Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/326130313a3666303a3a2f33322d3332203d3e203432333636.roa
File:                     326130313a3666303a3a2f33322d3332203d3e203432333636.roa (raw, json)
Hash identifier:          j/QNWPkL52BHQi7aulpNXm0v/GH1PUFyaKFRhwN6h7I=
Subject key identifier:   18:28:B9:76:42:D0:2B:9B:77:82:A2:F6:18:32:F8:A4:C4:97:77:21
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       38B9D9DE66DC40A3ECBE193732C81D1A35F30D13
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/326130313a3666303a3a2f33322d3332203d3e203432333636.roa
Signing time:             Mon 26 Feb 2024 08:53:09 +0000
ROA not before:           Mon 26 Feb 2024 08:48:09 +0000
ROA not after:            Mon 24 Feb 2025 08:53:09 +0000
asID:                     42366
IP address blocks:        2a01:6f0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:b9:d9:de:66:dc:40:a3:ec:be:19:37:32:c8:1d:1a:35:f3:0d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:09 2024 GMT
            Not After : Feb 24 08:53:09 2025 GMT
        Subject: CN=1828B97642D02B9B7782A2F61832F8A4C4977721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5a:9a:8c:7e:6b:ae:7a:71:1c:f0:06:37:fd:
                    57:c5:3f:3a:bb:86:60:7b:6e:42:3a:3d:34:ad:29:
                    44:23:a8:13:fe:76:3e:da:06:3b:b9:76:1f:09:b3:
                    88:8b:73:b4:75:30:1e:63:d2:54:52:52:05:94:a9:
                    5d:6e:0c:fb:30:1b:c0:5f:1c:17:97:ce:5e:d4:f4:
                    cc:c1:22:72:55:d0:b0:30:65:88:f6:34:38:3b:47:
                    d8:7a:96:ee:9d:8e:e1:a4:8e:6f:5e:5f:be:8c:b2:
                    4f:7c:18:42:62:be:e4:12:1e:49:4d:a1:8c:21:73:
                    25:7c:b1:31:66:c0:b1:a4:42:08:49:e1:e4:11:d9:
                    e9:72:30:31:94:2e:d4:a7:ba:ae:5d:8f:97:62:fd:
                    42:f7:cb:66:9f:33:3e:cc:6b:a9:49:97:ef:89:a9:
                    93:75:8c:2f:26:cc:c4:82:c3:82:f9:05:bc:55:5c:
                    2a:37:14:9a:e3:7e:aa:a1:58:64:34:a4:07:2b:0a:
                    aa:8c:6d:6e:39:a0:f3:6c:89:9d:94:aa:90:26:79:
                    6d:7b:8d:69:a2:c4:fe:07:27:e7:cc:88:b2:7c:b9:
                    1f:df:ec:13:2b:07:b7:15:99:a0:21:c7:64:8a:51:
                    c6:ab:33:cb:fd:69:53:90:d7:08:ae:97:97:72:2a:
                    0b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:28:B9:76:42:D0:2B:9B:77:82:A2:F6:18:32:F8:A4:C4:97:77:21
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/326130313a3666303a3a2f33322d3332203d3e203432333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:6f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:33:8b:8c:67:7b:1c:23:c7:6e:f9:d7:bc:6e:e0:33:10:fa:
         25:05:86:60:59:51:d5:e6:7e:79:1a:55:03:14:d8:c3:1f:21:
         a0:9f:41:95:8b:94:fc:b5:ec:b4:42:4b:fa:00:17:a1:2c:75:
         3d:e1:83:6d:48:08:b5:90:d1:8c:e1:9b:ba:fa:7e:94:b2:95:
         3b:c1:bc:04:22:5a:8d:07:ad:38:17:32:7e:d1:b6:97:72:e1:
         bc:2c:2b:06:43:33:98:4f:77:d3:b5:69:84:63:dc:a7:37:59:
         42:0e:6b:20:23:f8:c4:99:79:48:5f:a5:74:17:6d:29:52:b0:
         59:84:8c:38:23:4a:d6:e8:9d:46:e5:68:03:02:44:8d:3b:3e:
         56:08:81:67:4d:47:b5:3b:3f:f6:41:10:9a:5d:96:bf:07:8c:
         9a:78:d1:03:97:28:07:da:8e:b7:ec:79:6b:e2:dc:c9:95:55:
         9f:1b:36:26:08:f9:63:fd:da:11:e7:9a:87:20:25:c3:a3:eb:
         c8:59:23:7f:44:6b:f0:1d:b1:74:b1:3d:54:e5:34:52:ce:b9:
         c2:bf:52:26:81:82:23:dc:43:d4:ce:b1:21:7b:11:fd:85:ca:
         c9:ff:e8:75:79:11:f4:2e:69:57:1b:4a:60:ca:19:b6:f5:02:
         c5:15:9f:14
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUOLnZ3mbcQKPsvhk3MsgdGjXzDRMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDlaFw0yNTAyMjQwODUzMDlaMDMxMTAvBgNV
BAMTKDE4MjhCOTc2NDJEMDJCOUI3NzgyQTJGNjE4MzJGOEE0QzQ5Nzc3MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzWpqMfmuuenEc8AY3/VfFPzq7
hmB7bkI6PTStKUQjqBP+dj7aBju5dh8Js4iLc7R1MB5j0lRSUgWUqV1uDPswG8Bf
HBeXzl7U9MzBInJV0LAwZYj2NDg7R9h6lu6djuGkjm9eX76Msk98GEJivuQSHklN
oYwhcyV8sTFmwLGkQghJ4eQR2elyMDGULtSnuq5dj5di/UL3y2afMz7Ma6lJl++J
qZN1jC8mzMSCw4L5BbxVXCo3FJrjfqqhWGQ0pAcrCqqMbW45oPNsiZ2UqpAmeW17
jWmixP4HJ+fMiLJ8uR/f7BMrB7cVmaAhx2SKUcarM8v9aVOQ1wiul5dyKgu5AgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUGCi5dkLQK5t3gqL2GDL4pMSXdyEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzI2MTMwMzEzYTM2NjYzMDNh
M2EyZjMzMzIyZDMzMzIyMDNkM2UyMDM0MzIzMzM2MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqAQbw
MA0GCSqGSIb3DQEBCwUAA4IBAQB7M4uMZ3scI8du+de8buAzEPolBYZgWVHV5n55
GlUDFNjDHyGgn0GVi5T8tey0Qkv6ABehLHU94YNtSAi1kNGM4Zu6+n6UspU7wbwE
IlqNB604FzJ+0baXcuG8LCsGQzOYT3fTtWmEY9ynN1lCDmsgI/jEmXlIX6V0F20p
UrBZhIw4I0rW6J1G5WgDAkSNOz5WCIFnTUe1Oz/2QRCaXZa/B4yaeNEDlygH2o63
7Hlr4tzJlVWfGzYmCPlj/doR55qHICXDo+vIWSN/RGvwHbF0sT1U5TRSzrnCv1Im
gYIj3EPUzrEhexH9hcrJ/+h1eRH0LmlXG0pgyhm29QLFFZ8U
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:29:14 2024 by rpki-client on console-ams.rpki-client.org