Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/cc8ff7a9-54bb-42a5-b584-1c6684062d8a/0/326131333a393530303a31323a3a2f34382d3438203d3e2039303039.roa
File:                     326131333a393530303a31323a3a2f34382d3438203d3e2039303039.roa (raw, json)
Hash identifier:          sZMVi9ran9zeCEC4ChdHQMZz+hgVf9PTG2vjJHqD72k=
Subject key identifier:   FE:B1:BC:03:19:69:C2:B2:1D:DF:8E:00:A2:1F:E2:AE:D5:8E:82:92
Certificate issuer:       /CN=e8b29cf1b7e7b94f636eda75e229987364a40d4d
Certificate serial:       223ACFC02448605456C867D79D3925A84ACCBE1D
Authority key identifier: E8:B2:9C:F1:B7:E7:B9:4F:63:6E:DA:75:E2:29:98:73:64:A4:0D:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LKc8bfnuU9jbtp14imYc2SkDU0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/cc8ff7a9-54bb-42a5-b584-1c6684062d8a/0/326131333a393530303a31323a3a2f34382d3438203d3e2039303039.roa
Signing time:             Wed 15 May 2024 12:02:33 +0000
ROA not before:           Wed 15 May 2024 11:57:33 +0000
ROA not after:            Wed 14 May 2025 12:02:33 +0000
asID:                     9009
IP address blocks:        2a13:9500:12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/cc8ff7a9-54bb-42a5-b584-1c6684062d8a/0/E8B29CF1B7E7B94F636EDA75E229987364A40D4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/cc8ff7a9-54bb-42a5-b584-1c6684062d8a/0/E8B29CF1B7E7B94F636EDA75E229987364A40D4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LKc8bfnuU9jbtp14imYc2SkDU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:3a:cf:c0:24:48:60:54:56:c8:67:d7:9d:39:25:a8:4a:cc:be:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b29cf1b7e7b94f636eda75e229987364a40d4d
        Validity
            Not Before: May 15 11:57:33 2024 GMT
            Not After : May 14 12:02:33 2025 GMT
        Subject: CN=FEB1BC031969C2B21DDF8E00A21FE2AED58E8292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:22:a5:15:c0:b0:cb:8f:53:70:b7:d4:a9:ae:
                    e2:63:1c:45:18:ff:01:63:62:e3:be:94:36:57:7d:
                    8c:ee:3d:88:38:b2:9b:61:d5:1a:91:01:50:a9:7d:
                    4e:92:88:b7:bc:fa:24:b8:99:ab:a5:d6:ae:cb:08:
                    97:77:08:95:8f:6d:93:70:4e:e2:34:8d:58:a7:94:
                    c9:16:4e:18:d5:e1:84:60:fb:ee:60:9e:6d:f4:0f:
                    12:db:55:66:09:3f:9f:b0:fe:63:1b:e3:53:5d:ec:
                    3a:73:2a:80:06:a0:46:18:95:33:d1:ae:21:aa:60:
                    b9:e1:ad:72:ac:52:82:c2:2c:9e:61:2b:b7:34:6c:
                    b2:77:48:d2:29:38:8e:7c:bf:34:81:eb:c7:c6:be:
                    db:c2:5b:8e:06:8f:f2:61:65:23:87:c7:57:ae:bc:
                    40:1b:5b:67:70:4b:c9:8e:19:83:9f:2b:1b:e6:1a:
                    2f:6a:95:98:55:e8:e3:df:10:16:98:b8:38:74:09:
                    5c:20:cc:d1:82:59:a7:fe:c6:a7:97:6e:05:42:ea:
                    0a:bb:0c:0a:ca:e4:04:f0:8a:5c:e3:bf:ae:f3:b5:
                    f3:45:dd:e7:a9:e1:35:d2:2f:82:ee:ea:88:9d:49:
                    59:38:98:45:ee:63:0a:04:03:0c:ec:70:9c:88:6c:
                    61:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:B1:BC:03:19:69:C2:B2:1D:DF:8E:00:A2:1F:E2:AE:D5:8E:82:92
            X509v3 Authority Key Identifier:
                keyid:E8:B2:9C:F1:B7:E7:B9:4F:63:6E:DA:75:E2:29:98:73:64:A4:0D:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/cc8ff7a9-54bb-42a5-b584-1c6684062d8a/0/E8B29CF1B7E7B94F636EDA75E229987364A40D4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LKc8bfnuU9jbtp14imYc2SkDU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/cc8ff7a9-54bb-42a5-b584-1c6684062d8a/0/326131333a393530303a31323a3a2f34382d3438203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:76:93:9a:dc:29:3d:b4:23:8e:41:19:56:29:41:79:51:37:
         1b:ff:97:2c:46:7f:07:be:db:bd:21:23:be:c7:cc:19:fb:6a:
         a5:06:ca:af:98:43:07:b7:d4:e4:ed:55:24:02:fd:d4:23:4b:
         a2:46:e7:0f:7e:5c:17:aa:24:a5:b5:cd:e0:81:a5:c5:56:89:
         42:18:c1:41:f9:92:54:49:db:00:7e:e1:45:1e:4b:27:21:5b:
         04:30:9b:7e:bb:76:b1:a6:c3:79:98:5d:9e:36:eb:e5:72:31:
         82:71:b3:6c:8f:b7:bb:2e:77:88:97:c1:72:9f:2f:d3:ac:48:
         64:7b:a8:4f:9a:36:5f:b8:3f:e7:ce:2e:09:99:03:05:a2:ea:
         08:6f:f5:c5:67:ed:a8:9b:b0:77:b5:44:f8:17:5f:f0:ad:a5:
         fb:d1:29:31:65:d6:31:a8:27:d1:4a:5d:19:d9:08:35:68:61:
         72:91:3f:c1:b7:44:22:1c:7f:96:64:c4:8a:0d:6e:fb:06:29:
         d6:3c:db:4f:40:14:a0:30:0a:82:92:33:15:19:dc:d5:d6:c4:
         41:81:29:ab:ca:b8:af:8d:ba:fc:1e:f5:54:a8:4d:2e:a5:6d:
         79:2f:53:e8:32:75:0c:4b:30:1d:79:da:e1:4e:b6:88:f9:9b:
         f5:4b:86:7a
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIUIjrPwCRIYFRWyGfXnTklqErMvh0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZThiMjljZjFiN2U3Yjk0ZjYzNmVkYTc1ZTIyOTk4NzM2
NGE0MGQ0ZDAeFw0yNDA1MTUxMTU3MzNaFw0yNTA1MTQxMjAyMzNaMDMxMTAvBgNV
BAMTKEZFQjFCQzAzMTk2OUMyQjIxRERGOEUwMEEyMUZFMkFFRDU4RTgyOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOIqUVwLDLj1Nwt9SpruJjHEUY
/wFjYuO+lDZXfYzuPYg4spth1RqRAVCpfU6SiLe8+iS4maul1q7LCJd3CJWPbZNw
TuI0jVinlMkWThjV4YRg++5gnm30DxLbVWYJP5+w/mMb41Nd7DpzKoAGoEYYlTPR
riGqYLnhrXKsUoLCLJ5hK7c0bLJ3SNIpOI58vzSB68fGvtvCW44Gj/JhZSOHx1eu
vEAbW2dwS8mOGYOfKxvmGi9qlZhV6OPfEBaYuDh0CVwgzNGCWaf+xqeXbgVC6gq7
DArK5ATwilzjv67ztfNF3eep4TXSL4Lu6oidSVk4mEXuYwoEAwzscJyIbGEjAgMB
AAGjggJCMIICPjAdBgNVHQ4EFgQU/rG8AxlpwrId344Aoh/irtWOgpIwHwYDVR0j
BBgwFoAU6LKc8bfnuU9jbtp14imYc2SkDU0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2M4ZmY3YTktNTRiYi00MmE1LWI1ODQtMWM2Njg0MDYy
ZDhhLzAvRThCMjlDRjFCN0U3Qjk0RjYzNkVEQTc1RTIyOTk4NzM2NEE0MEQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZMS2M4YmZudVU5amJ0cDE0aW1ZYzJT
a0RVMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2M4ZmY3YTkt
NTRiYi00MmE1LWI1ODQtMWM2Njg0MDYyZDhhLzAvMzI2MTMxMzMzYTM5MzUzMDMw
M2EzMTMyM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzkzMDMwMzkucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkD
BwAqE5UAABIwDQYJKoZIhvcNAQELBQADggEBAB52k5rcKT20I45BGVYpQXlRNxv/
lyxGfwe+270hI77HzBn7aqUGyq+YQwe31OTtVSQC/dQjS6JG5w9+XBeqJKW1zeCB
pcVWiUIYwUH5klRJ2wB+4UUeSychWwQwm367drGmw3mYXZ426+VyMYJxs2yPt7su
d4iXwXKfL9OsSGR7qE+aNl+4P+fOLgmZAwWi6ghv9cVn7aibsHe1RPgXX/CtpfvR
KTFl1jGoJ9FKXRnZCDVoYXKRP8G3RCIcf5ZkxIoNbvsGKdY8209AFKAwCoKSMxUZ
3NXWxEGBKavKuK+Nuvwe9VSoTS6lbXkvU+gydQxLMB152uFOtoj5m/VLhno=
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:13:28 2024 by rpki-client on console-ams.rpki-client.org