Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3766363a3a2f34382d3438203d3e20323135323432.roa
File:                     326130663a383563313a3766363a3a2f34382d3438203d3e20323135323432.roa (raw, json)
Hash identifier:          s8PXZ6xun7QdEzluX2KYTIUVTeLEFzlJ1flicK9iKH8=
Subject key identifier:   F3:BF:B5:52:2E:8F:2F:BF:1F:59:18:AB:CD:7A:77:22:72:E7:11:31
Certificate issuer:       /CN=1A90A6AE1542A353CCA74977EB2BFE2A49C18377
Certificate serial:       740D2F9B11A0F61EF92B68BDD5ECCEB30A6F6EAF
Authority key identifier: 1A:90:A6:AE:15:42:A3:53:CC:A7:49:77:EB:2B:FE:2A:49:C1:83:77
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3766363a3a2f34382d3438203d3e20323135323432.roa
Signing time:             Wed 30 Oct 2024 08:29:50 +0000
ROA not before:           Wed 30 Oct 2024 08:24:50 +0000
ROA not after:            Wed 29 Oct 2025 08:29:50 +0000
asID:                     215242
IP address blocks:        2a0f:85c1:7f6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Oct 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:0d:2f:9b:11:a0:f6:1e:f9:2b:68:bd:d5:ec:ce:b3:0a:6f:6e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1A90A6AE1542A353CCA74977EB2BFE2A49C18377
        Validity
            Not Before: Oct 30 08:24:50 2024 GMT
            Not After : Oct 29 08:29:50 2025 GMT
        Subject: CN=F3BFB5522E8F2FBF1F5918ABCD7A772272E71131
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:2e:9c:ec:55:4b:3b:17:37:c0:0e:5f:89:b8:
                    ba:04:45:d5:5b:b1:96:2c:e9:85:88:56:3c:db:a5:
                    89:e3:1b:6e:cc:02:1d:01:19:60:c5:4f:e5:4c:7e:
                    0b:0c:91:c8:a2:6b:18:cf:a2:73:82:55:c9:d8:e1:
                    50:37:14:c2:d1:dc:60:53:ec:96:d4:a4:72:dd:59:
                    2e:bd:cb:6f:19:d9:83:67:1e:04:b1:7a:9c:b2:b4:
                    c6:2d:cb:5d:da:aa:39:16:25:f7:c5:f3:8e:f8:71:
                    7b:0b:6f:e3:59:50:2d:e7:23:c2:87:a3:ef:92:81:
                    37:0c:36:96:ac:cc:ad:fd:10:f5:54:86:8c:1d:00:
                    2c:15:a5:a4:18:60:9f:60:9b:b8:0a:13:32:3f:68:
                    cd:fa:04:aa:49:1d:a0:16:12:ef:35:c4:8a:e4:d0:
                    17:9c:ac:4c:e5:38:a4:09:94:11:35:ec:3a:e2:20:
                    ad:a8:f1:46:bf:08:6b:1c:92:cb:33:ff:72:e4:fa:
                    9d:18:a1:db:94:fa:21:5b:88:53:bf:a1:28:7b:52:
                    9f:d9:8e:a1:aa:d9:88:79:16:e4:f8:30:f2:6f:37:
                    24:f9:dc:d8:bd:d9:fe:13:93:3f:c2:ee:9c:88:48:
                    e6:25:ff:37:5f:1c:a9:d5:9d:80:ca:64:d4:1f:1e:
                    2e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:BF:B5:52:2E:8F:2F:BF:1F:59:18:AB:CD:7A:77:22:72:E7:11:31
            X509v3 Authority Key Identifier:
                keyid:1A:90:A6:AE:15:42:A3:53:CC:A7:49:77:EB:2B:FE:2A:49:C1:83:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/1A90A6AE1542A353CCA74977EB2BFE2A49C18377.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d06333c6-946d-4b0b-95ef-daba262a42e1/1/326130663a383563313a3766363a3a2f34382d3438203d3e20323135323432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:7f6::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:8f:80:b7:91:71:2b:13:06:de:a5:c9:da:9b:e3:57:f4:5a:
