Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730313a623030623a3a2f34382d3438203d3e20323132313439.roa
File:                     326131313a353730313a623030623a3a2f34382d3438203d3e20323132313439.roa (raw, json)
Hash identifier:          0SF0WfEKn6tAt+SqtI0zWos8/5DwYGM33/T6SlnO8Oc=
Subject key identifier:   E8:97:3D:78:C9:B6:85:EB:F7:B2:86:F7:2E:14:DC:76:20:C3:B5:D1
Certificate issuer:       /CN=98a87cad5b710890a9528f166f4202393824e6b8
Certificate serial:       28F8C2A9690DE9B103ECED7C67DFC712830C9354
Authority key identifier: 98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730313a623030623a3a2f34382d3438203d3e20323132313439.roa
Signing time:             Tue 27 May 2025 15:50:36 +0000
ROA not before:           Tue 27 May 2025 15:45:36 +0000
ROA not after:            Tue 26 May 2026 15:50:36 +0000
asID:                     212149
IP address blocks:        2a11:5701:b00b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 14:57:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:f8:c2:a9:69:0d:e9:b1:03:ec:ed:7c:67:df:c7:12:83:0c:93:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a87cad5b710890a9528f166f4202393824e6b8
        Validity
            Not Before: May 27 15:45:36 2025 GMT
            Not After : May 26 15:50:36 2026 GMT
        Subject: CN=E8973D78C9B685EBF7B286F72E14DC7620C3B5D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:20:56:94:69:e5:12:3e:22:34:38:59:4e:d0:
                    49:49:9f:08:84:46:4b:9f:bd:6e:bb:bf:cf:7a:e1:
                    69:93:d4:66:e1:a5:b4:ae:28:45:1f:4f:48:a2:23:
                    1e:78:54:3b:33:12:c1:41:2f:8f:f9:7d:17:31:86:
                    f6:d9:e8:66:7a:dd:a6:37:8c:cd:52:72:07:98:58:
                    68:0b:45:03:8a:bd:68:ce:8a:76:8d:5c:19:d6:8f:
                    d1:d8:12:ae:63:9a:36:25:30:79:34:b0:b1:bb:24:
                    68:cf:1b:d4:34:89:d0:3f:25:2c:e9:1d:8d:17:3b:
                    07:d9:82:31:8c:de:17:ca:db:0e:09:c2:8f:f4:10:
                    e8:c4:ab:d7:82:af:3b:f7:d6:fd:43:07:0b:e6:79:
                    d8:f0:88:53:3d:a1:49:d3:39:7a:d1:b3:d4:04:80:
                    e8:01:a6:c7:49:e9:e8:7f:9c:3c:9d:c1:51:4f:ac:
                    c3:6a:9d:39:72:75:8c:e6:4c:35:6a:59:1b:ea:5c:
                    75:54:e9:fb:b6:46:bd:f5:5c:df:4b:f2:9d:05:27:
                    cc:24:81:72:1d:3c:90:ea:90:05:ba:e9:ad:76:b3:
                    94:14:83:80:b6:0a:bb:1c:0d:55:a5:0a:51:66:ac:
                    1c:91:98:75:c2:fa:11:90:d9:f0:51:e4:d1:58:3f:
                    2d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:97:3D:78:C9:B6:85:EB:F7:B2:86:F7:2E:14:DC:76:20:C3:B5:D1
            X509v3 Authority Key Identifier:
