Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c128271e-c269-4954-87db-d184df17f85c/2/326131323a646434373a333330303a3a2f34302d3438203d3e20323131313531.roa
File:                     326131323a646434373a333330303a3a2f34302d3438203d3e20323131313531.roa (raw, json)
Hash identifier:          rdPrx+Vx1U/7x4HhZdRnb1qe3n5l7txV+MdjY3r6C/4=
Subject key identifier:   B1:57:32:CB:49:D8:D2:0E:23:8B:DB:FE:E6:35:40:9A:4A:21:71:F4
Certificate issuer:       /CN=AE12472DA1E0AFD2B0E9D5DC6F4EDE16C4D111CF
Certificate serial:       7A7D8A65ED932534B6D8B6123B26145FA56FA8BE
Authority key identifier: AE:12:47:2D:A1:E0:AF:D2:B0:E9:D5:DC:6F:4E:DE:16:C4:D1:11:CF
Authority info access:    rsync://rpki.co/repo/AS945/1/AE12472DA1E0AFD2B0E9D5DC6F4EDE16C4D111CF.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c128271e-c269-4954-87db-d184df17f85c/2/326131323a646434373a333330303a3a2f34302d3438203d3e20323131313531.roa
Signing time:             Tue 16 Apr 2024 11:18:37 +0000
ROA not before:           Tue 16 Apr 2024 11:13:37 +0000
ROA not after:            Tue 15 Apr 2025 11:18:37 +0000
asID:                     211151
IP address blocks:        2a12:dd47:3300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c128271e-c269-4954-87db-d184df17f85c/2/AE12472DA1E0AFD2B0E9D5DC6F4EDE16C4D111CF.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c128271e-c269-4954-87db-d184df17f85c/2/AE12472DA1E0AFD2B0E9D5DC6F4EDE16C4D111CF.mft
                          rsync://rpki.co/repo/AS945/1/AE12472DA1E0AFD2B0E9D5DC6F4EDE16C4D111CF.cer
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:11:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:7d:8a:65:ed:93:25:34:b6:d8:b6:12:3b:26:14:5f:a5:6f:a8:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AE12472DA1E0AFD2B0E9D5DC6F4EDE16C4D111CF
        Validity
            Not Before: Apr 16 11:13:37 2024 GMT
            Not After : Apr 15 11:18:37 2025 GMT
        Subject: CN=B15732CB49D8D20E238BDBFEE635409A4A2171F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5a:65:c8:d7:8b:b0:98:12:52:53:e8:cb:2b:
                    e4:eb:6d:39:b0:31:cb:14:ae:80:dd:10:f0:3f:78:
                    65:d1:ea:b4:8d:84:f1:f6:53:eb:1b:ca:95:c0:a6:
                    da:fd:77:75:46:a2:8f:0e:80:76:cc:66:c2:02:28:
                    33:9b:89:77:07:90:aa:3c:bb:78:36:6e:db:e8:62:
                    9e:b5:42:36:d6:f4:57:9c:da:2c:72:b4:e0:73:ea:
                    25:06:0d:09:55:e0:f9:e2:e3:78:04:04:41:70:99:
                    32:26:db:92:d7:92:82:f1:14:c5:55:64:8b:4a:a5:
                    94:29:ed:57:0b:4e:f5:15:8c:dc:5a:a1:cf:f6:91:
                    74:ec:26:4f:72:51:a7:38:85:e6:2d:51:3f:a5:c6:
                    af:d9:7b:c9:80:74:6d:ff:73:0b:40:3e:30:43:21:
                    49:c1:e5:38:47:f0:76:40:a9:74:b3:76:fe:65:59:
                    84:3e:74:fa:14:20:7c:5a:cc:53:75:3a:a3:52:46:
                    f6:cb:27:2b:9d:76:f8:ff:3b:0c:e2:b0:d2:00:bf:
                    65:d1:57:3a:d5:56:79:97:65:e9:ac:0c:39:34:51:
                    8c:f0:97:35:3c:53:e3:47:aa:6c:5a:90:9c:7f:2f:
                    13:da:b1:7c:dc:aa:a4:0e:53:40:6f:40:e9:77:06:
                    52:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:57:32:CB:49:D8:D2:0E:23:8B:DB:FE:E6:35:40:9A:4A:21:71:F4
            X509v3 Authority Key Identifier:
                keyid:AE:12:47:2D:A1:E0:AF:D2:B0:E9:D5:DC:6F:4E:DE:16:C4:D1:11:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c128271e-c269-4954-87db-d184df17f85c/2/AE12472DA1E0AFD2B0E9D5DC6F4EDE16C4D111CF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.co/repo/AS945/1/AE12472DA1E0AFD2B0E9D5DC6F4EDE16C4D111CF.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c128271e-c269-4954-87db-d184df17f85c/2/326131323a646434373a333330303a3a2f34302d3438203d3e20323131313531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:3300::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:66:7e:cf:05:42:d3:df:e2:de:b7:18:c1:82:40:e0:69:f7:
         9c:35:1c:64:b1:c3:dd:3e:9d:db:63:8e:b8:f1:37:ce:45:b2:
         ac:79:20:09:fc:f2:8c:92:94:60:5f:a2:92:ee:2d:a2:3d:f0:
         16:d2:99:ec:19:53:d7:b5:04:88:f4:39:a9:0f:b8:31:94:12:
         e1:72:56:4c:81:e1:25:91:5a:09:1c:f7:34:dc:dc:d5:1c:48:
         45:c9:94:b0:04:60:43:35:fe:6a:3d:63:6b:9d:e9:17:e9:5d:
         83:75:26:2c:ea:d4:f4:dc:22:b1:cd:4f:c6:64:86:2f:85:98:
         19:e0:ac:a4:6e:cd:9d:17:22:c3:99:9e:a5:e4:6f:76:9e:3b:
         6e:07:d3:9d:b6:57:e5:e7:09:4e:8e:38:51:21:a9:95:41:d4:
         eb:04:f8:be:37:3e:be:bd:96:08:44:f5:3e:28:79:84:07:58:
         96:b7:19:c2:92:76:d0:d5:05:ca:e4:28:d0:84:7c:f3:00:67:
         98:82:ef:c9:0d:c9:e8:ed:ca:ac:c8:c6:d0:a4:5f:c6:1d:54:
         4c:48:97:54:ef:aa:db:44:c3:09:b8:95:67:6e:ae:7c:3a:c9:
         b7:2e:1f:15:77:5d:97:fb:b1:77:59:a3:a7:bf:f5:94:0f:6f:
         a3:31:46:b5
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIUen2KZe2TJTS22LYSOyYUX6VvqL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUUxMjQ3MkRBMUUwQUZEMkIwRTlENURDNkY0RURFMTZD
NEQxMTFDRjAeFw0yNDA0MTYxMTEzMzdaFw0yNTA0MTUxMTE4MzdaMDMxMTAvBgNV
BAMTKEIxNTczMkNCNDlEOEQyMEUyMzhCREJGRUU2MzU0MDlBNEEyMTcxRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZWmXI14uwmBJSU+jLK+TrbTmw
McsUroDdEPA/eGXR6rSNhPH2U+sbypXAptr9d3VGoo8OgHbMZsICKDObiXcHkKo8
u3g2btvoYp61QjbW9Fec2ixytOBz6iUGDQlV4Pni43gEBEFwmTIm25LXkoLxFMVV
ZItKpZQp7VcLTvUVjNxaoc/2kXTsJk9yUac4heYtUT+lxq/Ze8mAdG3/cwtAPjBD
IUnB5ThH8HZAqXSzdv5lWYQ+dPoUIHxazFN1OqNSRvbLJyuddvj/OwzisNIAv2XR
VzrVVnmXZemsDDk0UYzwlzU8U+NHqmxakJx/LxPasXzcqqQOU0BvQOl3BlLXAgMB
AAGjggJKMIICRjAdBgNVHQ4EFgQUsVcyy0nY0g4ji9v+5jVAmkohcfQwHwYDVR0j
BBgwFoAUrhJHLaHgr9Kw6dXcb07eFsTREc8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzEyODI3MWUtYzI2OS00OTU0LTg3ZGItZDE4NGRmMTdm
ODVjLzIvQUUxMjQ3MkRBMUUwQUZEMkIwRTlENURDNkY0RURFMTZDNEQxMTFDRi5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kuY28v
cmVwby9BUzk0NS8xL0FFMTI0NzJEQTFFMEFGRDJCMEU5RDVEQzZGNEVERTE2QzRE
MTExQ0YuY2VyMIG3BggrBgEFBQcBCwSBqjCBpzCBpAYIKwYBBQUHMAuGgZdyc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2MxMjgyNzFl
LWMyNjktNDk1NC04N2RiLWQxODRkZjE3Zjg1Yy8yLzMyNjEzMTMyM2E2NDY0MzQz
NzNhMzMzMzMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzEzMTM1MzEu
cm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQ
MA4EAgACMAgDBgAqEt1HMzANBgkqhkiG9w0BAQsFAAOCAQEAaGZ+zwVC09/i3rcY
wYJA4Gn3nDUcZLHD3T6d22OOuPE3zkWyrHkgCfzyjJKUYF+iku4toj3wFtKZ7BlT
17UEiPQ5qQ+4MZQS4XJWTIHhJZFaCRz3NNzc1RxIRcmUsARgQzX+aj1ja53pF+ld
g3UmLOrU9Nwisc1PxmSGL4WYGeCspG7NnRciw5mepeRvdp47bgfTnbZX5ecJTo44
USGplUHU6wT4vjc+vr2WCET1Pih5hAdYlrcZwpJ20NUFyuQo0IR88wBnmILvyQ3J
6O3KrMjG0KRfxh1UTEiXVO+q20TDCbiVZ26ufDrJty4fFXddl/uxd1mjp7/1lA9v
ozFGtQ==
-----END CERTIFICATE-----
Generated at Sun Jun 16 06:42:16 2024 by rpki-client on console-ams.rpki-client.org