Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a313a3a2f34382d3438203d3e20323032333539.roa
File:                     326131313a663263303a313a3a2f34382d3438203d3e20323032333539.roa (raw, json)
Hash identifier:          bS4Fpu3hbdQ8e7onVK49fc+8yhCBuUupLZTwlqy8z7o=
Subject key identifier:   7A:B6:EF:E2:E4:C7:88:49:57:31:4D:B3:5A:C5:17:87:FF:10:D6:B7
Certificate issuer:       /CN=0839a93dab544c296ffa143456844a8b2818b1d0
Certificate serial:       1664686B463BFA40C511C83A7B790F2FF433FCB3
Authority key identifier: 08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a313a3a2f34382d3438203d3e20323032333539.roa
Signing time:             Sun 30 Jun 2024 12:15:19 +0000
ROA not before:           Sun 30 Jun 2024 12:10:19 +0000
ROA not after:            Sun 29 Jun 2025 12:15:19 +0000
asID:                     202359
IP address blocks:        2a11:f2c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:64:68:6b:46:3b:fa:40:c5:11:c8:3a:7b:79:0f:2f:f4:33:fc:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0839a93dab544c296ffa143456844a8b2818b1d0
        Validity
            Not Before: Jun 30 12:10:19 2024 GMT
            Not After : Jun 29 12:15:19 2025 GMT
        Subject: CN=7AB6EFE2E4C7884957314DB35AC51787FF10D6B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f2:94:9f:7e:df:ae:f9:76:d6:4e:d9:38:f0:
                    da:aa:44:8a:29:df:8b:d8:c0:a0:a5:f5:7a:6d:fe:
                    7e:4a:52:c2:aa:cf:4c:1c:e4:e7:e8:71:76:97:4e:
                    59:a5:7a:8a:df:40:b3:1c:ac:db:f0:22:84:b8:95:
                    d7:4c:9e:4e:d5:be:74:3c:cd:c5:42:df:d5:53:fc:
                    07:c4:95:b6:7e:8e:65:eb:6e:3f:b4:6f:db:c4:cb:
                    28:10:70:fe:fa:42:d7:aa:02:0a:dd:40:4e:21:66:
                    9d:1d:f0:55:55:0c:d8:12:c8:da:ad:f8:7e:2c:ab:
                    25:e1:49:de:40:ad:db:ed:79:31:1c:74:02:f9:3f:
                    6a:2c:be:c8:1a:d0:a0:fb:c0:c4:65:e1:f6:b8:bb:
                    0d:a9:22:9f:66:41:07:7a:4e:97:17:5f:a7:e1:37:
                    f8:3d:81:f0:46:ac:0d:46:41:7e:63:19:15:b0:49:
                    64:ed:04:b4:6e:a8:64:db:96:42:d2:3f:bf:8c:78:
                    f8:41:38:49:95:a0:0e:95:3d:56:7c:d1:33:b3:a8:
                    b3:70:be:8b:da:57:56:56:45:ca:49:7a:78:a6:50:
                    20:8d:e8:e7:80:4a:8c:7b:ac:90:f5:7a:cc:b1:b8:
                    62:30:bb:45:19:76:5d:2e:1b:ae:03:d7:4e:b1:5c:
                    71:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B6:EF:E2:E4:C7:88:49:57:31:4D:B3:5A:C5:17:87:FF:10:D6:B7
            X509v3 Authority Key Identifier:
                keyid:08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a313a3a2f34382d3438203d3e20323032333539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f2c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:0a:3d:8a:fd:58:87:b4:9c:9c:c9:75:b9:f1:03:65:f8:7d:
