Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a4c6bdc5-eb4e-4b6e-95f6-62790e57f3be/0/326131333a656534303a3130303a3a2f34302d3438203d3e20323136303037.roa
File:                     326131333a656534303a3130303a3a2f34302d3438203d3e20323136303037.roa (raw, json)
Hash identifier:          oh+p3W3YpU4RUCuGkGVrCUA5QTP+GLih+aqtMoJ8WF8=
Subject key identifier:   6C:54:10:6C:1A:90:FC:D2:CE:21:C0:B3:96:0A:CF:9E:AC:35:DC:D4
Certificate issuer:       /CN=9da23cc2cf88ae4585cf8aaf9a714a9ad2e6f198
Certificate serial:       0223FB586566D7BAFACEB5FCE55E80681AED2792
Authority key identifier: 9D:A2:3C:C2:CF:88:AE:45:85:CF:8A:AF:9A:71:4A:9A:D2:E6:F1:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naI8ws-IrkWFz4qvmnFKmtLm8Zg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a4c6bdc5-eb4e-4b6e-95f6-62790e57f3be/0/326131333a656534303a3130303a3a2f34302d3438203d3e20323136303037.roa
Signing time:             Mon 22 Jan 2024 16:31:24 +0000
ROA not before:           Mon 22 Jan 2024 16:26:24 +0000
ROA not after:            Mon 20 Jan 2025 16:31:24 +0000
asID:                     216007
IP address blocks:        2a13:ee40:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a4c6bdc5-eb4e-4b6e-95f6-62790e57f3be/0/9DA23CC2CF88AE4585CF8AAF9A714A9AD2E6F198.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a4c6bdc5-eb4e-4b6e-95f6-62790e57f3be/0/9DA23CC2CF88AE4585CF8AAF9A714A9AD2E6F198.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/naI8ws-IrkWFz4qvmnFKmtLm8Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:23:fb:58:65:66:d7:ba:fa:ce:b5:fc:e5:5e:80:68:1a:ed:27:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da23cc2cf88ae4585cf8aaf9a714a9ad2e6f198
        Validity
            Not Before: Jan 22 16:26:24 2024 GMT
            Not After : Jan 20 16:31:24 2025 GMT
        Subject: CN=6C54106C1A90FCD2CE21C0B3960ACF9EAC35DCD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:dd:9d:97:48:ff:a5:76:d3:0a:fa:da:b1:4e:
                    6a:34:48:ad:25:06:17:56:05:84:a8:6a:5d:dc:a9:
                    88:5e:a6:ea:4e:5d:76:94:11:16:c4:e8:85:0f:04:
                    3a:bf:fb:13:71:a3:b8:18:39:35:ef:12:ce:c3:6b:
                    a8:f6:3a:2b:58:f5:aa:b0:8f:4f:3d:9a:ae:e8:a4:
                    f5:90:13:41:b3:dc:0f:1a:4a:ff:51:20:a0:06:2e:
                    8a:f8:64:97:87:c0:47:61:18:3e:2d:8f:97:30:f1:
                    aa:f2:f9:29:5e:75:cf:16:79:9d:d0:1f:a2:bd:19:
                    c2:57:a0:7a:40:86:bd:9c:e8:17:28:44:99:90:c7:
                    e8:07:a7:81:cf:84:95:26:31:d7:17:49:51:f4:cd:
                    d6:30:e8:a8:ce:9d:ba:58:4b:9e:a9:df:ed:d6:cc:
                    ed:3e:13:c9:19:64:c8:78:a6:73:24:cc:9c:11:fa:
                    08:7c:fe:d0:51:3e:d8:42:fe:a0:c2:04:75:8f:66:
                    75:0f:c1:43:cf:69:84:d1:77:f8:4a:83:6e:78:cd:
                    a3:b1:59:9f:bd:a9:98:99:b1:82:ba:68:c9:b1:c7:
                    9a:34:53:72:63:13:c0:9d:60:c3:b6:a7:ef:b2:df:
                    b7:5d:c1:87:28:4a:44:29:15:4b:a5:bc:6b:ec:7f:
                    d1:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:54:10:6C:1A:90:FC:D2:CE:21:C0:B3:96:0A:CF:9E:AC:35:DC:D4
            X509v3 Authority Key Identifier:
                keyid:9D:A2:3C:C2:CF:88:AE:45:85:CF:8A:AF:9A:71:4A:9A:D2:E6:F1:98

