Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3766353a3a2f34382d3438203d3e20323135373631.roa
File:                     326130663a383563313a3766353a3a2f34382d3438203d3e20323135373631.roa (raw, json)
Hash identifier:          17qN8Bd0gWBZvDkn96RHqKMURz1HVyJmOiwn1OSD2G0=
Subject key identifier:   9A:E2:AA:04:82:EC:EE:00:45:9C:15:95:28:70:32:DE:5E:59:B3:42
Certificate issuer:       /CN=1A90A6AE1542A353CCA74977EB2BFE2A49C18377
Certificate serial:       7715798EE108F47FEE8326048BFAB8A3B0E4CCF6
Authority key identifier: 1A:90:A6:AE:15:42:A3:53:CC:A7:49:77:EB:2B:FE:2A:49:C1:83:77
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3766353a3a2f34382d3438203d3e20323135373631.roa
Signing time:             Thu 03 Oct 2024 21:42:22 +0000
ROA not before:           Thu 03 Oct 2024 21:37:22 +0000
ROA not after:            Thu 02 Oct 2025 21:42:22 +0000
asID:                     215761
IP address blocks:        2a0f:85c1:7f5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Oct 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:15:79:8e:e1:08:f4:7f:ee:83:26:04:8b:fa:b8:a3:b0:e4:cc:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1A90A6AE1542A353CCA74977EB2BFE2A49C18377
        Validity
            Not Before: Oct  3 21:37:22 2024 GMT
            Not After : Oct  2 21:42:22 2025 GMT
        Subject: CN=9AE2AA0482ECEE00459C1595287032DE5E59B342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a0:a3:5d:93:f1:e4:13:ed:1e:aa:40:19:48:
                    ad:96:38:de:74:04:66:96:35:e2:97:51:f1:a3:fb:
                    88:72:57:00:cd:30:53:b7:aa:62:94:5e:cb:bf:fa:
                    a5:cf:da:d3:ce:8f:8b:a3:31:d6:93:23:4d:d6:c4:
                    5c:c2:d9:1a:99:05:99:68:06:26:9d:2c:0b:d2:16:
                    58:83:91:a5:15:ca:b0:e2:a3:4b:3e:07:0d:92:75:
                    ae:b5:56:69:03:ed:95:17:ef:ba:dc:54:b8:c1:c8:
                    93:27:04:7d:14:fe:5f:35:d6:c4:31:eb:79:39:8f:
                    88:26:2e:e9:99:11:3c:fe:2c:13:57:be:e8:c4:47:
                    b7:73:3a:5f:68:1d:34:fb:b0:a1:85:ab:8e:30:ee:
                    7a:5e:ad:ac:8a:0b:38:96:d9:2a:31:a4:fe:d8:54:
                    7b:e1:fb:aa:f7:30:11:25:e1:96:d5:b5:2e:a5:96:
                    df:0d:e5:11:e2:f2:d0:ad:2c:b6:1b:a0:82:95:46:
                    76:3f:47:83:e7:35:54:a6:b4:6a:b9:83:50:a8:a6:
                    06:85:41:62:7d:8e:ea:63:8d:8a:82:e2:56:26:0b:
                    12:9f:d2:79:85:44:01:06:60:95:0b:78:ef:eb:8a:
                    67:e0:80:86:f6:ce:42:06:c8:76:e8:80:02:b1:6e:
                    27:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:E2:AA:04:82:EC:EE:00:45:9C:15:95:28:70:32:DE:5E:59:B3:42
            X509v3 Authority Key Identifier:
                keyid:1A:90:A6:AE:15:42:A3:53:CC:A7:49:77:EB:2B:FE:2A:49:C1:83:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3766353a3a2f34382d3438203d3e20323135373631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:7f5::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:8b:69:6a:8a:6b:40:fa:9f:56:d5:47:fe:f4:cd:a2:ad:27:
