Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a323a3a2f34382d3438203d3e20323032333539.roa
File:                     326131313a663263303a323a3a2f34382d3438203d3e20323032333539.roa (raw, json)
Hash identifier:          tdaL9ZuWkIim9ViTmKycIsnbQW9ewRVnmxMa8ECjutw=
Subject key identifier:   69:2E:EC:A3:C3:DD:60:BA:6D:97:D1:61:21:89:DA:48:36:26:28:94
Certificate issuer:       /CN=0839a93dab544c296ffa143456844a8b2818b1d0
Certificate serial:       36CFCB3C76BFF574A0AA69FAE0729907E4E58210
Authority key identifier: 08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a323a3a2f34382d3438203d3e20323032333539.roa
Signing time:             Sun 30 Jun 2024 12:15:18 +0000
ROA not before:           Sun 30 Jun 2024 12:10:18 +0000
ROA not after:            Sun 29 Jun 2025 12:15:18 +0000
asID:                     202359
IP address blocks:        2a11:f2c0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:cf:cb:3c:76:bf:f5:74:a0:aa:69:fa:e0:72:99:07:e4:e5:82:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0839a93dab544c296ffa143456844a8b2818b1d0
        Validity
            Not Before: Jun 30 12:10:18 2024 GMT
            Not After : Jun 29 12:15:18 2025 GMT
        Subject: CN=692EECA3C3DD60BA6D97D1612189DA4836262894
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5c:d0:ab:ae:3a:56:e8:40:1b:8a:7f:c1:18:
                    23:b0:9b:5e:41:0d:47:84:00:55:36:51:87:a1:5e:
                    78:7a:e4:a4:43:85:6a:5c:07:da:95:9d:ab:32:ec:
                    8d:83:a2:c2:a0:80:ac:7d:95:31:7d:f4:b3:1c:da:
                    93:86:04:09:33:0f:61:37:08:3a:5c:9d:55:54:d7:
                    f1:55:72:15:eb:bf:ed:59:34:2f:0e:7b:f6:bb:84:
                    47:df:31:65:d5:e6:07:55:15:0c:b1:67:bc:35:dd:
                    51:37:ab:64:c5:be:da:90:5b:d6:eb:9a:5a:92:0b:
                    14:8a:5b:19:b8:f3:ae:72:5c:83:90:db:0f:0b:8d:
                    22:ab:5c:e4:f3:83:74:dc:2a:fd:22:ca:ad:d5:fe:
                    61:3a:e1:45:e2:10:b9:73:91:e6:56:77:f0:8b:65:
                    96:ce:ee:f9:2c:50:88:56:ee:7b:15:29:6c:7a:0f:
                    33:c6:21:36:08:2d:0a:5a:f5:9d:fd:93:b1:20:6b:
                    f9:e7:20:79:b0:d8:e5:99:4b:82:a0:de:5b:b3:a2:
                    81:ea:55:ed:cd:86:d7:b5:31:2f:a8:a6:86:2b:de:
                    2b:dd:95:73:86:d6:21:e2:2c:bb:b0:dd:78:fc:48:
                    a0:a1:c6:0d:36:55:69:69:8b:03:6d:6c:c6:bf:0f:
                    04:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:2E:EC:A3:C3:DD:60:BA:6D:97:D1:61:21:89:DA:48:36:26:28:94
            X509v3 Authority Key Identifier:
                keyid:08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a323a3a2f34382d3438203d3e20323032333539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f2c0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:07:1d:8b:9c:38:9c:22:10:07:5f:4b:a5:eb:e8:8a:34:c1:
