Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/323030313a3637633a3333633a3a2f34382d3438203d3e2035343634.roa
File:                     323030313a3637633a3333633a3a2f34382d3438203d3e2035343634.roa (raw, json)
Hash identifier:          ctmz9i6j9MzmoRzm8Yae2LkIQQsvUmf+XGfjJWt9iD4=
Subject key identifier:   A8:F6:D1:06:03:93:D9:17:9C:8B:71:FA:A4:B4:60:90:97:93:B5:4B
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       721CFAA7339384B7A7809DB6B81DFAFC43E1BD2C
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/323030313a3637633a3333633a3a2f34382d3438203d3e2035343634.roa
Signing time:             Wed 22 May 2024 16:05:16 +0000
ROA not before:           Wed 22 May 2024 16:00:16 +0000
ROA not after:            Wed 21 May 2025 16:05:16 +0000
asID:                     5464
IP address blocks:        2001:67c:33c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:1c:fa:a7:33:93:84:b7:a7:80:9d:b6:b8:1d:fa:fc:43:e1:bd:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: May 22 16:00:16 2024 GMT
            Not After : May 21 16:05:16 2025 GMT
        Subject: CN=A8F6D1060393D9179C8B71FAA4B460909793B54B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3f:f3:d9:11:c0:f8:b7:e2:ac:5b:06:00:9a:
                    1e:14:49:44:a2:52:1a:32:c2:56:2c:ee:0c:e2:4c:
                    d3:b7:32:1f:6f:16:5c:4a:55:85:5c:79:9c:83:d1:
                    ba:2a:25:35:21:67:46:1b:53:93:0c:ec:8a:3a:54:
                    30:b9:02:ec:4b:d6:5d:3f:b8:f8:f9:58:c8:1e:d9:
                    c3:bf:b6:7c:06:21:66:44:d8:a1:30:08:8b:05:82:
                    18:34:2d:97:b8:3a:d2:72:d3:88:e8:a1:d7:96:db:
                    0e:f5:58:d7:13:98:1c:60:8d:4d:76:29:76:e7:07:
                    d3:89:66:47:d6:d3:de:2f:69:cb:bc:c2:9f:1a:a0:
                    af:62:04:44:b9:5f:a7:5a:64:55:be:96:34:92:4c:
                    b4:f0:d4:bd:15:4b:19:59:47:e6:6f:f6:21:5f:26:
                    8e:3c:56:0f:9e:3e:91:7a:a9:42:e4:d1:87:10:b6:
                    46:e6:1f:c1:51:74:54:90:92:5b:62:ee:15:9b:fe:
                    39:c9:33:9f:1c:15:e4:27:2c:e6:5a:11:75:02:bd:
                    3d:b2:d0:a8:27:88:27:19:8c:77:7b:49:e8:7d:e2:
                    9b:cd:55:9c:d0:15:fc:1f:2e:fb:1f:c2:13:2f:d0:
                    04:41:a6:58:e6:fd:fc:56:1e:bd:f6:3b:20:55:2c:
                    ab:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:F6:D1:06:03:93:D9:17:9C:8B:71:FA:A4:B4:60:90:97:93:B5:4B
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/323030313a3637633a3333633a3a2f34382d3438203d3e2035343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:33c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:c6:f6:af:da:6e:db:40:df:f6:53:df:9b:89:fa:b8:05:9c:
         7d:6d:a9:34:c3:ab:a2:28:d8:38:e4:37:81:f3:e0:33:e7:9e:
         cf:d6:f3:16:ed:14:11:32:7e:fc:e7:10:7a:80:38:84:f9:86:
         93:72:92:ef:17:3d:f4:36:dd:90:0e:ec:a2:0e:60:4e:72:b7:
         66:10:17:c1:1d:eb:08:2e:ab:cb:7d:8f:3c:a0:33:78:78:b8:
         2f:6b:1a:2d:fe:90:8a:4b:6f:c6:e6:f8:8b:4e:b3:d5:cb:b9:
         82:b4:7f:32:9e:9d:62:32:02:2d:a0:04:83:91:ee:57:88:45:
         70:7a:f0:08:73:d1:09:53:28:d1:d6:6f:55:c1:8f:a5:fb:32:
         3b:3e:58:19:22:1e:b4:8c:ae:a6:0c:20:15:41:9f:f2:f2:32:
         68:aa:a2:9c:d0:ec:12:c4:a0:53:7b:b7:56:bc:a4:04:b1:bb:
         29:d3:6d:21:67:c3:3e:18:18:8b:6e:f3:49:fa:5a:46:59:37:
         de:c7:8a:2d:f0:f8:9f:2b:87:6d:0a:47:91:c3:ea:f6:ad:8c:
         21:59:81:9f:54:e4:0b:71:9e:31:e9:94:bb:d9:98:26:51:f9:
         0e:e0:a6:3c:e1:98:55:d6:a7:89:9f:df:a7:61:9f:c1:1d:c5:
         fa:18:76:5d
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIUchz6pzOThLengJ22uB36/EPhvSwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNDA1MjIxNjAwMTZaFw0yNTA1MjExNjA1MTZaMDMxMTAvBgNV
BAMTKEE4RjZEMTA2MDM5M0Q5MTc5QzhCNzFGQUE0QjQ2MDkwOTc5M0I1NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXP/PZEcD4t+KsWwYAmh4USUSi
UhoywlYs7gziTNO3Mh9vFlxKVYVceZyD0boqJTUhZ0YbU5MM7Io6VDC5AuxL1l0/
uPj5WMge2cO/tnwGIWZE2KEwCIsFghg0LZe4OtJy04joodeW2w71WNcTmBxgjU12
KXbnB9OJZkfW094vacu8wp8aoK9iBES5X6daZFW+ljSSTLTw1L0VSxlZR+Zv9iFf
Jo48Vg+ePpF6qULk0YcQtkbmH8FRdFSQklti7hWb/jnJM58cFeQnLOZaEXUCvT2y
0KgniCcZjHd7Seh94pvNVZzQFfwfLvsfwhMv0ARBpljm/fxWHr32OyBVLKvvAgMB
AAGjggJCMIICPjAdBgNVHQ4EFgQUqPbRBgOT2Reci3H6pLRgkJeTtUswHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzIzMDMwMzEzYTM2Mzc2MzNh
MzMzMzYzM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzUzNDM2MzQucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkD
BwAgAQZ8AzwwDQYJKoZIhvcNAQELBQADggEBAF7G9q/abttA3/ZT35uJ+rgFnH1t
qTTDq6Io2DjkN4Hz4DPnns/W8xbtFBEyfvznEHqAOIT5hpNyku8XPfQ23ZAO7KIO
YE5yt2YQF8Ed6wguq8t9jzygM3h4uC9rGi3+kIpLb8bm+ItOs9XLuYK0fzKenWIy
Ai2gBIOR7leIRXB68Ahz0QlTKNHWb1XBj6X7Mjs+WBkiHrSMrqYMIBVBn/LyMmiq
opzQ7BLEoFN7t1a8pASxuynTbSFnwz4YGItu80n6WkZZN97Hii3w+J8rh20KR5HD
6vatjCFZgZ9U5AtxnjHplLvZmCZR+Q7gpjzhmFXWp4mf36dhn8EdxfoYdl0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:07:16 2024 by rpki-client on console-ams.rpki-client.org