         6d:3d:3f:15:1e:45:52:dc:c0:ff:51:28:9e:a8:66:50:00:1b:
         0f:03:de:0d:34:91:56:51:85:1a:e3:e1:56:89:e7:1a:f5:00:
         4b:8b:29:6f:48:f1:ed:ab:46:7f:d9:24:0c:9a:68:88:c1:e3:
         51:48:51:d7:1f:a3:4f:ac:12:19:df:b0:8e:00:00:de:0f:69:
         d1:2b:fb:5a:ec:84:15:2e:e8:ea:e4:0c:69:07:32:55:8c:78:
         40:da:f1:12:ca:18:19:88:a9:8d:41:bf:4e:18:fd:16:4c:5e:
         f2:c6:56:35:c0:ef:b7:a2:99:a3:d8:ee:73:9a:65:77:35:12:
         fd:4d:29:36:f8:f1:4c:3d:7f:03:ae:20:ab:b9:56:94:12:f0:
         de:81:5a:0b:79:8c:a5:85:e2:62:8a:65:a8:1a:4a:71:b3:89:
         34:0f:37:f1:26:f4:43:f1:9f:5b:db:b9:3a:69:f6:71:58:9d:
         04:e2:16:70:24:84:91:c9:74:52:3a:1a:aa:c2:59:58:bf:23:
         3b:93:f4:21:ab:2f:b5:62:b2:a0:a5:34:64:b9:c2:85:23:56:
         d8:2a:3f:7d:14:6b:ab:e4:5f:53:cb:d6:16:d1:06:6f:d3:bd:
         78:d8:09:eb
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUFmRoa0Y7+kDFEcg6e3kPL/Qz/LMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDgzOWE5M2RhYjU0NGMyOTZmZmExNDM0NTY4NDRhOGIy
ODE4YjFkMDAeFw0yNDA2MzAxMjEwMTlaFw0yNTA2MjkxMjE1MTlaMDMxMTAvBgNV
BAMTKDdBQjZFRkUyRTRDNzg4NDk1NzMxNERCMzVBQzUxNzg3RkYxMEQ2QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi8pSfft+u+XbWTtk48NqqRIop
34vYwKCl9Xpt/n5KUsKqz0wc5OfocXaXTlmleorfQLMcrNvwIoS4lddMnk7VvnQ8
zcVC39VT/AfElbZ+jmXrbj+0b9vEyygQcP76QteqAgrdQE4hZp0d8FVVDNgSyNqt
+H4sqyXhSd5ArdvteTEcdAL5P2osvsga0KD7wMRl4fa4uw2pIp9mQQd6TpcXX6fh
N/g9gfBGrA1GQX5jGRWwSWTtBLRuqGTblkLSP7+MePhBOEmVoA6VPVZ80TOzqLNw
vovaV1ZWRcpJenimUCCN6OeASox7rJD1esyxuGIwu0UZdl0uG64D106xXHGjAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUerbv4uTHiElXMU2zWsUXh/8Q1rcwHwYDVR0j
BBgwFoAUCDmpPatUTClv+hQ0VoRKiygYsdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGRlODM3ZmItNjM5MC00MWI1LTgyYTAtZjBkMDJjMDNh
MmM2LzcvMDgzOUE5M0RBQjU0NEMyOTZGRkExNDM0NTY4NDRBOEIyODE4QjFEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NEbXBQYXRVVENsdi1oUTBWb1JLaXln
WXNkQS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGRlODM3ZmIt
NjM5MC00MWI1LTgyYTAtZjBkMDJjMDNhMmM2LzcvMzI2MTMxMzEzYTY2MzI2MzMw
M2EzMTNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAzMjMzMzUzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACoR8sAAATANBgkqhkiG9w0BAQsFAAOCAQEAIAo9iv1Yh7ScnMl1ufEDZfh9
bT0/FR5FUtzA/1EonqhmUAAbDwPeDTSRVlGFGuPhVonnGvUAS4spb0jx7atGf9kk
DJpoiMHjUUhR1x+jT6wSGd+wjgAA3g9p0Sv7WuyEFS7o6uQMaQcyVYx4QNrxEsoY
GYipjUG/Thj9Fkxe8sZWNcDvt6KZo9juc5pldzUS/U0pNvjxTD1/A64gq7lWlBLw
3oFaC3mMpYXiYoplqBpKcbOJNA838Sb0Q/GfW9u5Omn2cVidBOIWcCSEkcl0Ujoa
qsJZWL8jO5P0IasvtWKyoKU0ZLnChSNW2Co/fRRrq+RfU8vWFtEGb9O9eNgJ6w==
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:13:28 2024 by rpki-client on console-ams.rpki-client.org