Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/326130643a623238373a656363303a3a2f34322d3432203d3e20323135363634.roa
File:                     326130643a623238373a656363303a3a2f34322d3432203d3e20323135363634.roa (raw, json)
Hash identifier:          rHhBb1bMQectXohqdqgX13X6ENYXH/z7I15ReI0F4QU=
Subject key identifier:   C9:D0:F0:81:DC:B7:D5:A3:CF:5C:1B:48:03:D3:71:79:0F:29:02:14
Certificate issuer:       /CN=88cdd9c193da9185a4ac15b2ade875fe97b6f491
Certificate serial:       4283C17C5FE1F749F7944E8041693DFCFA7165
Authority key identifier: 88:CD:D9:C1:93:DA:91:85:A4:AC:15:B2:AD:E8:75:FE:97:B6:F4:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/326130643a623238373a656363303a3a2f34322d3432203d3e20323135363634.roa
Signing time:             Thu 24 Jul 2025 16:39:45 +0000
ROA not before:           Thu 24 Jul 2025 16:34:45 +0000
ROA not after:            Thu 23 Jul 2026 16:39:45 +0000
asID:                     215664
IP address blocks:        2a0d:b287:ecc0::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:48:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:83:c1:7c:5f:e1:f7:49:f7:94:4e:80:41:69:3d:fc:fa:71:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88cdd9c193da9185a4ac15b2ade875fe97b6f491
        Validity
            Not Before: Jul 24 16:34:45 2025 GMT
            Not After : Jul 23 16:39:45 2026 GMT
        Subject: CN=C9D0F081DCB7D5A3CF5C1B4803D371790F290214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7b:95:1f:8e:43:f7:11:81:88:3a:41:10:e6:
                    49:91:3a:29:06:23:08:3f:e7:c2:5e:22:f1:57:8a:
                    af:40:96:4c:ab:6e:92:da:3a:70:03:55:21:63:79:
                    cb:be:97:9a:de:bb:15:28:d3:22:80:53:e6:97:39:
                    54:f9:ae:66:e6:7e:31:85:ab:a6:df:83:8d:7d:6c:
                    14:4b:c1:de:cd:8a:13:6a:f5:6f:d8:0c:e6:13:13:
                    52:d3:d4:73:dd:03:50:e7:30:d1:68:17:02:5e:33:
                    63:d7:1f:f5:fd:de:0c:cc:b5:9f:ae:c5:76:d1:f1:
                    f4:16:74:b5:fc:14:89:43:f7:52:74:e0:70:b2:dc:
                    5d:5a:e2:90:b1:84:de:b9:19:ad:af:c8:45:2a:0d:
                    a7:14:59:14:c4:6a:ef:97:c6:f8:12:78:a2:97:34:
                    cd:9a:c6:02:72:57:06:cf:b3:3f:8d:33:e5:c0:f3:
                    d7:20:5b:de:7b:46:8c:f1:92:ea:c3:88:16:dd:7f:
                    51:6f:94:04:45:a2:9d:9a:29:e7:4d:54:3c:10:69:
                    6f:b0:b6:62:c9:07:78:27:65:57:d1:50:20:1e:af:
                    3d:5f:88:f0:51:cc:8e:76:94:40:f0:b7:7e:0d:d6:
                    2f:19:07:06:f3:69:43:64:64:a3:c3:6a:fd:83:b5:
                    df:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D0:F0:81:DC:B7:D5:A3:CF:5C:1B:48:03:D3:71:79:0F:29:02:14
            X509v3 Authority Key Identifier:
                keyid:88:CD:D9:C1:93:DA:91:85:A4:AC:15:B2:AD:E8:75:FE:97:B6:F4:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/326130643a623238373a656363303a3a2f34322d3432203d3e20323135363634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b287:ecc0::/42

