Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b6421908-75dc-430b-8fb9-748c75bb02c2/0/323030313a3637633a6535633a3a2f34382d3438203d3e20323135313331.roa
File:                     323030313a3637633a6535633a3a2f34382d3438203d3e20323135313331.roa (raw, json)
Hash identifier:          8S1mRepLz4anZXttxO74tmjo+5TJ/IvIFNDFY67JQHA=
Subject key identifier:   CA:42:D7:B8:D6:C4:47:D2:DD:AA:05:85:3E:12:70:35:D0:E5:66:78
Certificate issuer:       /CN=e4ba98fc3ebe806c782e589faf5295c3259212a8
Certificate serial:       06D4212B6B15938142DBB0C4FA55066EDEB7B8E8
Authority key identifier: E4:BA:98:FC:3E:BE:80:6C:78:2E:58:9F:AF:52:95:C3:25:92:12:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5LqY_D6-gGx4Llifr1KVwyWSEqg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b6421908-75dc-430b-8fb9-748c75bb02c2/0/323030313a3637633a6535633a3a2f34382d3438203d3e20323135313331.roa
Signing time:             Mon 27 May 2024 17:01:07 +0000
ROA not before:           Mon 27 May 2024 16:56:07 +0000
ROA not after:            Mon 26 May 2025 17:01:07 +0000
asID:                     215131
IP address blocks:        2001:67c:e5c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b6421908-75dc-430b-8fb9-748c75bb02c2/0/E4BA98FC3EBE806C782E589FAF5295C3259212A8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b6421908-75dc-430b-8fb9-748c75bb02c2/0/E4BA98FC3EBE806C782E589FAF5295C3259212A8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5LqY_D6-gGx4Llifr1KVwyWSEqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:d4:21:2b:6b:15:93:81:42:db:b0:c4:fa:55:06:6e:de:b7:b8:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4ba98fc3ebe806c782e589faf5295c3259212a8
        Validity
            Not Before: May 27 16:56:07 2024 GMT
            Not After : May 26 17:01:07 2025 GMT
        Subject: CN=CA42D7B8D6C447D2DDAA05853E127035D0E56678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:aa:7f:29:51:1a:a6:eb:ef:04:24:c8:08:73:
                    5d:23:ea:35:2a:91:4c:5c:2f:14:f5:b1:4b:36:74:
                    d9:61:08:cf:5f:61:43:60:e7:03:e7:d9:29:5e:35:
                    43:90:a5:87:66:62:8a:88:01:b1:7b:c6:69:99:e1:
                    0a:1c:0c:b8:f5:08:0d:74:31:02:c0:7f:1f:30:a6:
                    eb:fb:3f:a6:e7:1f:8c:1f:24:ea:d4:cb:06:a7:69:
                    85:36:2d:1c:8f:cd:82:cc:c8:e9:c8:a8:41:25:12:
                    6b:c1:18:a1:86:ce:d2:14:d2:86:ea:9f:a4:42:32:
                    38:31:93:b3:62:e5:dd:95:f5:5c:6a:27:f4:1d:71:
                    07:c8:a6:ef:38:18:23:7e:c1:1c:f8:8f:36:50:43:
                    58:4e:88:86:7f:b4:1f:d0:5f:62:b2:8b:c0:e2:66:
                    3b:33:84:56:9c:f7:14:f0:e5:9f:fd:00:a6:6e:31:
                    62:13:c6:10:db:18:60:d1:29:6d:2b:9d:09:02:94:
                    c2:d0:db:d2:3b:3c:1d:28:4b:4a:20:f9:5b:0f:55:
                    ec:5c:42:cb:4b:25:4e:38:74:c0:51:73:9b:40:23:
                    10:da:62:18:ff:2d:50:4d:64:24:0c:7c:39:ec:63:
                    f8:ca:bf:af:63:2f:d3:d4:34:91:1e:9a:a1:5e:66:
                    32:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:42:D7:B8:D6:C4:47:D2:DD:AA:05:85:3E:12:70:35:D0:E5:66:78
            X509v3 Authority Key Identifier:
