdaMDMxMTAvBgNV
BAMTKDQxMjkxMTM3RTEwRDZGMEExOUVEMkM2OURGOEQxOUZCRThDNjVDRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXPCO/tE4+phBnPp0S69LzuI8I
ZTceB4OIkhTEajZVaX8cTQxyVuhX+OZvfCW69YRbeHWB0acd4Vry0RTGrhCKLZJH
9ysk2ouYuaVp6cEZXK7T1B5o8ymyLM3mHL8NY3ObbUIp6ETnjR5GT2gm/LJsRdtu
LuN6/Uf0mMAwRb4aozVjHwjuDvoYOUZ24B4QZkhbsmtQp0h1ZR9uSwm7aHH71p+p
Kp/RtRq9HLVlZHcSmALoxpalhR55ZH/A1W1Z++MtOuYRndW7fnk1gZ0jhYr8NIpM
pNGzcvxLZiohHCgYUM/RO16GfIcZ8zpHGnPuuIYNVY75RCikNmxnZyex2QiTAgMB
AAGjggJKMIICRjAdBgNVHQ4EFgQUQSkRN+ENbwoZ7Sxp340Z++jGXNkwHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzI2MTMxMzEzYTMyMzk2MzM0
M2E2MjMwMzA2MjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEzMjMxMzQzOS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACoRKcSwCzANBgkqhkiG9w0BAQsFAAOCAQEADGg6DQwkQBhp6Jx+
VOvs99HYYYLL46DLhsMcwjBXIL/Kn3mhA9SMvjPEB3e/1ODb9+eCMMwtcvOtiZo8
FFLCxTDD8/IvngSAMAoGLlzTvJ5pAZgxz+Io9cDEIjG00AnbkN2o3vKiU/i8nQcP
1hsF9rFxAicDR3UbkC/o78sOhnN0j5BOKdS4q8JES1sTCaYyWFPYcjKnTLWJ+D7q
L051WYnsHYoVOypVVCoD4RyeY/LhEy7d3eOTaCS1jkZEZ3XzC63xEWx3YTfYX8bQ
esimyCUXW0CkfdkFUEwGQN2z+1Z4kW22k6mUY9P41qLDKU8i0Yk73LVewDJVhEfz
8zj/3g==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:35:20 2024 by rpki-client on console-ams.rpki-client.org