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a4c6bdc5-eb4e-4b6e-95f6-62790e57f3be/0/9DA23CC2CF88AE4585CF8AAF9A714A9AD2E6F198.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naI8ws-IrkWFz4qvmnFKmtLm8Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a4c6bdc5-eb4e-4b6e-95f6-62790e57f3be/0/326131333a656534303a3130303a3a2f34302d3438203d3e20323136303037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ee40:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         3f:e1:45:04:95:f8:83:26:23:64:17:1d:76:4d:af:e2:22:15:
         65:d2:47:4f:d5:f2:bd:ab:d8:b5:c0:9a:b5:21:90:ba:06:f7:
         f8:91:06:57:ab:2a:74:1c:a1:c2:1d:43:dc:86:a0:be:28:4b:
         4c:af:b9:a7:04:2b:02:88:18:36:1d:21:7c:d3:8d:41:fc:cb:
         bc:a2:c2:a4:11:f4:27:f9:14:7a:d6:da:7e:ea:71:f3:48:74:
         3a:6b:f4:fe:1e:e5:67:88:a7:d6:41:52:fd:2e:d9:cf:03:e8:
         94:0b:12:2f:91:33:07:ac:9d:b8:ec:57:4c:f4:a6:74:ca:88:
         85:e4:3d:35:8d:ae:9a:56:b5:40:7f:c8:9a:56:d4:36:38:5c:
         ad:f0:4f:a2:80:ee:b7:6d:35:cd:72:48:a5:7c:d6:32:88:01:
         4c:fc:3a:2a:8d:17:33:fc:9a:70:0d:da:87:a7:65:ae:e4:4a:
         40:78:20:09:17:be:b4:60:2a:7c:93:34:fa:4b:55:dd:f6:bf:
         fa:be:34:e2:f5:b3:15:70:ed:a9:33:5d:75:cc:d7:a2:5f:0c:
         e6:66:b9:32:9b:02:bb:51:b9:7a:5a:b2:3b:02:32:65:52:47:
         20:d7:1a:a6:ae:a9:fd:88:77:ca:1b:6f:7f:3b:6d:11:03:13:
         d4:68:cc:6f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIUAiP7WGVm17r6zrX85V6AaBrtJ5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRhMjNjYzJjZjg4YWU0NTg1Y2Y4YWFmOWE3MTRhOWFk
MmU2ZjE5ODAeFw0yNDAxMjIxNjI2MjRaFw0yNTAxMjAxNjMxMjRaMDMxMTAvBgNV
BAMTKDZDNTQxMDZDMUE5MEZDRDJDRTIxQzBCMzk2MEFDRjlFQUMzNURDRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK3Z2XSP+ldtMK+tqxTmo0SK0l
BhdWBYSoal3cqYhepupOXXaUERbE6IUPBDq/+xNxo7gYOTXvEs7Da6j2OitY9aqw
j089mq7opPWQE0Gz3A8aSv9RIKAGLor4ZJeHwEdhGD4tj5cw8ary+Sledc8WeZ3Q
H6K9GcJXoHpAhr2c6BcoRJmQx+gHp4HPhJUmMdcXSVH0zdYw6KjOnbpYS56p3+3W
zO0+E8kZZMh4pnMkzJwR+gh8/tBRPthC/qDCBHWPZnUPwUPPaYTRd/hKg254zaOx
WZ+9qZiZsYK6aMmxx5o0U3JjE8CdYMO2p++y37ddwYcoSkQpFUulvGvsf9HBAgMB
AAGjggJHMIICQzAdBgNVHQ4EFgQUbFQQbBqQ/NLOIcCzlgrPnqw13NQwHwYDVR0j
BBgwFoAUnaI8ws+IrkWFz4qvmnFKmtLm8ZgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTRjNmJkYzUtZWI0ZS00YjZlLTk1ZjYtNjI3OTBlNTdm
M2JlLzAvOURBMjNDQzJDRjg4QUU0NTg1Q0Y4QUFGOUE3MTRBOUFEMkU2RjE5OC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25hSTh3cy1JcmtXRno0cXZtbkZLbXRM
bThaZy5jZXIwgbUGCCsGAQUFBwELBIGoMIGlMIGiBggrBgEFBQcwC4aBlXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTRjNmJkYzUt
ZWI0ZS00YjZlLTk1ZjYtNjI3OTBlNTdmM2JlLzAvMzI2MTMxMzMzYTY1NjUzNDMw
M2EzMTMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzYzMDMwMzcucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAqE+5AATANBgkqhkiG9w0BAQsFAAOCAQEAP+FFBJX4gyYjZBcddk2v
4iIVZdJHT9XyvavYtcCatSGQugb3+JEGV6sqdByhwh1D3IagvihLTK+5pwQrAogY
Nh0hfNONQfzLvKLCpBH0J/kUetbafupx80h0Omv0/h7lZ4in1kFS/S7ZzwPolAsS
L5EzB6yduOxXTPSmdMqIheQ9NY2umla1QH/ImlbUNjhcrfBPooDut201zXJIpXzW
MogBTPw6Ko0XM/yacA3ah6dlruRKQHggCRe+tGAqfJM0+ktV3fa/+r404vWzFXDt
qTNddczXol8M5ma5MpsCu1G5elqyOwIyZVJHINcapq6p/Yh3yhtvfzttEQMT1GjM
bw==
-----END CERTIFICATE-----
Generated at Fri Apr 26 00:05:12 2024 by rpki-client on console-fra.rpki-client.org