Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a343a3a2f34382d3438203d3e20323032333539.roa
File:                     326131313a663263303a343a3a2f34382d3438203d3e20323032333539.roa (raw, json)
Hash identifier:          m5GEHdXN3yiinPuJC+6LCcoY4h99wwIXTI4tuQOJ7ro=
Subject key identifier:   5F:F1:24:1D:D6:A3:C7:DD:08:DD:76:15:51:E9:1F:7E:4E:E8:B1:A5
Certificate issuer:       /CN=0839a93dab544c296ffa143456844a8b2818b1d0
Certificate serial:       1897BD44B7026837AA255E1574D722367B2689E4
Authority key identifier: 08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a343a3a2f34382d3438203d3e20323032333539.roa
Signing time:             Mon 15 Jul 2024 13:33:42 +0000
ROA not before:           Mon 15 Jul 2024 13:28:42 +0000
ROA not after:            Mon 14 Jul 2025 13:33:42 +0000
asID:                     202359
IP address blocks:        2a11:f2c0:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:97:bd:44:b7:02:68:37:aa:25:5e:15:74:d7:22:36:7b:26:89:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0839a93dab544c296ffa143456844a8b2818b1d0
        Validity
            Not Before: Jul 15 13:28:42 2024 GMT
            Not After : Jul 14 13:33:42 2025 GMT
        Subject: CN=5FF1241DD6A3C7DD08DD761551E91F7E4EE8B1A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:1e:a7:c8:82:9e:28:d5:84:f5:91:58:d9:64:
                    e6:bd:64:c8:19:d9:4e:28:bf:3c:93:3e:59:bd:59:
                    ae:65:94:39:e3:f7:24:e1:82:19:24:7a:e7:a7:1d:
                    78:00:ce:d1:91:62:6a:8f:33:a9:b8:58:91:d8:77:
                    41:ad:d8:b4:40:45:3a:f9:35:83:48:d0:a7:c2:9f:
                    3c:38:2f:fe:5d:39:91:95:aa:e8:80:c4:2a:ce:91:
                    24:04:dc:e6:89:c9:24:2c:d9:93:50:83:be:52:1a:
                    15:d8:ce:b7:e6:66:19:8e:eb:fa:9f:3d:f6:a4:d4:
                    66:a5:13:96:e0:67:9a:10:18:e8:d5:42:bd:a6:51:
                    2c:ec:35:2d:84:09:3a:cc:8d:b8:49:34:c7:04:16:
                    e1:56:1a:f1:71:94:d5:9d:71:b8:f1:da:b4:ef:35:
                    3a:ea:8b:6f:10:26:a1:25:b6:50:96:89:4c:3d:cd:
                    4e:87:03:70:e8:7e:01:ac:5d:c2:1c:c9:68:29:18:
                    d5:c7:a1:42:4a:dc:74:b1:31:fb:fd:09:e0:af:fe:
                    3c:39:7b:79:1c:3c:84:8e:c8:e9:a2:fc:25:bb:07:
                    d1:30:e5:8c:b7:84:0b:bd:49:df:4b:77:5e:a4:39:
                    4a:d2:be:07:f5:72:99:91:b0:58:d7:7a:aa:6e:93:
                    7a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:F1:24:1D:D6:A3:C7:DD:08:DD:76:15:51:E9:1F:7E:4E:E8:B1:A5
            X509v3 Authority Key Identifier:
                keyid:08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a343a3a2f34382d3438203d3e20323032333539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f2c0:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:32:34:2a:cd:92:a7:af:d7:a2:bb:a1:c0:73:ad:ba:c9:61:
