Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/323630323a663961323a32303a3a2f34382d3438203d3e203436373636.roa
File:                     323630323a663961323a32303a3a2f34382d3438203d3e203436373636.roa (raw, json)
Hash identifier:          LOHxn0RgwORnxWPoX7PgNpofW2yqHK4ri4vHvhFnLZQ=
Subject key identifier:   85:44:28:A4:88:55:07:38:B6:7D:A8:0F:D6:FB:1D:F9:72:A9:CE:3F
Certificate issuer:       /CN=89d4f40fed1166159109937674aef0279ad039550feccf8d61
Certificate serial:       27D23B992639D403C40D7E3C6CDCB472758C1B5E
Authority key identifier: 24:72:94:9B:3C:23:49:30:DB:E9:9B:1B:5C:D5:19:6A:B1:6D:15:1B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/89d4f40fed1166159109937674aef0279ad039550feccf8d61.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/323630323a663961323a32303a3a2f34382d3438203d3e203436373636.roa
Signing time:             Sun 11 May 2025 23:10:16 +0000
ROA not before:           Sun 11 May 2025 23:05:16 +0000
ROA not after:            Sun 10 May 2026 23:10:16 +0000
asID:                     46766
IP address blocks:        2602:f9a2:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/2472949B3C234930DBE99B1B5CD5196AB16D151B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/2472949B3C234930DBE99B1B5CD5196AB16D151B.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/89d4f40fed1166159109937674aef0279ad039550feccf8d61.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/3d9879da-145f-4f21-a7c3-da6b59a01625.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/3d9879da-145f-4f21-a7c3-da6b59a01625.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:25:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:d2:3b:99:26:39:d4:03:c4:0d:7e:3c:6c:dc:b4:72:75:8c:1b:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89d4f40fed1166159109937674aef0279ad039550feccf8d61
        Validity
            Not Before: May 11 23:05:16 2025 GMT
            Not After : May 10 23:10:16 2026 GMT
        Subject: CN=854428A488550738B67DA80FD6FB1DF972A9CE3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ea:77:92:c8:9a:22:ff:26:1c:d6:5d:c3:70:
                    09:63:e5:89:d1:ae:9d:da:26:17:5c:cb:8e:63:17:
                    6d:42:38:35:0f:6b:59:a1:b7:0f:ef:fd:2a:08:0c:
                    94:fa:78:8b:37:e6:7b:d8:ee:09:db:a1:35:ad:94:
                    9e:f6:2a:0a:73:70:b0:ed:0e:f5:49:f8:b4:f6:33:
                    44:21:ce:96:e1:f1:6a:33:d1:05:94:cc:5b:6c:4e:
                    b2:48:7e:70:de:00:29:9c:d7:2a:8d:87:2f:30:e7:
                    6d:2e:16:21:26:e8:83:9a:a4:c1:67:4f:84:fd:e4:
                    06:8e:59:57:56:0d:73:3c:fa:74:e8:4b:01:a2:07:
                    d6:d6:0b:db:85:82:24:cf:fb:9a:d3:cc:7b:00:b5:
                    32:7e:a0:fb:8f:bf:68:18:4a:2d:9c:1c:81:53:f2:
                    67:16:d2:3d:38:5c:a9:f8:aa:15:46:46:37:de:14:
                    99:10:35:d8:6b:a7:2c:6a:03:da:c8:a2:8c:75:f1:
                    01:c1:1a:73:11:70:fc:15:e4:8f:a0:64:20:1f:88:
                    a4:9d:99:ee:38:e6:76:0e:04:44:19:df:0b:4c:40:
                    ee:c9:e4:c1:17:1a:54:83:bc:5e:c9:6c:4b:5d:81:
                    63:06:c1:d4:d0:dc:a4:c8:d1:93:33:93:bf:e9:d9:
                    3c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:44:28:A4:88:55:07:38:B6:7D:A8:0F:D6:FB:1D:F9:72:A9:CE:3F
            X509v3 Authority Key Identifier:
                keyid:24:72:94:9B:3C:23:49:30:DB:E9:9B:1B:5C:D5:19:6A:B1:6D:15:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/2472949B3C234930DBE99B1B5CD5196AB16D151B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/89d4f40fed1166159109937674aef0279ad039550feccf8d61.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/323630323a663961323a32303a3a2f34382d3438203d3e203436373636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f9a2:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:06:c7:9c:93:9b:87:91:5b:12:91:0d:c1:dd:24:18:8c:b9:
         e9:97:46:c0:d6:00:36:ef:8c:c9:a9:4d:4a:de:51:d8:0b:10:
         5f:30:43:1d:58:cf:57:40:78:27:89:8f:60:84:16:0a:cf:e1:
         d0:46:a8:27:e5:43:7e:6e:f2:8d:46:47:45:4d:fd:10:6d:f9:
         d4:a5:b7:02:9f:0a:0c:47:4c:bd:46:45:db:fc:61:bc:1c:7d:
         ec:6b:93:2d:9e:47:19:1a:dc:e3:9c:62:d6:2a:df:43:04:79:
         bd:48:2e:b2:75:bf:c9:ff:be:65:d7:55:8e:ce:d9:f1:ff:aa:
         6d:15:26:74:19:dc:99:96:bc:e8:83:79:71:53:b7:86:24:91:
         16:41:f5:3b:ef:78:b1:79:7f:20:0f:59:98:4a:0c:5d:a5:7e:
         39:5f:81:6d:94:6e:1a:de:f4:94:d9:55:9f:4f:7a:6d:77:bd:
         e2:8d:6e:b8:18:96:b2:ff:c2:ec:ad:3b:13:47:47:38:b7:d9:
         82:49:7a:60:55:99:02:d7:78:0d:fa:e8:80:6a:0a:c8:05:b1:
         fa:26:33:1b:82:64:ff:19:8d:6b:9f:a1:da:76:39:71:ac:4f:
         d3:00:29:2e:b6:24:f8:07:88:89:05:16:4f:49:f1:c5:69:0c:
         9f:77:49:c4
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgIUJ9I7mSY51APEDX48bNy0cnWMG14wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODlkNGY0MGZlZDExNjYxNTkxMDk5Mzc2NzRhZWYwMjc5
YWQwMzk1NTBmZWNjZjhkNjEwHhcNMjUwNTExMjMwNTE2WhcNMjYwNTEwMjMxMDE2
WjAzMTEwLwYDVQQDEyg4NTQ0MjhBNDg4NTUwNzM4QjY3REE4MEZENkZCMURGOTcy
QTlDRTNGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOp3ksiaIv8m
HNZdw3AJY+WJ0a6d2iYXXMuOYxdtQjg1D2tZobcP7/0qCAyU+niLN+Z72O4J26E1
rZSe9ioKc3Cw7Q71Sfi09jNEIc6W4fFqM9EFlMxbbE6ySH5w3gApnNcqjYcvMOdt
LhYhJuiDmqTBZ0+E/eQGjllXVg1zPPp06EsBogfW1gvbhYIkz/ua08x7ALUyfqD7
j79oGEotnByBU/JnFtI9OFyp+KoVRkY33hSZEDXYa6csagPayKKMdfEBwRpzEXD8
FeSPoGQgH4iknZnuOOZ2DgREGd8LTEDuyeTBFxpUg7xeyWxLXYFjBsHU0NykyNGT
M5O/6dk8gwIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFIVEKKSIVQc4tn2oD9b7Hfly
qc4/MB8GA1UdIwQYMBaAFCRylJs8I0kw2+mbG1zVGWqxbRUbMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2RlN2Q1NWY3LWVlNjAtNDAwNS1iYWQ3
LWI0MjgxOGNmNTBlOC82LzI0NzI5NDlCM0MyMzQ5MzBEQkU5OUIxQjVDRDUxOTZB
QjE2RDE1MUIuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC8zZDk4NzlkYS0xNDVmLTRmMjEtYTdjMy1k
YTZiNTlhMDE2MjUvODlkNGY0MGZlZDExNjYxNTkxMDk5Mzc2NzRhZWYwMjc5YWQw
Mzk1NTBmZWNjZjhkNjEuY2VyMIGxBggrBgEFBQcBCwSBpDCBoTCBngYIKwYBBQUH
MAuGgZFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2RlN2Q1NWY3LWVlNjAtNDAwNS1iYWQ3LWI0MjgxOGNmNTBlOC82LzMyMzYzMDMy
M2E2NjM5NjEzMjNhMzIzMDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDM0MzYzNzM2
MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAmAvmiACAwDQYJKoZIhvcNAQELBQADggEBAHMGx5yTm4eR
WxKRDcHdJBiMuemXRsDWADbvjMmpTUreUdgLEF8wQx1Yz1dAeCeJj2CEFgrP4dBG
qCflQ35u8o1GR0VN/RBt+dSltwKfCgxHTL1GRdv8Ybwcfexrky2eRxka3OOcYtYq
30MEeb1ILrJ1v8n/vmXXVY7O2fH/qm0VJnQZ3JmWvOiDeXFTt4YkkRZB9TvveLF5
fyAPWZhKDF2lfjlfgW2Ubhre9JTZVZ9Pem13veKNbrgYlrL/wuytOxNHRzi32YJJ
emBVmQLXeA366IBqCsgFsfomMxuCZP8ZjWufodp2OXGsT9MAKS62JPgHiIkFFk9J
8cVpDJ93ScQ=
-----END CERTIFICATE-----