         b9:5d:e2:a6:5f:5a:b2:5d:63:f0:1e:43:e2:7b:1b:96:16:19:
         85:56:0c:45:6d:9c:3a:a6:fe:09:cf:2c:28:36:6c:11:f3:18:
         4e:a1:ed:91:28:13:60:30:c5:9e:d0:15:2d:62:ea:52:a0:87:
         13:1a:67:df:10:9b:77:fb:69:1c:ed:90:c9:6b:1e:86:87:18:
         3b:a8:b2:8a:0a:46:dc:57:40:30:dd:b0:77:f0:33:f2:72:96:
         05:d0:b6:61:cf:d0:6d:4c:cb:41:ee:e5:08:cc:eb:dd:0c:2a:
         16:20:b7:b4:fe:49:f3:f4:bd:1d:1b:52:66:de:6f:f7:c7:30:
         e8:3e:08:0f:d7:d7:3b:31:2b:6d:32:f1:5b:81:e1:f9:1a:59:
         0a:5d:dd:e5:6b:20:25:83:5d:79:04:39:b2:af:6f:2d:39:48:
         66:9c:5c:2b:41:e8:e0:d4:45:fe:e7:99:5e:26:30:3a:7b:14:
         1e:4c:54:0c:44:79:44:97:5f:ce:ec:83:80:1c:ca:85:86:b4:
         51:8f:35:bd:ff:0f:c6:4f:3c:e3:c8:af:16:90:e6:2c:2f:b5:
         dc:27:fe:aa:39:05:d7:73:8a:07:d8:82:20:ca:c8:2f:d5:6a:
         15:76:3d:4a
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUdxV5juEI9H/ugyYEi/q4o7DkzPYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUE5MEE2QUUxNTQyQTM1M0NDQTc0OTc3RUIyQkZFMkE0
OUMxODM3NzAeFw0yNDEwMDMyMTM3MjJaFw0yNTEwMDIyMTQyMjJaMDMxMTAvBgNV
BAMTKDlBRTJBQTA0ODJFQ0VFMDA0NTlDMTU5NTI4NzAzMkRFNUU1OUIzNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGoKNdk/HkE+0eqkAZSK2WON50
BGaWNeKXUfGj+4hyVwDNMFO3qmKUXsu/+qXP2tPOj4ujMdaTI03WxFzC2RqZBZlo
BiadLAvSFliDkaUVyrDio0s+Bw2Sda61VmkD7ZUX77rcVLjByJMnBH0U/l811sQx
63k5j4gmLumZETz+LBNXvujER7dzOl9oHTT7sKGFq44w7nperayKCziW2SoxpP7Y
VHvh+6r3MBEl4ZbVtS6llt8N5RHi8tCtLLYboIKVRnY/R4PnNVSmtGq5g1CopgaF
QWJ9jupjjYqC4lYmCxKf0nmFRAEGYJULeO/rimfggIb2zkIGyHbogAKxbifbAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUmuKqBILs7gBFnBWVKHAy3l5Zs0IwHwYDVR0j
BBgwFoAUGpCmrhVCo1PMp0l36yv+KknBg3cwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDA2MzMzYzYtOTQ2ZC00YjBiLTk1ZWYtZGFiYTI2MmE0
MmUxLzEvMUE5MEE2QUUxNTQyQTM1M0NDQTc0OTc3RUIyQkZFMkE0OUMxODM3Ny5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84NGQ1MTgxMC0xOTg3LTQ3
MDEtOGYxZi04NDI1MTExOTY0ZjQvMC8xQTkwQTZBRTE1NDJBMzUzQ0NBNzQ5NzdF
QjJCRkUyQTQ5QzE4Mzc3LmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9kMDYzMzNjNi05NDZkLTRiMGItOTVlZi1kYWJhMjYyYTQyZTEvMS8zMjYxMzA2
NjNhMzgzNTYzMzEzYTM3NjYzNTNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEz
NTM3MzYzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoPhcEH9TANBgkqhkiG9w0BAQsFAAOCAQEAKotp
aoprQPqfVtVH/vTNoq0nuV3ipl9asl1j8B5D4nsblhYZhVYMRW2cOqb+Cc8sKDZs
EfMYTqHtkSgTYDDFntAVLWLqUqCHExpn3xCbd/tpHO2QyWsehocYO6iyigpG3FdA
MN2wd/Az8nKWBdC2Yc/QbUzLQe7lCMzr3QwqFiC3tP5J8/S9HRtSZt5v98cw6D4I
D9fXOzErbTLxW4Hh+RpZCl3d5WsgJYNdeQQ5sq9vLTlIZpxcK0Ho4NRF/ueZXiYw
OnsUHkxUDER5RJdfzuyDgBzKhYa0UY81vf8Pxk8848ivFpDmLC+13Cf+qjkF13OK
B9iCIMrIL9VqFXY9Sg==
-----END CERTIFICATE-----
Generated at Wed Oct 30 09:57:42 2024 by rpki-client on console-fra.rpki-client.org