Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/df49d7f7-bb3f-4187-be29-59ef2d89039a/0/323030313a3637383a6362303a3a2f34382d3438203d3e20323034393331.roa
File:                     323030313a3637383a6362303a3a2f34382d3438203d3e20323034393331.roa (raw, json)
Hash identifier:          nR48aVSXVSZvCd3jlcODIB7um6yNk/WjtYd9EtNwPFs=
Subject key identifier:   2A:FE:57:7B:16:F2:0B:E5:B8:9F:09:68:F4:84:57:C9:0E:A0:DA:EE
Certificate issuer:       /CN=547bc28c92a229a5ac78c0de287d89ce37726409
Certificate serial:       31AF401DEAAF73A79933E5C163C582985ACAA1A2
Authority key identifier: 54:7B:C2:8C:92:A2:29:A5:AC:78:C0:DE:28:7D:89:CE:37:72:64:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VHvCjJKiKaWseMDeKH2JzjdyZAk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/df49d7f7-bb3f-4187-be29-59ef2d89039a/0/323030313a3637383a6362303a3a2f34382d3438203d3e20323034393331.roa
Signing time:             Mon 19 Aug 2024 16:06:41 +0000
ROA not before:           Mon 19 Aug 2024 16:01:41 +0000
ROA not after:            Mon 18 Aug 2025 16:06:41 +0000
asID:                     204931
IP address blocks:        2001:678:cb0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/df49d7f7-bb3f-4187-be29-59ef2d89039a/0/547BC28C92A229A5AC78C0DE287D89CE37726409.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/df49d7f7-bb3f-4187-be29-59ef2d89039a/0/547BC28C92A229A5AC78C0DE287D89CE37726409.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VHvCjJKiKaWseMDeKH2JzjdyZAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Nov 2024 15:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:af:40:1d:ea:af:73:a7:99:33:e5:c1:63:c5:82:98:5a:ca:a1:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=547bc28c92a229a5ac78c0de287d89ce37726409
        Validity
            Not Before: Aug 19 16:01:41 2024 GMT
            Not After : Aug 18 16:06:41 2025 GMT
        Subject: CN=2AFE577B16F20BE5B89F0968F48457C90EA0DAEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a6:1c:06:3c:b7:35:3a:6d:62:7d:4d:15:3b:
                    7f:c7:cf:f7:21:c4:3e:6b:72:3b:ad:9f:c0:b0:1f:
                    e3:70:a5:6b:77:2a:b8:97:c9:7b:eb:a7:2b:44:ba:
                    eb:b6:3b:12:72:7c:6b:11:6c:c0:b9:72:af:c1:ab:
                    9f:75:d8:2d:c4:37:06:d8:cf:20:fd:4c:3d:24:da:
                    11:13:0d:b5:df:b2:3e:d4:05:72:4e:5b:b7:15:14:
                    58:5d:d8:0f:c3:c6:bd:fe:e9:21:f8:62:5d:ee:19:
                    9c:a5:cb:73:ef:72:dd:c9:38:15:42:58:83:14:7f:
                    a0:85:c9:e5:56:fb:6b:4c:81:ee:5b:2b:d1:ca:d3:
                    a5:d6:2e:27:0e:e3:8b:60:27:74:73:71:48:a9:91:
                    45:ca:e5:e2:88:e5:e4:e2:76:c9:ea:8c:53:ec:87:
                    65:e2:e1:47:a4:1d:43:bd:c6:fa:ab:85:64:60:52:
                    63:94:8c:e5:40:ad:58:be:40:4d:5c:44:43:a9:fd:
                    fb:1c:5f:04:25:05:05:86:28:c3:72:58:2e:c4:50:
                    9e:d4:90:6c:d1:9c:c2:95:ef:e9:55:d8:26:07:f0:
                    76:d7:fe:e3:ca:24:8e:24:c6:33:30:26:a4:7c:17:
                    43:79:10:be:0d:39:89:c3:fd:33:af:b5:54:d6:b3:
                    ba:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FE:57:7B:16:F2:0B:E5:B8:9F:09:68:F4:84:57:C9:0E:A0:DA:EE
            X509v3 Authority Key Identifier:
                keyid:54:7B:C2:8C:92:A2:29:A5:AC:78:C0:DE:28:7D:89:CE:37:72:64:09

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/df49d7f7-bb3f-4187-be29-59ef2d89039a/0/547BC28C92A229A5AC78C0DE287D89CE37726409.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VHvCjJKiKaWseMDeKH2JzjdyZAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/df49d7f7-bb3f-4187-be29-59ef2d89039a/0/323030313a3637383a6362303a3a2f34382d3438203d3e20323034393331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:cb0::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:85:b2:24:28:88:23:30:1d:41:aa:35:ec:02:2f:bc:06:07:
         db:2f:11:db:c9:3b:dd:aa:f2:56:cf:a0:72:bc:e6:82:dc:61:
         2e:79:a2:8a:33:9c:a3:03:fa:2e:79:0e:96:87:02:ac:70:b9:
         3e:e2:8e:aa:c4:c6:0f:49:de:cc:87:90:a8:98:80:f9:af:b9:
         58:2a:8b:29:ed:7b:48:82:d8:a0:f0:ed:90:8d:9d:5b:27:41:
         3c:28:d1:a9:3d:d8:f9:65:ae:2f:83:27:dc:d4:bf:df:3b:60:
         06:a2:14:26:62:bd:38:cd:e5:ee:cd:65:f1:f2:80:8e:10:9d:
         a8:cb:9e:bc:23:0e:5a:77:e8:0b:18:01:ef:16:9d:5f:64:67:
         9b:0c:bb:e2:64:cf:74:ae:09:24:4f:85:57:97:bd:2a:08:bc:
         5e:dc:3b:bb:0b:83:89:44:19:00:34:77:bc:8c:81:97:16:e0:
         83:2d:16:ee:50:10:a0:8b:e7:9a:3a:9f:d7:4c:13:6a:4b:43:
         8c:08:11:c4:9a:cd:1f:b7:93:54:7f:82:57:17:5b:cc:d8:45:
         9e:11:94:7e:4b:25:21:45:c6:7c:f0:5b:0e:d6:50:2c:7b:3b:
         70:29:5d:99:ff:7e:dd:aa:f6:33:0e:03:d9:80:bc:8b:ed:bd:
         fb:e1:2c:c6
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUMa9AHeqvc6eZM+XBY8WCmFrKoaIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTQ3YmMyOGM5MmEyMjlhNWFjNzhjMGRlMjg3ZDg5Y2Uz
NzcyNjQwOTAeFw0yNDA4MTkxNjAxNDFaFw0yNTA4MTgxNjA2NDFaMDMxMTAvBgNV
BAMTKDJBRkU1NzdCMTZGMjBCRTVCODlGMDk2OEY0ODQ1N0M5MEVBMERBRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3phwGPLc1Om1ifU0VO3/Hz/ch
xD5rcjutn8CwH+NwpWt3KriXyXvrpytEuuu2OxJyfGsRbMC5cq/Bq5912C3ENwbY
zyD9TD0k2hETDbXfsj7UBXJOW7cVFFhd2A/Dxr3+6SH4Yl3uGZyly3Pvct3JOBVC
WIMUf6CFyeVW+2tMge5bK9HK06XWLicO44tgJ3RzcUipkUXK5eKI5eTidsnqjFPs
h2Xi4UekHUO9xvqrhWRgUmOUjOVArVi+QE1cREOp/fscXwQlBQWGKMNyWC7EUJ7U
kGzRnMKV7+lV2CYH8HbX/uPKJI4kxjMwJqR8F0N5EL4NOYnD/TOvtVTWs7o9AgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUKv5XexbyC+W4nwlo9IRXyQ6g2u4wHwYDVR0j
BBgwFoAUVHvCjJKiKaWseMDeKH2JzjdyZAkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGY0OWQ3ZjctYmIzZi00MTg3LWJlMjktNTllZjJkODkw
MzlhLzAvNTQ3QkMyOEM5MkEyMjlBNUFDNzhDMERFMjg3RDg5Q0UzNzcyNjQwOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1ZIdkNqSktpS2FXc2VNRGVLSDJKempk
eVpBay5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGY0OWQ3Zjct
YmIzZi00MTg3LWJlMjktNTllZjJkODkwMzlhLzAvMzIzMDMwMzEzYTM2MzczODNh
NjM2MjMwM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMDM0MzkzMzMxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEGeAywMA0GCSqGSIb3DQEBCwUAA4IBAQCUhbIkKIgjMB1BqjXsAi+8
BgfbLxHbyTvdqvJWz6ByvOaC3GEueaKKM5yjA/oueQ6WhwKscLk+4o6qxMYPSd7M
h5ComID5r7lYKosp7XtIgtig8O2QjZ1bJ0E8KNGpPdj5Za4vgyfc1L/fO2AGohQm
Yr04zeXuzWXx8oCOEJ2oy568Iw5ad+gLGAHvFp1fZGebDLviZM90rgkkT4VXl70q
CLxe3Du7C4OJRBkANHe8jIGXFuCDLRbuUBCgi+eaOp/XTBNqS0OMCBHEms0ft5NU
f4JXF1vM2EWeEZR+SyUhRcZ88FsO1lAseztwKV2Z/37dqvYzDgPZgLyL7b374SzG
-----END CERTIFICATE-----
Generated at Thu Nov 21 00:11:00 2024 by rpki-client on console-ams.rpki-client.org