         28:7b:b3:4a:1f:e1:88:bc:54:7e:0a:18:c1:98:f1:3c:89:68:
         c1:cc:ff:76:42:c8:e3:80:26:88:40:ad:60:3a:36:a8:77:f1:
         0a:4e:ff:b4:22:ed:f9:6a:ff:8c:df:19:8b:9d:c8:c7:fe:90:
         48:14:c1:3a:e6:6e:a9:15:1f:94:c9:60:a4:d8:1e:da:0e:f6:
         a7:c6:98:34:cb:d4:a9:f6:07:93:81:d8:cd:9f:cb:8d:47:ac:
         79:a7:38:cc:4f:c6:1a:f6:e7:34:a0:d6:ce:0c:eb:62:d8:27:
         c9:03:9e:a9:10:d0:b0:34:e6:ef:9b:7a:cc:f9:9a:5a:82:0f:
         b6:cc:4f:2e:da:c4:70:43:86:8b:f5:d3:90:d2:ac:b1:25:83:
         b1:6b:27:dd:73:fd:a1:e9:93:79:8f:47:1a:4d:2f:69:6f:81:
         3c:f6:0e:99:79:c4:18:40:40:16:1f:7f:e9:85:fb:34:06:dd:
         ec:81:5e:89:a5:9c:37:a6:89:09:53:0f:96:e1:d6:7c:8d:c5:
         67:4e:98:ff:ab:1f:59:a9:68:9e:fe:9d:9f:13:8d:b7:6f:b9:
         ed:96:6d:c2:f2:fd:34:0c:b4:84:4d:08:e6:8a:83:63:a4:e7:
         f1:e0:3a:24
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUdA0vmxGg9h75K2i91ezOswpvbq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUE5MEE2QUUxNTQyQTM1M0NDQTc0OTc3RUIyQkZFMkE0
OUMxODM3NzAeFw0yNDEwMzAwODI0NTBaFw0yNTEwMjkwODI5NTBaMDMxMTAvBgNV
BAMTKEYzQkZCNTUyMkU4RjJGQkYxRjU5MThBQkNEN0E3NzIyNzJFNzExMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3LpzsVUs7FzfADl+JuLoERdVb
sZYs6YWIVjzbpYnjG27MAh0BGWDFT+VMfgsMkciiaxjPonOCVcnY4VA3FMLR3GBT
7JbUpHLdWS69y28Z2YNnHgSxepyytMYty13aqjkWJffF8474cXsLb+NZUC3nI8KH
o++SgTcMNpaszK39EPVUhowdACwVpaQYYJ9gm7gKEzI/aM36BKpJHaAWEu81xIrk
0BecrEzlOKQJlBE17DriIK2o8Ua/CGsckssz/3Lk+p0YoduU+iFbiFO/oSh7Up/Z
jqGq2Yh5FuT4MPJvNyT53Ni92f4Tkz/C7pyISOYl/zdfHKnVnYDKZNQfHi7DAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQU87+1Ui6PL78fWRirzXp3InLnETEwHwYDVR0j
BBgwFoAUGpCmrhVCo1PMp0l36yv+KknBg3cwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDA2MzMzYzYtOTQ2ZC00YjBiLTk1ZWYtZGFiYTI2MmE0
MmUxLzEvMUE5MEE2QUUxNTQyQTM1M0NDQTc0OTc3RUIyQkZFMkE0OUMxODM3Ny5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84NGQ1MTgxMC0xOTg3LTQ3
MDEtOGYxZi04NDI1MTExOTY0ZjQvMC8xQTkwQTZBRTE1NDJBMzUzQ0NBNzQ5NzdF
QjJCRkUyQTQ5QzE4Mzc3LmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9kMDYzMzNjNi05NDZkLTRiMGItOTVlZi1kYWJhMjYyYTQyZTEvMS8zMjYxMzA2
NjNhMzgzNTYzMzEzYTM3NjYzNjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEz
NTMyMzQzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoPhcEH9jANBgkqhkiG9w0BAQsFAAOCAQEAKo+A
t5FxKxMG3qXJ2pvjV/RaKHuzSh/hiLxUfgoYwZjxPIlowcz/dkLI44AmiECtYDo2
qHfxCk7/tCLt+Wr/jN8Zi53Ix/6QSBTBOuZuqRUflMlgpNge2g72p8aYNMvUqfYH
k4HYzZ/LjUeseac4zE/GGvbnNKDWzgzrYtgnyQOeqRDQsDTm75t6zPmaWoIPtsxP
LtrEcEOGi/XTkNKssSWDsWsn3XP9oemTeY9HGk0vaW+BPPYOmXnEGEBAFh9/6YX7
NAbd7IFeiaWcN6aJCVMPluHWfI3FZ06Y/6sfWalonv6dnxONt2+57ZZtwvL9NAy0
hE0I5oqDY6Tn8eA6JA==
-----END CERTIFICATE-----
Generated at Wed Oct 30 09:57:42 2024 by rpki-client on console-fra.rpki-client.org