Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3730313a3a2f34382d3438203d3e20323033353131.roa
File:                     326130663a383563313a3730313a3a2f34382d3438203d3e20323033353131.roa (raw, json)
Hash identifier:          CFN97R35TUA0q9T8HLJHqRflaLyXUQ+FQ2g6IwbOaNQ=
Subject key identifier:   0C:01:88:97:32:DE:22:ED:B1:3B:FF:C9:EF:5F:A4:BF:2A:BC:E9:77
Certificate issuer:       /CN=1A90A6AE1542A353CCA74977EB2BFE2A49C18377
Certificate serial:       1BDDF9FF2606B342A7E90D1641B4BBCA27B0E552
Authority key identifier: 1A:90:A6:AE:15:42:A3:53:CC:A7:49:77:EB:2B:FE:2A:49:C1:83:77
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3730313a3a2f34382d3438203d3e20323033353131.roa
Signing time:             Mon 25 Mar 2024 04:55:51 +0000
ROA not before:           Mon 25 Mar 2024 04:50:51 +0000
ROA not after:            Mon 24 Mar 2025 04:55:51 +0000
asID:                     203511
IP address blocks:        2a0f:85c1:701::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:dd:f9:ff:26:06:b3:42:a7:e9:0d:16:41:b4:bb:ca:27:b0:e5:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1A90A6AE1542A353CCA74977EB2BFE2A49C18377
        Validity
            Not Before: Mar 25 04:50:51 2024 GMT
            Not After : Mar 24 04:55:51 2025 GMT
        Subject: CN=0C01889732DE22EDB13BFFC9EF5FA4BF2ABCE977
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:28:60:bb:f0:8e:c1:60:b4:bf:4a:7b:3b:b7:
                    fc:74:fc:63:7d:69:f4:ee:29:cc:3b:97:20:1f:97:
                    6e:7b:34:18:f6:38:68:4d:6c:d6:d6:e8:05:96:79:
                    90:ed:74:92:a7:8d:36:3b:0c:18:b5:0d:5b:17:26:
                    f6:1a:4a:01:86:c3:cf:b5:97:07:e4:20:45:0a:1b:
                    db:61:0f:2a:22:2d:37:95:d2:63:0b:b7:89:bc:b1:
                    e0:3f:54:6d:ac:18:34:b2:bd:d8:bf:74:7c:b5:c6:
                    17:cb:a7:a6:a8:f5:56:0e:fc:7a:79:5c:ab:a4:85:
                    22:40:0b:d0:e3:01:6d:a8:0d:13:e8:a8:ac:95:22:
                    fc:a4:de:13:94:0e:a1:2e:4b:92:99:a4:91:24:41:
                    3e:f7:a5:58:21:4d:b6:8a:55:48:aa:40:6b:e2:52:
                    a0:84:c5:cc:dc:ab:66:96:ad:83:ce:96:0c:30:26:
                    2b:ec:f6:c1:36:f2:cd:25:be:77:28:0b:42:73:51:
                    78:73:be:ab:39:39:07:82:24:6d:c1:39:d4:58:18:
                    e5:a5:6e:ae:fd:78:72:03:25:40:b9:2a:28:3c:18:
                    20:26:6a:b4:47:a5:51:77:fb:12:4f:0f:c3:25:49:
                    60:8e:8a:01:01:c9:5b:b5:8d:94:5a:26:26:a3:73:
                    00:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:01:88:97:32:DE:22:ED:B1:3B:FF:C9:EF:5F:A4:BF:2A:BC:E9:77
            X509v3 Authority Key Identifier:
                keyid:1A:90:A6:AE:15:42:A3:53:CC:A7:49:77:EB:2B:FE:2A:49:C1:83:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3730313a3a2f34382d3438203d3e20323033353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:701::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:13:ad:8f:b0:17:bc:fe:e4:f6:d9:fa:dc:4f:47:44:ad:2d:
         9f:00:8f:e5:fb:48:22:f4:2c:4d:36:d9:a7:97:7f:5c:f8:a0:
         18:e7:0c:70:ff:cf:81:89:24:99:89:8b:0f:d5:e7:43:04:0e:
         a1:13:26:37:63:cb:1f:ee:e3:c5:59:c9:b3:a4:af:e5:ff:bb:
         fb:80:d7:c9:f6:97:3f:5b:8d:6d:c7:67:2d:8c:6f:09:2f:17:
         62:49:23:02:6b:74:dc:62:d0:e2:a6:b6:56:ba:57:e7:31:7d:
         39:17:7b:ef:cd:b1:f2:5d:81:71:ae:d4:c1:66:5c:fc:b5:58:
         40:ec:bf:41:5d:64:29:f9:a0:78:93:c7:93:0d:fd:c0:ee:82:
         73:66:72:01:28:9e:2d:be:a1:2b:5e:b8:ca:0f:f8:b8:52:26:
         d9:d5:e7:86:a6:f7:e1:c3:be:73:c7:56:66:4a:d0:59:14:21:
         58:ab:c3:ef:37:1f:df:65:9c:06:26:fa:dc:7f:1b:61:59:f4:
         99:ac:40:cd:5f:74:6e:9d:64:15:46:a1:b7:80:98:a2:0a:42:
         40:17:60:63:16:54:fd:80:f4:65:ab:bf:52:ba:5c:fb:2a:13:
         ac:bd:b4:5c:d7:35:62:4a:56:60:a9:8b:ef:80:f0:25:9e:f9:
         85:60:18:00
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUG935/yYGs0Kn6Q0WQbS7yiew5VIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUE5MEE2QUUxNTQyQTM1M0NDQTc0OTc3RUIyQkZFMkE0
OUMxODM3NzAeFw0yNDAzMjUwNDUwNTFaFw0yNTAzMjQwNDU1NTFaMDMxMTAvBgNV
BAMTKDBDMDE4ODk3MzJERTIyRURCMTNCRkZDOUVGNUZBNEJGMkFCQ0U5NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaKGC78I7BYLS/Sns7t/x0/GN9
afTuKcw7lyAfl257NBj2OGhNbNbW6AWWeZDtdJKnjTY7DBi1DVsXJvYaSgGGw8+1
lwfkIEUKG9thDyoiLTeV0mMLt4m8seA/VG2sGDSyvdi/dHy1xhfLp6ao9VYO/Hp5
XKukhSJAC9DjAW2oDRPoqKyVIvyk3hOUDqEuS5KZpJEkQT73pVghTbaKVUiqQGvi
UqCExczcq2aWrYPOlgwwJivs9sE28s0lvncoC0JzUXhzvqs5OQeCJG3BOdRYGOWl
bq79eHIDJUC5Kig8GCAmarRHpVF3+xJPD8MlSWCOigEByVu1jZRaJiajcwCfAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUDAGIlzLeIu2xO//J71+kvyq86XcwHwYDVR0j
BBgwFoAUGpCmrhVCo1PMp0l36yv+KknBg3cwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDA2MzMzYzYtOTQ2ZC00YjBiLTk1ZWYtZGFiYTI2MmE0
MmUxLzEvMUE5MEE2QUUxNTQyQTM1M0NDQTc0OTc3RUIyQkZFMkE0OUMxODM3Ny5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9mYzIwYWRkMy1hODhlLTRi
YjItYTg0ZC01NWRhMjEyOGYxOTYvMC8xQTkwQTZBRTE1NDJBMzUzQ0NBNzQ5NzdF
QjJCRkUyQTQ5QzE4Mzc3LmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9kMDYzMzNjNi05NDZkLTRiMGItOTVlZi1kYWJhMjYyYTQyZTEvMS8zMjYxMzA2
NjNhMzgzNTYzMzEzYTM3MzAzMTNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAz
MzM1MzEzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoPhcEHATANBgkqhkiG9w0BAQsFAAOCAQEAUROt
j7AXvP7k9tn63E9HRK0tnwCP5ftIIvQsTTbZp5d/XPigGOcMcP/PgYkkmYmLD9Xn
QwQOoRMmN2PLH+7jxVnJs6Sv5f+7+4DXyfaXP1uNbcdnLYxvCS8XYkkjAmt03GLQ
4qa2VrpX5zF9ORd7782x8l2Bca7UwWZc/LVYQOy/QV1kKfmgeJPHkw39wO6Cc2Zy
ASieLb6hK164yg/4uFIm2dXnhqb34cO+c8dWZkrQWRQhWKvD7zcf32WcBib63H8b
YVn0maxAzV90bp1kFUaht4CYogpCQBdgYxZU/YD0Zau/Urpc+yoTrL20XNc1YkpW
YKmL74DwJZ75hWAYAA==
-----END CERTIFICATE-----
Generated at Sun Jun 16 06:06:48 2024 by rpki-client on console-fra.rpki-client.org