         e7:ed:cb:85:3c:d0:24:ea:c6:6b:1a:59:46:8a:f2:bd:c8:89:
         58:02:49:81:c3:58:6e:ca:b8:84:29:1d:94:a6:5b:9c:87:af:
         5f:ce:57:28:d6:d4:f7:a4:a1:a3:c9:9e:2a:0b:ce:e8:5f:f8:
         3b:1b:36:96:05:56:86:bd:69:9e:43:2e:1e:ca:88:c6:d3:4f:
         99:d8:af:15:0b:03:91:ec:d2:72:70:01:ac:84:c6:76:2d:34:
         ae:7c:d8:fe:b2:c8:94:fd:bf:f7:32:a0:27:3b:87:20:ba:6d:
         32:d2:1d:8d:d6:0a:f8:26:0c:e8:45:5f:4b:02:21:20:30:c3:
         9d:31:a7:f7:00:42:14:d8:b4:c0:7b:49:de:a5:c3:f9:4e:25:
         31:0c:2a:7a:9f:98:42:9d:e2:21:c0:dd:c4:cb:d9:52:bf:67:
         d0:74:2b:5e:6d:ef:39:06:3b:9f:cb:67:91:63:8c:48:4f:37:
         ae:9d:59:67:06:ac:85:0e:c9:16:95:fb:d1:6a:2d:8e:27:7b:
         2c:b8:2e:4f:7b:80:bc:c3:d2:2c:88:c0:ba:ce:b8:ca:76:32:
         c7:47:b2:d9:93:9c:9a:15:ff:f7:9f:29:be:8e:a0:d8:86:51:
         60:66:dc:6b
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUGJe9RLcCaDeqJV4VdNciNnsmieQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDgzOWE5M2RhYjU0NGMyOTZmZmExNDM0NTY4NDRhOGIy
ODE4YjFkMDAeFw0yNDA3MTUxMzI4NDJaFw0yNTA3MTQxMzMzNDJaMDMxMTAvBgNV
BAMTKDVGRjEyNDFERDZBM0M3REQwOERENzYxNTUxRTkxRjdFNEVFOEIxQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtHqfIgp4o1YT1kVjZZOa9ZMgZ
2U4ovzyTPlm9Wa5llDnj9yThghkkeuenHXgAztGRYmqPM6m4WJHYd0Gt2LRARTr5
NYNI0KfCnzw4L/5dOZGVquiAxCrOkSQE3OaJySQs2ZNQg75SGhXYzrfmZhmO6/qf
Pfak1GalE5bgZ5oQGOjVQr2mUSzsNS2ECTrMjbhJNMcEFuFWGvFxlNWdcbjx2rTv
NTrqi28QJqEltlCWiUw9zU6HA3DofgGsXcIcyWgpGNXHoUJK3HSxMfv9CeCv/jw5
e3kcPISOyOmi/CW7B9Ew5Yy3hAu9Sd9Ld16kOUrSvgf1cpmRsFjXeqpuk3qdAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUX/EkHdajx90I3XYVUekffk7osaUwHwYDVR0j
BBgwFoAUCDmpPatUTClv+hQ0VoRKiygYsdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGRlODM3ZmItNjM5MC00MWI1LTgyYTAtZjBkMDJjMDNh
MmM2LzcvMDgzOUE5M0RBQjU0NEMyOTZGRkExNDM0NTY4NDRBOEIyODE4QjFEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NEbXBQYXRVVENsdi1oUTBWb1JLaXln
WXNkQS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGRlODM3ZmIt
NjM5MC00MWI1LTgyYTAtZjBkMDJjMDNhMmM2LzcvMzI2MTMxMzEzYTY2MzI2MzMw
M2EzNDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAzMjMzMzUzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACoR8sAABDANBgkqhkiG9w0BAQsFAAOCAQEADjI0Ks2Sp6/XoruhwHOtuslh
5+3LhTzQJOrGaxpZRoryvciJWAJJgcNYbsq4hCkdlKZbnIevX85XKNbU96Sho8me
KgvO6F/4Oxs2lgVWhr1pnkMuHsqIxtNPmdivFQsDkezScnABrITGdi00rnzY/rLI
lP2/9zKgJzuHILptMtIdjdYK+CYM6EVfSwIhIDDDnTGn9wBCFNi0wHtJ3qXD+U4l
MQwqep+YQp3iIcDdxMvZUr9n0HQrXm3vOQY7n8tnkWOMSE83rp1ZZwashQ7JFpX7
0Wotjid7LLguT3uAvMPSLIjAus64ynYyx0ey2ZOcmhX/958pvo6g2IZRYGbcaw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:13:28 2024 by rpki-client on console-ams.rpki-client.org