Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/323630323a663936643a3130303a3a2f34382d313238203d3e203437323732.roa
File:                     323630323a663936643a3130303a3a2f34382d313238203d3e203437323732.roa (raw, json)
Hash identifier:          9dSgTJisj64Kx3CoXcRrHswiodKSMeSqpqAta7tppZQ=
Subject key identifier:   9E:3D:06:60:96:60:8A:AB:01:65:61:4F:6D:45:EF:68:99:27:6E:47
Certificate issuer:       /CN=f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7
Certificate serial:       3D000AA4602BB37CA61C53775A07FF3EB3FE0D39
Authority key identifier: 24:F5:DA:48:C3:AF:BC:A0:FF:D9:21:54:7E:F0:9F:77:6A:F8:A2:EA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/323630323a663936643a3130303a3a2f34382d313238203d3e203437323732.roa
Signing time:             Fri 07 Feb 2025 11:41:24 +0000
ROA not before:           Fri 07 Feb 2025 11:36:24 +0000
ROA not after:            Fri 06 Feb 2026 11:41:24 +0000
asID:                     47272
IP address blocks:        2602:f96d:100::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/24F5DA48C3AFBCA0FFD921547EF09F776AF8A2EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/24F5DA48C3AFBCA0FFD921547EF09F776AF8A2EA.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/02c7706b-3baf-42cb-bdf7-782b036252b3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/02c7706b-3baf-42cb-bdf7-782b036252b3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Apr 2025 18:14:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:00:0a:a4:60:2b:b3:7c:a6:1c:53:77:5a:07:ff:3e:b3:fe:0d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7
        Validity
            Not Before: Feb  7 11:36:24 2025 GMT
            Not After : Feb  6 11:41:24 2026 GMT
        Subject: CN=9E3D066096608AAB0165614F6D45EF6899276E47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fb:ba:fc:e2:45:4b:ee:5f:61:e2:57:6b:23:
                    08:b9:40:1c:4d:e3:a3:ff:9c:e5:66:81:34:94:c5:
                    fe:e7:ff:cf:79:48:3e:24:44:f5:5b:3d:e6:3e:31:
                    40:b4:61:c2:16:29:7d:f7:86:de:65:b1:4f:3e:52:
                    da:35:bb:75:53:fa:58:81:89:62:d0:ce:c3:ca:b6:
                    60:05:10:38:bd:46:d8:c2:4c:af:7b:d8:86:f0:9e:
                    37:d4:06:b7:a9:21:86:d0:0d:dd:40:9f:5b:4b:9c:
                    ab:ec:c7:43:53:97:4a:c2:da:52:33:2d:fa:88:11:
                    76:91:26:68:bd:c9:eb:99:50:eb:0f:aa:e3:a7:15:
                    a3:f2:45:9a:ea:d0:e1:c2:ed:77:b7:d1:9c:30:22:
                    bd:d8:50:d8:42:8a:09:61:58:c3:71:77:59:f8:3a:
                    47:2c:1b:dc:e1:db:16:4a:f5:e7:1c:c4:af:a7:54:
                    fd:8b:ff:46:4c:0e:e8:e3:ba:c8:58:d5:34:47:fe:
                    9b:c1:b9:0d:ba:96:20:db:c6:cd:35:02:cd:b5:b9:
                    73:eb:ba:07:ad:63:24:f3:2f:13:35:fc:10:f4:a4:
                    44:85:d4:13:61:84:2d:a9:00:18:37:92:c0:5a:ec:
                    b3:5f:ff:ff:4e:82:92:83:02:f8:42:ea:36:8b:8f:
                    cc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:3D:06:60:96:60:8A:AB:01:65:61:4F:6D:45:EF:68:99:27:6E:47
            X509v3 Authority Key Identifier:
                keyid:24:F5:DA:48:C3:AF:BC:A0:FF:D9:21:54:7E:F0:9F:77:6A:F8:A2:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/24F5DA48C3AFBCA0FFD921547EF09F776AF8A2EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/323630323a663936643a3130303a3a2f34382d313238203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f96d:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:d9:ba:1e:b2:40:71:bc:0e:ba:2b:57:e4:fc:ee:7f:b3:78:
         47:c8:35:60:12:a2:99:79:79:17:1c:38:8a:a8:47:7d:25:e3:
         40:7b:3b:39:13:44:dd:3c:be:62:81:f8:39:6a:dc:50:d6:a6:
         69:43:75:7c:ff:53:2c:3f:06:a6:6b:f3:24:cb:d9:30:aa:0c:
         dc:6e:17:36:ac:50:74:82:89:18:99:2d:bd:f3:d1:6a:6b:c3:
         1f:86:17:72:c3:f7:06:b0:ac:93:e4:12:74:8e:16:c3:95:0f:
         fd:bc:fd:7f:60:68:f5:6e:e5:dd:40:50:25:93:d3:fe:ec:b0:
         96:f8:79:9b:e2:21:11:2f:3d:cf:ca:31:27:45:b2:01:e3:c6:
         1c:23:bb:af:37:e0:70:e6:2b:db:2c:08:86:43:c0:b1:f7:98:
         d0:52:77:bf:82:5e:22:57:c9:1c:2b:99:97:8e:97:5b:b9:3d:
         b2:ce:a1:73:97:f2:a5:31:90:55:e2:bc:4f:2c:a2:fe:62:3e:
         31:11:19:96:b5:f5:59:3a:52:eb:0d:b7:e1:6c:85:40:d9:95:
         12:74:a5:3e:88:ae:9e:43:8f:2f:88:8b:b8:d0:25:6b:bf:75:
         81:33:32:10:55:dd:f4:30:f5:4c:c0:c6:f5:f6:8a:9e:c2:b7:
         e7:64:80:b5
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgIUPQAKpGArs3ymHFN3Wgf/PrP+DTkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZjQ0YzgyZGFiYTllY2E3NDZiMGQwMGY1ZWMxYzcwOTQ1
NGJlNjEyNTY2MWI5MmJkYTcwHhcNMjUwMjA3MTEzNjI0WhcNMjYwMjA2MTE0MTI0
WjAzMTEwLwYDVQQDEyg5RTNEMDY2MDk2NjA4QUFCMDE2NTYxNEY2RDQ1RUY2ODk5
Mjc2RTQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvu6/OJFS+5f
YeJXayMIuUAcTeOj/5zlZoE0lMX+5//PeUg+JET1Wz3mPjFAtGHCFil994beZbFP
PlLaNbt1U/pYgYli0M7DyrZgBRA4vUbYwkyve9iG8J431Aa3qSGG0A3dQJ9bS5yr
7MdDU5dKwtpSMy36iBF2kSZovcnrmVDrD6rjpxWj8kWa6tDhwu13t9GcMCK92FDY
QooJYVjDcXdZ+DpHLBvc4dsWSvXnHMSvp1T9i/9GTA7o47rIWNU0R/6bwbkNupYg
28bNNQLNtblz67oHrWMk8y8TNfwQ9KREhdQTYYQtqQAYN5LAWuyzX///ToKSgwL4
Quo2i4/MGwIDAQABo4IC2DCCAtQwHQYDVR0OBBYEFJ49BmCWYIqrAWVhT21F72iZ
J25HMB8GA1UdIwQYMBaAFCT12kjDr7yg/9khVH7wn3dq+KLqMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2Y3OTQ4NzM4LTMyNTUtNDlmOS05YjZj
LTljOWYzODk4OTk1ZC8xLzI0RjVEQTQ4QzNBRkJDQTBGRkQ5MjE1NDdFRjA5Rjc3
NkFGOEEyRUEuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC8wMmM3NzA2Yi0zYmFmLTQyY2ItYmRmNy03
ODJiMDM2MjUyYjMvZjQ0YzgyZGFiYTllY2E3NDZiMGQwMGY1ZWMxYzcwOTQ1NGJl
NjEyNTY2MWI5MmJkYTcuY2VyMIG1BggrBgEFBQcBCwSBqDCBpTCBogYIKwYBBQUH
MAuGgZVyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2Y3OTQ4NzM4LTMyNTUtNDlmOS05YjZjLTljOWYzODk4OTk1ZC8xLzMyMzYzMDMy
M2E2NjM5MzY2NDNhMzEzMDMwM2EzYTJmMzQzODJkMzEzMjM4MjAzZDNlMjAzNDM3
MzIzNzMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAJgL5bQEAMA0GCSqGSIb3DQEBCwUAA4IBAQAO2boe
skBxvA66K1fk/O5/s3hHyDVgEqKZeXkXHDiKqEd9JeNAezs5E0TdPL5igfg5atxQ
1qZpQ3V8/1MsPwama/Mky9kwqgzcbhc2rFB0gokYmS2989Fqa8Mfhhdyw/cGsKyT
5BJ0jhbDlQ/9vP1/YGj1buXdQFAlk9P+7LCW+Hmb4iERLz3PyjEnRbIB48YcI7uv
N+Bw5ivbLAiGQ8Cx95jQUne/gl4iV8kcK5mXjpdbuT2yzqFzl/KlMZBV4rxPLKL+
Yj4xERmWtfVZOlLrDbfhbIVA2ZUSdKU+iK6eQ48viIu40CVrv3WBMzIQVd30MPVM
wMb19oqewrfnZIC1
-----END CERTIFICATE-----