Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/326131343a373538313a6530303a3a2f34302d3438203d3e20323134383431.roa
File:                     326131343a373538313a6530303a3a2f34302d3438203d3e20323134383431.roa (raw, json)
Hash identifier:          xAERdsNNjcFidtoltCxHTvUwNIedD1NtdMC5rcw+Jw4=
Subject key identifier:   A1:C6:2F:B5:3D:C4:F1:FD:AA:CF:51:B3:B0:16:A4:E4:86:33:74:94
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       2C4CC18EA3D39BFCC09CCD6203CEAC5AB1F9662B
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/326131343a373538313a6530303a3a2f34302d3438203d3e20323134383431.roa
Signing time:             Fri 09 Aug 2024 08:56:36 +0000
ROA not before:           Fri 09 Aug 2024 08:51:36 +0000
ROA not after:            Fri 08 Aug 2025 08:56:36 +0000
asID:                     214841
IP address blocks:        2a14:7581:e00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:4c:c1:8e:a3:d3:9b:fc:c0:9c:cd:62:03:ce:ac:5a:b1:f9:66:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Aug  9 08:51:36 2024 GMT
            Not After : Aug  8 08:56:36 2025 GMT
        Subject: CN=A1C62FB53DC4F1FDAACF51B3B016A4E486337494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a3:74:a0:35:fa:36:a0:c4:3e:9d:87:19:e0:
                    ac:8d:5e:ca:55:39:8c:19:c8:10:c8:1a:c9:f6:b3:
                    36:1f:7b:a1:d4:7a:86:15:0c:9d:e3:46:b8:cb:f9:
                    5d:3b:e3:bb:c7:4f:ca:b9:bd:7c:ff:44:12:89:8f:
                    67:b2:60:e0:d5:fd:ef:76:f2:48:93:b7:d2:ec:83:
                    e0:cb:6e:73:09:68:3e:f2:f0:d3:cd:0e:09:25:50:
                    33:64:49:ed:c5:16:12:69:f6:92:0a:8f:2f:5d:c3:
                    24:e8:17:bd:7c:7c:78:0a:93:09:c4:79:e1:23:2d:
                    7c:2f:d0:f6:22:bd:f0:8d:48:17:e7:f8:04:5e:b8:
                    ac:20:cb:8d:e7:84:92:02:12:8c:27:86:ba:c6:11:
                    5c:bf:3e:72:ca:69:21:5d:e8:8a:9d:5d:20:93:cc:
                    0e:76:74:9d:34:6f:48:26:e2:e4:1f:1d:e9:6b:7b:
                    cd:c4:e8:c9:5e:9e:2c:5f:5a:3c:8a:63:b7:20:c8:
                    ee:dc:d2:d9:3f:73:b5:bd:3c:a2:91:62:3e:40:ca:
                    2f:9c:49:f2:78:bb:90:4f:5d:f5:a7:af:19:36:ab:
                    a3:d0:2c:d6:68:ac:c1:2a:0d:a4:08:b9:de:dd:57:
                    29:f1:f7:9f:ea:c8:48:38:96:e7:fe:4a:e5:2f:1c:
                    87:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C6:2F:B5:3D:C4:F1:FD:AA:CF:51:B3:B0:16:A4:E4:86:33:74:94
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/326131343a373538313a6530303a3a2f34302d3438203d3e20323134383431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         34:bf:4b:9d:55:de:de:be:da:14:46:b3:20:b3:b6:65:65:72:
         8e:df:e7:44:c7:ad:fd:19:9a:06:b1:59:e3:22:76:01:68:1b:
         68:d4:11:47:46:cd:4e:4a:1c:61:ef:e1:4c:10:8e:a2:36:f4:
         b4:0a:df:97:44:2c:5a:a6:44:34:e5:0e:65:8c:c3:9f:b4:f1:
         b8:74:c1:cd:58:38:a5:42:9b:23:2c:d1:eb:bc:2e:c2:74:d7:
         d1:f7:d4:6b:45:76:17:45:26:2b:45:f3:22:09:d3:8a:ce:96:
         d6:27:fc:a3:85:e2:2e:7b:1c:04:1d:cb:ff:15:d7:c9:de:5d:
         d5:41:0b:aa:21:92:0c:93:22:39:4f:52:8c:9e:ff:dd:44:a7:
         93:d5:fa:d5:34:0b:50:fa:26:e1:21:67:59:87:54:06:db:a4:
         9a:72:0a:a3:3b:98:06:6f:91:9d:ce:71:66:ea:e3:48:e5:19:
         8a:44:3c:f8:81:f0:d4:19:73:18:19:3f:49:4f:ea:9b:9c:c6:
         47:fd:42:2a:45:71:ec:d7:0e:f0:63:69:ce:c2:a6:fb:ac:84:
         02:b6:69:7a:9e:7d:7d:d6:c1:3a:a8:74:2c:c0:bb:e1:7d:7a:
         96:e1:fa:76:8e:62:ee:33:f6:4f:69:a7:a9:bb:29:ac:76:fa:
         74:a8:f7:f5
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIULEzBjqPTm/zAnM1iA86sWrH5ZiswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNDA4MDkwODUxMzZaFw0yNTA4MDgwODU2MzZaMDMxMTAvBgNV
BAMTKEExQzYyRkI1M0RDNEYxRkRBQUNGNTFCM0IwMTZBNEU0ODYzMzc0OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCo3SgNfo2oMQ+nYcZ4KyNXspV
OYwZyBDIGsn2szYfe6HUeoYVDJ3jRrjL+V0747vHT8q5vXz/RBKJj2eyYODV/e92
8kiTt9Lsg+DLbnMJaD7y8NPNDgklUDNkSe3FFhJp9pIKjy9dwyToF718fHgKkwnE
eeEjLXwv0PYivfCNSBfn+AReuKwgy43nhJICEownhrrGEVy/PnLKaSFd6IqdXSCT
zA52dJ00b0gm4uQfHelre83E6MlenixfWjyKY7cgyO7c0tk/c7W9PKKRYj5Ayi+c
SfJ4u5BPXfWnrxk2q6PQLNZorMEqDaQIud7dVynx95/qyEg4luf+SuUvHIflAgMB
AAGjggJHMIICQzAdBgNVHQ4EFgQUocYvtT3E8f2qz1GzsBak5IYzdJQwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwgbUGCCsGAQUFBwELBIGoMIGlMIGiBggrBgEFBQcwC4aBlXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODkyNzBmNmMt
YTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2YzODI0LzAvMzI2MTMxMzQzYTM3MzUzODMx
M2E2NTMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzQzODM0MzEucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAqFHWBDjANBgkqhkiG9w0BAQsFAAOCAQEANL9LnVXe3r7aFEazILO2
ZWVyjt/nRMet/RmaBrFZ4yJ2AWgbaNQRR0bNTkocYe/hTBCOojb0tArfl0QsWqZE
NOUOZYzDn7TxuHTBzVg4pUKbIyzR67wuwnTX0ffUa0V2F0UmK0XzIgnTis6W1if8
o4XiLnscBB3L/xXXyd5d1UELqiGSDJMiOU9SjJ7/3USnk9X61TQLUPom4SFnWYdU
BtukmnIKozuYBm+Rnc5xZurjSOUZikQ8+IHw1BlzGBk/SU/qm5zGR/1CKkVx7NcO
8GNpzsKm+6yEArZpep59fdbBOqh0LMC74X16luH6do5i7jP2T2mnqbsprHb6dKj3
9Q==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:50:40 2024 by rpki-client on console-fra.rpki-client.org