    Signature Algorithm: sha256WithRSAEncryption
         5e:79:df:3f:63:58:f2:78:8c:e5:25:42:22:fd:fb:2d:80:95:
         9f:db:83:b1:c9:c5:bd:3e:83:85:77:22:e4:31:58:34:cb:06:
         37:06:f1:d9:9b:38:c6:3d:88:0c:35:a4:bc:71:76:a2:bc:3d:
         38:6c:33:53:58:8a:85:6d:ed:06:d5:72:dd:c5:f3:43:73:f4:
         cf:6a:9a:97:0a:3e:4d:81:31:2e:2a:7e:40:db:f1:5f:4e:d4:
         4e:c5:68:c9:eb:96:63:be:31:07:d4:41:66:ab:49:da:7a:96:
         c9:98:d5:b1:63:d2:34:d4:4b:0e:2f:2f:6f:05:27:1b:d7:89:
         f3:28:6b:bf:26:2e:79:aa:6a:d9:7e:97:7b:9d:eb:f3:e7:d3:
         49:50:8b:b5:cd:9b:81:92:af:a3:20:d4:dc:f7:b2:a0:29:50:
         29:3f:86:0a:7e:c3:33:5a:9d:3d:f3:ed:2f:77:de:35:c3:85:
         1c:46:ca:dd:60:f6:6c:c3:8c:e5:a9:be:bc:0e:70:7c:a2:48:
         5c:bd:08:09:7b:2f:c9:da:81:e1:ca:d9:61:ec:74:d5:a3:a6:
         17:3c:a8:8b:74:26:66:ee:ef:5e:99:f8:9b:16:70:c2:0d:d7:
         6c:f8:36:ca:94:c6:27:6c:bf:4d:91:1e:d6:8f:94:73:59:97:
         e3:d4:38:e8
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgITQoPBfF/h90n3lE6AQWk9/PpxZTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg4OGNkZDljMTkzZGE5MTg1YTRhYzE1YjJhZGU4NzVmZTk3
YjZmNDkxMB4XDTI1MDcyNDE2MzQ0NVoXDTI2MDcyMzE2Mzk0NVowMzExMC8GA1UE
AxMoQzlEMEYwODFEQ0I3RDVBM0NGNUMxQjQ4MDNEMzcxNzkwRjI5MDIxNDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALx7lR+OQ/cRgYg6QRDmSZE6KQYj
CD/nwl4i8VeKr0CWTKtukto6cANVIWN5y76Xmt67FSjTIoBT5pc5VPmuZuZ+MYWr
pt+DjX1sFEvB3s2KE2r1b9gM5hMTUtPUc90DUOcw0WgXAl4zY9cf9f3eDMy1n67F
dtHx9BZ0tfwUiUP3UnTgcLLcXVrikLGE3rkZra/IRSoNpxRZFMRq75fG+BJ4opc0
zZrGAnJXBs+zP40z5cDz1yBb3ntGjPGS6sOIFt1/UW+UBEWinZop501UPBBpb7C2
YskHeCdlV9FQIB6vPV+I8FHMjnaUQPC3fg3WLxkHBvNpQ2Rko8Nq/YO13yMCAwEA
AaOCAkowggJGMB0GA1UdDgQWBBTJ0PCB3LfVo89cG0gD03F5DykCFDAfBgNVHSME
GDAWgBSIzdnBk9qRhaSsFbKt6HX+l7b0kTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9lNmFmZjIzNC02MWM1LTQyOTAtOGE2ZC01ZjJiOTAyNzMy
MmYvMC84OENERDlDMTkzREE5MTg1QTRBQzE1QjJBREU4NzVGRTk3QjZGNDkxLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaU0zWndaUGFrWVdrckJXeXJlaDFfcGUy
OUpFLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUFBzALhoGXcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9lNmFmZjIzNC02
MWM1LTQyOTAtOGE2ZC01ZjJiOTAyNzMyMmYvMC8zMjYxMzA2NDNhNjIzMjM4Mzcz
YTY1NjM2MzMwM2EzYTJmMzQzMjJkMzQzMjIwM2QzZTIwMzIzMTM1MzYzNjM0LnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcGKg2yh+zAMA0GCSqGSIb3DQEBCwUAA4IBAQBeed8/Y1jyeIzlJUIi
/fstgJWf24OxycW9PoOFdyLkMVg0ywY3BvHZmzjGPYgMNaS8cXaivD04bDNTWIqF
be0G1XLdxfNDc/TPapqXCj5NgTEuKn5A2/FfTtROxWjJ65ZjvjEH1EFmq0naepbJ
mNWxY9I01EsOLy9vBScb14nzKGu/Ji55qmrZfpd7nevz59NJUIu1zZuBkq+jINTc
97KgKVApP4YKfsMzWp098+0vd941w4UcRsrdYPZsw4zlqb68DnB8okhcvQgJey/J
2oHhytlh7HTVo6YXPKiLdCZm7u9emfibFnDCDdds+DbKlMYnbL9NkR7Wj5RzWZfj
1Djo
-----END CERTIFICATE-----
Generated at Wed Aug 6 11:19:42 2025 by rpki-client