         9a:cf:58:4d:2d:b4:82:be:15:da:bb:37:86:2c:58:a1:98:df:
         34:3f:87:ce:e2:cd:e4:c2:82:4b:0d:55:7e:af:ac:4d:7b:dc:
         d1:57:e7:fb:66:78:97:11:14:c5:3a:66:e4:84:e2:d5:b5:e6:
         61:33:c9:ba:e8:9f:e6:46:4c:ef:b3:a5:5a:a0:51:da:9b:b5:
         ec:3d:e6:d9:8f:38:5e:cb:fa:76:7f:24:1e:94:9a:61:ce:31:
         54:3c:1c:10:e3:ab:41:ec:68:0f:7f:65:a7:40:2c:1c:50:dc:
         56:5d:ac:66:fa:66:ea:26:1d:4a:34:85:2b:e4:e2:95:e5:4c:
         b8:a5:b7:bf:49:cf:00:d3:1e:51:49:5d:5c:bd:11:2f:3d:74:
         d7:f4:10:e6:ca:4e:da:43:67:85:48:3a:48:7d:de:b7:e9:bb:
         1e:63:7b:5a:43:88:05:2c:bd:48:51:05:8d:9a:5d:20:83:78:
         d2:dc:11:cb:49:89:7c:a2:b4:4c:5c:40:e2:2c:4a:66:00:f7:
         fe:9c:f0:13:64:f1:ba:25:af:96:d7:5a:fd:8b:75:d7:11:c4:
         0b:a4:77:0e:bb:af:ac:84:e3:0d:b0:68:92:31:d3:7f:4d:6c:
         77:9f:c4:28
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUNs/LPHa/9XSgqmn64HKZB+TlghAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDgzOWE5M2RhYjU0NGMyOTZmZmExNDM0NTY4NDRhOGIy
ODE4YjFkMDAeFw0yNDA2MzAxMjEwMThaFw0yNTA2MjkxMjE1MThaMDMxMTAvBgNV
BAMTKDY5MkVFQ0EzQzNERDYwQkE2RDk3RDE2MTIxODlEQTQ4MzYyNjI4OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyXNCrrjpW6EAbin/BGCOwm15B
DUeEAFU2UYehXnh65KRDhWpcB9qVnasy7I2DosKggKx9lTF99LMc2pOGBAkzD2E3
CDpcnVVU1/FVchXrv+1ZNC8Oe/a7hEffMWXV5gdVFQyxZ7w13VE3q2TFvtqQW9br
mlqSCxSKWxm4865yXIOQ2w8LjSKrXOTzg3TcKv0iyq3V/mE64UXiELlzkeZWd/CL
ZZbO7vksUIhW7nsVKWx6DzPGITYILQpa9Z39k7Ega/nnIHmw2OWZS4Kg3luzooHq
Ve3Nhte1MS+opoYr3ivdlXOG1iHiLLuw3Xj8SKChxg02VWlpiwNtbMa/DwS7AgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUaS7so8PdYLptl9FhIYnaSDYmKJQwHwYDVR0j
BBgwFoAUCDmpPatUTClv+hQ0VoRKiygYsdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGRlODM3ZmItNjM5MC00MWI1LTgyYTAtZjBkMDJjMDNh
MmM2LzcvMDgzOUE5M0RBQjU0NEMyOTZGRkExNDM0NTY4NDRBOEIyODE4QjFEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NEbXBQYXRVVENsdi1oUTBWb1JLaXln
WXNkQS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGRlODM3ZmIt
NjM5MC00MWI1LTgyYTAtZjBkMDJjMDNhMmM2LzcvMzI2MTMxMzEzYTY2MzI2MzMw
M2EzMjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAzMjMzMzUzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACoR8sAAAjANBgkqhkiG9w0BAQsFAAOCAQEApAcdi5w4nCIQB19LpevoijTB
ms9YTS20gr4V2rs3hixYoZjfND+HzuLN5MKCSw1Vfq+sTXvc0Vfn+2Z4lxEUxTpm
5ITi1bXmYTPJuuif5kZM77OlWqBR2pu17D3m2Y84Xsv6dn8kHpSaYc4xVDwcEOOr
QexoD39lp0AsHFDcVl2sZvpm6iYdSjSFK+TileVMuKW3v0nPANMeUUldXL0RLz10
1/QQ5spO2kNnhUg6SH3et+m7HmN7WkOIBSy9SFEFjZpdIIN40twRy0mJfKK0TFxA
4ixKZgD3/pzwE2TxuiWvltda/Yt11xHEC6R3DruvrITjDbBokjHTf01sd5/EKA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:13:28 2024 by rpki-client on console-ams.rpki-client.org