Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a84b548c-275a-476e-bfbe-540e73e62383/0/326130643a643734303a3130353a3a2f34382d3438203d3e20323130303336.roa
File:                     326130643a643734303a3130353a3a2f34382d3438203d3e20323130303336.roa (raw, json)
Hash identifier:          UONAL4jxVfz8GT8TFAybQ/ZjE1N51ihskBMOpLCGFnQ=
Subject key identifier:   A7:80:68:1B:55:F4:89:30:B2:E8:3F:E5:6E:5D:36:A4:B0:09:2F:4D
Certificate issuer:       /CN=87d48146623246673056151f64abb8d1ee6b7727
Certificate serial:       41EF9CF138D3E926CCB8325AA73BEE2E4CF7AFD0
Authority key identifier: 87:D4:81:46:62:32:46:67:30:56:15:1F:64:AB:B8:D1:EE:6B:77:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h9SBRmIyRmcwVhUfZKu40e5rdyc.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a84b548c-275a-476e-bfbe-540e73e62383/0/326130643a643734303a3130353a3a2f34382d3438203d3e20323130303336.roa
Signing time:             Mon 15 Jan 2024 15:37:27 +0000
ROA not before:           Mon 15 Jan 2024 15:32:27 +0000
ROA not after:            Mon 13 Jan 2025 15:37:27 +0000
asID:                     210036
IP address blocks:        2a0d:d740:105::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a84b548c-275a-476e-bfbe-540e73e62383/0/87D48146623246673056151F64ABB8D1EE6B7727.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a84b548c-275a-476e-bfbe-540e73e62383/0/87D48146623246673056151F64ABB8D1EE6B7727.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h9SBRmIyRmcwVhUfZKu40e5rdyc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:ef:9c:f1:38:d3:e9:26:cc:b8:32:5a:a7:3b:ee:2e:4c:f7:af:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87d48146623246673056151f64abb8d1ee6b7727
        Validity
            Not Before: Jan 15 15:32:27 2024 GMT
            Not After : Jan 13 15:37:27 2025 GMT
        Subject: CN=A780681B55F48930B2E83FE56E5D36A4B0092F4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3c:62:51:aa:e8:32:f0:d9:24:24:5f:d0:10:
                    c4:4b:d6:71:45:e0:ac:c9:4d:86:66:c6:1d:4f:6a:
                    ea:68:06:29:18:d5:a9:4d:2e:30:b7:6d:ca:14:9a:
                    b4:69:af:29:9e:35:c5:1b:63:64:b6:a9:b3:b6:47:
                    a5:5f:1f:4d:f6:75:e1:f1:10:92:cb:63:51:42:10:
                    e1:f8:25:c6:1a:60:17:de:c0:08:db:c6:bd:83:9d:
                    54:12:b6:74:bf:5f:e0:a6:93:6c:81:56:e0:81:83:
                    dc:61:2e:7b:75:3b:68:9f:31:6a:e3:76:61:df:02:
                    a0:66:3e:6b:e8:5d:e3:bc:96:33:09:48:c7:c2:3f:
                    f8:bb:f9:d7:74:f2:3e:b1:b8:1b:c7:ed:ba:b6:94:
                    df:f9:5c:cf:a5:0a:fc:25:7d:74:c8:aa:07:52:3c:
                    7c:eb:85:fa:98:8b:87:54:8d:de:7e:93:c5:46:16:
                    dd:bc:7b:c5:8f:47:ae:4d:cd:ba:39:4c:40:ec:1c:
                    0e:2d:2c:92:49:6c:b0:29:d1:3e:82:a6:24:29:f5:
                    28:1a:06:e4:d9:41:ce:14:1c:bb:c4:04:fb:2b:40:
                    1c:9a:85:f8:4b:0d:e4:b9:c3:1a:6d:85:61:e7:de:
                    ca:b7:1d:73:9e:19:cf:ea:eb:24:d8:a7:5e:e4:d1:
                    5f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:80:68:1B:55:F4:89:30:B2:E8:3F:E5:6E:5D:36:A4:B0:09:2F:4D
            X509v3 Authority Key Identifier:
                keyid:87:D4:81:46:62:32:46:67:30:56:15:1F:64:AB:B8:D1:EE:6B:77:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a84b548c-275a-476e-bfbe-540e73e62383/0/87D48146623246673056151F64ABB8D1EE6B7727.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9SBRmIyRmcwVhUfZKu40e5rdyc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a84b548c-275a-476e-bfbe-540e73e62383/0/326130643a643734303a3130353a3a2f34382d3438203d3e20323130303336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d740:105::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:a7:a7:08:33:3f:a2:4a:d2:a8:25:2d:a7:48:b8:4c:e4:dd:
         80:72:e0:f1:70:2c:e2:d1:de:34:2b:8d:ae:ed:07:25:1e:6a:
         dd:f8:18:bd:45:77:2d:14:e8:db:4b:49:04:71:2c:cb:56:5e:
         c6:65:f5:9e:21:4a:04:cd:67:3f:8b:df:25:8c:77:86:51:3c:
         9a:a1:cf:35:30:0a:36:ef:6a:32:86:d8:59:c2:ce:29:06:39:
         26:4a:4b:57:c4:d5:c7:6a:78:91:3f:d8:56:4b:ab:f6:cb:bf:
         fc:f5:37:4b:97:7a:7e:6d:93:f1:6b:5f:d6:85:47:d3:bf:86:
         df:92:45:78:23:24:05:f3:2e:5d:41:2d:85:ba:99:4b:15:00:
         f0:a4:04:4b:d5:80:10:cd:64:d4:e4:ee:ee:57:df:0e:08:6b:
         a0:09:76:9d:e3:fa:70:f1:5e:57:41:4e:e7:d3:98:0c:df:f3:
         56:f9:cb:3f:8e:4e:9d:8e:92:d1:6d:b0:aa:ab:61:e0:d9:f1:
         a4:88:c5:23:86:fd:34:68:28:81:f8:f1:10:ad:81:83:90:44:
         04:e4:cb:92:b0:82:e1:f2:50:56:f0:86:2e:e7:e5:f4:68:55:
         0d:9f:08:07:e5:6d:29:54:0f:a5:62:2a:ff:1d:c9:15:c3:cc:
         5a:16:bd:2d
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgIUQe+c8TjT6SbMuDJapzvuLkz3r9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODdkNDgxNDY2MjMyNDY2NzMwNTYxNTFmNjRhYmI4ZDFl
ZTZiNzcyNzAeFw0yNDAxMTUxNTMyMjdaFw0yNTAxMTMxNTM3MjdaMDMxMTAvBgNV
BAMTKEE3ODA2ODFCNTVGNDg5MzBCMkU4M0ZFNTZFNUQzNkE0QjAwOTJGNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1PGJRqugy8NkkJF/QEMRL1nFF
4KzJTYZmxh1PaupoBikY1alNLjC3bcoUmrRprymeNcUbY2S2qbO2R6VfH032deHx
EJLLY1FCEOH4JcYaYBfewAjbxr2DnVQStnS/X+Cmk2yBVuCBg9xhLnt1O2ifMWrj
dmHfAqBmPmvoXeO8ljMJSMfCP/i7+dd08j6xuBvH7bq2lN/5XM+lCvwlfXTIqgdS
PHzrhfqYi4dUjd5+k8VGFt28e8WPR65Nzbo5TEDsHA4tLJJJbLAp0T6CpiQp9Sga
BuTZQc4UHLvEBPsrQByahfhLDeS5wxpthWHn3sq3HXOeGc/q6yTYp17k0V+JAgMB
AAGjggJIMIICRDAdBgNVHQ4EFgQUp4BoG1X0iTCy6D/lbl02pLAJL00wHwYDVR0j
BBgwFoAUh9SBRmIyRmcwVhUfZKu40e5rdycwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTg0YjU0OGMtMjc1YS00NzZlLWJmYmUtNTQwZTczZTYy
MzgzLzAvODdENDgxNDY2MjMyNDY2NzMwNTYxNTFGNjRBQkI4RDFFRTZCNzcyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2g5U0JSbUl5Um1jd1ZoVWZaS3U0MGU1
cmR5Yy5jZXIwgbUGCCsGAQUFBwELBIGoMIGlMIGiBggrBgEFBQcwC4aBlXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTg0YjU0OGMt
Mjc1YS00NzZlLWJmYmUtNTQwZTczZTYyMzgzLzAvMzI2MTMwNjQzYTY0MzczNDMw
M2EzMTMwMzUzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMjMxMzAzMDMzMzYucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8E
AgACMAkDBwAqDddAAQUwDQYJKoZIhvcNAQELBQADggEBACWnpwgzP6JK0qglLadI
uEzk3YBy4PFwLOLR3jQrja7tByUeat34GL1Fdy0U6NtLSQRxLMtWXsZl9Z4hSgTN
Zz+L3yWMd4ZRPJqhzzUwCjbvajKG2FnCzikGOSZKS1fE1cdqeJE/2FZLq/bLv/z1
N0uXen5tk/FrX9aFR9O/ht+SRXgjJAXzLl1BLYW6mUsVAPCkBEvVgBDNZNTk7u5X
3w4Ia6AJdp3j+nDxXldBTufTmAzf81b5yz+OTp2OktFtsKqrYeDZ8aSIxSOG/TRo
KIH48RCtgYOQRATky5KwguHyUFbwhi7n5fRoVQ2fCAflbSlUD6ViKv8dyRXDzFoW
vS0=
-----END CERTIFICATE-----
Generated at Mon Jun 17 23:33:55 2024 by rpki-client on console-ams.rpki-client.org