                keyid:98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730313a623030623a3a2f34382d3438203d3e20323132313439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5701:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:1c:9b:2e:a8:e9:4c:3f:83:7c:96:24:7e:52:e1:21:1f:24:
         fc:48:20:a6:76:8d:06:bd:eb:9f:a4:bf:49:f7:51:93:ad:ac:
         a7:f6:0b:03:fb:74:ec:93:03:9d:5c:74:76:f6:bc:68:44:a9:
         fe:1c:55:1f:fb:e6:b1:58:fa:16:9b:41:83:72:66:b3:bf:18:
         6b:e1:52:dc:8c:8f:ca:c5:95:b2:9f:95:77:fd:8e:fe:33:91:
         4a:df:e0:d6:e1:20:06:e1:95:ca:c0:43:be:b3:9b:31:d1:47:
         eb:bb:df:0d:cc:1d:27:08:9e:72:28:e2:27:39:ed:95:a9:6d:
         42:2b:0a:39:d8:55:d7:07:96:3f:18:af:af:3d:d8:1c:6e:40:
         95:f2:a2:ae:8a:28:2c:5a:3b:2d:fa:83:49:26:b3:af:a6:e0:
         e3:d0:05:ed:43:a6:0b:26:ac:69:06:a2:8f:9e:c1:1b:a9:3c:
         5e:8c:20:50:c6:e2:f8:77:78:8e:8d:1a:97:cf:52:ec:00:c6:
         59:88:07:67:68:84:3a:8e:b8:6c:fa:60:8d:b7:6c:57:d4:63:
         bb:e0:fa:d3:5f:23:d4:f7:61:ec:1d:5f:a2:bc:e4:78:17:0f:
         5a:45:92:1b:73:bf:71:15:38:1a:92:d7:71:94:e1:61:8a:9d:
         73:c8:29:2c
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIUKPjCqWkN6bED7O18Z9/HEoMMk1QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOThhODdjYWQ1YjcxMDg5MGE5NTI4ZjE2NmY0MjAyMzkz
ODI0ZTZiODAeFw0yNTA1MjcxNTQ1MzZaFw0yNjA1MjYxNTUwMzZaMDMxMTAvBgNV
BAMTKEU4OTczRDc4QzlCNjg1RUJGN0IyODZGNzJFMTREQzc2MjBDM0I1RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfIFaUaeUSPiI0OFlO0ElJnwiE
RkufvW67v8964WmT1GbhpbSuKEUfT0iiIx54VDszEsFBL4/5fRcxhvbZ6GZ63aY3
jM1ScgeYWGgLRQOKvWjOinaNXBnWj9HYEq5jmjYlMHk0sLG7JGjPG9Q0idA/JSzp
HY0XOwfZgjGM3hfK2w4Jwo/0EOjEq9eCrzv31v1DBwvmedjwiFM9oUnTOXrRs9QE
gOgBpsdJ6eh/nDydwVFPrMNqnTlydYzmTDVqWRvqXHVU6fu2Rr31XN9L8p0FJ8wk
gXIdPJDqkAW66a12s5QUg4C2CrscDVWlClFmrByRmHXC+hGQ2fBR5NFYPy27AgMB
AAGjggJKMIICRjAdBgNVHQ4EFgQU6Jc9eMm2hev3sob3LhTcdiDDtdEwHwYDVR0j
BBgwFoAUmKh8rVtxCJCpUo8Wb0ICOTgk5rgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUtNGIxYS00NmVhLTljOTUtNGFmMTI5NjRh
NDlkLzAvOThBODdDQUQ1QjcxMDg5MEE5NTI4RjE2NkY0MjAyMzkzODI0RTZCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL21LaDhyVnR4Q0pDcFVvOFdiMElDT1Rn
azVyZy5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUt
NGIxYS00NmVhLTljOTUtNGFmMTI5NjRhNDlkLzAvMzI2MTMxMzEzYTM1MzczMDMx
M2E2MjMwMzA2MjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEzMjMxMzQzOS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACoRVwGwCzANBgkqhkiG9w0BAQsFAAOCAQEAWBybLqjpTD+DfJYk
flLhIR8k/EggpnaNBr3rn6S/SfdRk62sp/YLA/t07JMDnVx0dva8aESp/hxVH/vm
sVj6FptBg3Jms78Ya+FS3IyPysWVsp+Vd/2O/jORSt/g1uEgBuGVysBDvrObMdFH
67vfDcwdJwiecijiJzntlaltQisKOdhV1weWPxivrz3YHG5AlfKiroooLFo7LfqD
SSazr6bg49AF7UOmCyasaQaij57BG6k8XowgUMbi+Hd4jo0al89S7ADGWYgHZ2iE
Oo64bPpgjbdsV9Rju+D6018j1Pdh7B1forzkeBcPWkWSG3O/cRU4GpLXcZThYYqd
c8gpLA==
-----END CERTIFICATE-----
Generated at Wed Jun 4 21:58:05 2025 by rpki-client