                keyid:E4:BA:98:FC:3E:BE:80:6C:78:2E:58:9F:AF:52:95:C3:25:92:12:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b6421908-75dc-430b-8fb9-748c75bb02c2/0/E4BA98FC3EBE806C782E589FAF5295C3259212A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5LqY_D6-gGx4Llifr1KVwyWSEqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b6421908-75dc-430b-8fb9-748c75bb02c2/0/323030313a3637633a6535633a3a2f34382d3438203d3e20323135313331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e5c::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:e5:61:6b:75:4e:f2:c5:e0:d8:cc:39:d9:28:38:d3:be:04:
         72:09:cc:4b:a9:c3:b7:af:e0:f1:fe:10:60:0a:37:41:52:78:
         cb:e4:60:31:df:7f:50:9c:d9:83:e0:e0:fb:64:44:b7:00:ef:
         88:97:41:72:06:d4:9e:ba:7d:28:ea:cc:bc:9b:95:38:08:31:
         99:15:30:ff:1d:c3:c6:9d:11:b0:4a:cb:b7:e5:19:46:f1:d9:
         bb:f3:4d:fa:84:ab:0e:9a:5a:59:42:41:5a:2b:a3:97:3b:94:
         1a:a1:fc:a5:c9:93:33:85:e5:bb:d2:32:bc:42:cc:a2:5c:d6:
         25:bf:a2:b5:59:38:7a:3c:93:22:72:43:e2:1f:de:ff:a8:b5:
         a9:c1:ef:6d:4a:2b:48:5a:df:ea:29:6d:ed:19:e7:91:31:c2:
         91:39:8a:01:e4:8a:44:a1:6d:57:f5:13:37:8b:74:e2:80:c5:
         08:b3:ef:9f:4a:64:84:e0:71:e4:6d:1c:cd:05:a8:f3:48:1d:
         7d:6b:51:ab:80:f6:0c:cd:b9:74:c8:ad:24:59:d2:04:ef:d4:
         a8:60:03:8c:b6:95:aa:22:af:f2:3b:39:e9:f0:8e:ef:0c:8f:
         4b:f4:ed:dd:e5:2b:99:00:e4:7c:e5:da:ea:fe:e9:f1:d4:e9:
         eb:a1:21:7c
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUBtQhK2sVk4FC27DE+lUGbt63uOgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTRiYTk4ZmMzZWJlODA2Yzc4MmU1ODlmYWY1Mjk1YzMy
NTkyMTJhODAeFw0yNDA1MjcxNjU2MDdaFw0yNTA1MjYxNzAxMDdaMDMxMTAvBgNV
BAMTKENBNDJEN0I4RDZDNDQ3RDJEREFBMDU4NTNFMTI3MDM1RDBFNTY2NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyqn8pURqm6+8EJMgIc10j6jUq
kUxcLxT1sUs2dNlhCM9fYUNg5wPn2SleNUOQpYdmYoqIAbF7xmmZ4QocDLj1CA10
MQLAfx8wpuv7P6bnH4wfJOrUywanaYU2LRyPzYLMyOnIqEElEmvBGKGGztIU0obq
n6RCMjgxk7Ni5d2V9VxqJ/QdcQfIpu84GCN+wRz4jzZQQ1hOiIZ/tB/QX2Kyi8Di
ZjszhFac9xTw5Z/9AKZuMWITxhDbGGDRKW0rnQkClMLQ29I7PB0oS0og+VsPVexc
QstLJU44dMBRc5tAIxDaYhj/LVBNZCQMfDnsY/jKv69jL9PUNJEemqFeZjJTAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUykLXuNbER9LdqgWFPhJwNdDlZngwHwYDVR0j
BBgwFoAU5LqY/D6+gGx4Llifr1KVwyWSEqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjY0MjE5MDgtNzVkYy00MzBiLThmYjktNzQ4Yzc1YmIw
MmMyLzAvRTRCQTk4RkMzRUJFODA2Qzc4MkU1ODlGQUY1Mjk1QzMyNTkyMTJBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVMcVlfRDYtZ0d4NExsaWZyMUtWd3lX
U0VxZy5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjY0MjE5MDgt
NzVkYy00MzBiLThmYjktNzQ4Yzc1YmIwMmMyLzAvMzIzMDMwMzEzYTM2Mzc2MzNh
NjUzNTYzM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTM1MzEzMzMxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEGfA5cMA0GCSqGSIb3DQEBCwUAA4IBAQAK5WFrdU7yxeDYzDnZKDjT
vgRyCcxLqcO3r+Dx/hBgCjdBUnjL5GAx339QnNmD4OD7ZES3AO+Il0FyBtSeun0o
6sy8m5U4CDGZFTD/HcPGnRGwSsu35RlG8dm78036hKsOmlpZQkFaK6OXO5Qaofyl
yZMzheW70jK8QsyiXNYlv6K1WTh6PJMickPiH97/qLWpwe9tSitIWt/qKW3tGeeR
McKROYoB5IpEoW1X9RM3i3TigMUIs++fSmSE4HHkbRzNBajzSB19a1GrgPYMzbl0
yK0kWdIE79SoYAOMtpWqIq/yOznp8I7vDI9L9O3d5SuZAOR85drq/unx1OnroSF8
-----END CERTIFICATE-----
Generated at Thu Nov 21 12:08:37 2024 by rpki-client on console-fra.rpki-client.org