Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ebf04c7c-f82d-471d-85ad-98c65de1c912/3/326131343a373538303a656431383a3a2f34362d3438203d3e20323135393536.roa
File:                     326131343a373538303a656431383a3a2f34362d3438203d3e20323135393536.roa (raw, json)
Hash identifier:          uXTTq85aLk1Ck3+Vq0EonEJau7jzij3/EE3a2vfmdBs=
Subject key identifier:   C6:89:68:BF:20:86:81:16:19:D8:45:FD:6A:84:7E:87:7B:6C:22:E4
Certificate issuer:       /CN=9C8212C5D1DDE84B5573EFC73DAB842D9B8D902B
Certificate serial:       587A378AAB7DC4AEDA5A44606CB7DA121F9F1F6E
Authority key identifier: 9C:82:12:C5:D1:DD:E8:4B:55:73:EF:C7:3D:AB:84:2D:9B:8D:90:2B
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/9C8212C5D1DDE84B5573EFC73DAB842D9B8D902B.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ebf04c7c-f82d-471d-85ad-98c65de1c912/3/326131343a373538303a656431383a3a2f34362d3438203d3e20323135393536.roa
Signing time:             Fri 10 Oct 2025 19:13:19 +0000
ROA not before:           Fri 10 Oct 2025 19:08:19 +0000
ROA not after:            Fri 09 Oct 2026 19:13:19 +0000
asID:                     215956
IP address blocks:        2a14:7580:ed18::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ebf04c7c-f82d-471d-85ad-98c65de1c912/3/9C8212C5D1DDE84B5573EFC73DAB842D9B8D902B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ebf04c7c-f82d-471d-85ad-98c65de1c912/3/9C8212C5D1DDE84B5573EFC73DAB842D9B8D902B.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/9C8212C5D1DDE84B5573EFC73DAB842D9B8D902B.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 23:24:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:7a:37:8a:ab:7d:c4:ae:da:5a:44:60:6c:b7:da:12:1f:9f:1f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9C8212C5D1DDE84B5573EFC73DAB842D9B8D902B
        Validity
            Not Before: Oct 10 19:08:19 2025 GMT
            Not After : Oct  9 19:13:19 2026 GMT
        Subject: CN=C68968BF2086811619D845FD6A847E877B6C22E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ee:bd:66:72:31:ba:bf:e4:ce:c7:a8:f4:78:
                    5d:25:a0:62:6d:7e:ab:30:3a:4b:d9:78:5a:fe:b0:
                    06:ef:36:73:f3:84:8e:b5:e8:8e:36:b7:73:52:22:
                    c0:5b:69:bf:95:49:4a:9b:6a:c3:83:ad:bf:5a:52:
                    9d:34:e7:53:1d:bc:80:01:28:79:3a:42:65:39:c2:
                    91:3e:c1:61:ca:48:60:37:58:f2:3c:9b:41:62:6e:
                    f0:b6:6d:9b:59:ef:e2:a1:0a:a8:fb:71:57:63:99:
                    e5:2e:89:27:7a:4a:28:c8:fb:eb:92:2a:15:a2:2a:
                    89:19:20:0d:c3:c5:da:72:53:5c:86:66:f3:5d:63:
                    b2:27:5f:cd:ad:c5:5f:09:41:cd:37:10:84:0a:75:
                    3a:68:36:89:58:a9:1e:99:76:83:40:69:52:28:78:
                    ce:29:4e:6f:eb:8e:ee:2a:83:eb:d3:13:c1:ec:c3:
                    32:db:97:20:a4:9c:d6:ba:0d:b7:89:5e:86:ad:e4:
                    9c:01:54:d6:80:ee:47:91:bb:f8:87:fe:3f:a7:c6:
                    16:3c:5c:06:da:e3:7e:80:37:b6:af:d5:c7:df:b3:
                    60:0f:cb:c1:e8:11:d9:1a:32:04:52:84:10:9a:d9:
                    80:96:b7:06:83:52:90:2b:5c:78:ee:35:e4:94:8c:
                    b6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:89:68:BF:20:86:81:16:19:D8:45:FD:6A:84:7E:87:7B:6C:22:E4
            X509v3 Authority Key Identifier:
                keyid:9C:82:12:C5:D1:DD:E8:4B:55:73:EF:C7:3D:AB:84:2D:9B:8D:90:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ebf04c7c-f82d-471d-85ad-98c65de1c912/3/9C8212C5D1DDE84B5573EFC73DAB842D9B8D902B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/9C8212C5D1DDE84B5573EFC73DAB842D9B8D902B.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ebf04c7c-f82d-471d-85ad-98c65de1c912/3/326131343a373538303a656431383a3a2f34362d3438203d3e20323135393536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ed18::/46

    Signature Algorithm: sha256WithRSAEncryption
         83:b8:57:11:96:0d:71:12:63:b8:3b:8c:14:13:0b:c5:11:85:
         2e:a7:2f:75:9d:b1:c9:46:93:ba:29:d5:7a:80:f8:d1:0c:40:
         4a:7e:3b:8a:d5:d8:11:51:3a:c0:03:b2:68:f5:fd:9e:54:02:
         fc:45:56:af:b2:35:fa:93:74:b2:8d:b9:39:dc:ce:38:5e:2f:
         da:f0:8e:4f:01:25:bc:73:84:90:77:f5:91:84:42:6f:bd:92:
         14:38:e7:fa:ef:f1:66:3f:0b:6a:e4:aa:e5:f1:df:26:71:b4:
         d4:03:05:f6:71:93:4e:51:32:f5:01:cc:e6:65:47:26:9d:36:
         b7:0e:8b:5a:87:ba:b7:3c:bd:37:4e:41:2a:a6:42:7e:6f:d2:
         c1:41:01:78:e1:fa:f6:f7:a1:57:9f:85:89:94:45:f0:e8:a6:
         03:95:43:86:9c:bb:a7:a9:52:50:1e:7e:77:d1:ab:cf:23:11:
         95:ab:0f:1c:35:ec:ec:a1:a6:41:23:7a:bb:83:a4:1e:42:49:
         f9:f9:6c:06:cd:a0:5b:aa:59:b9:67:9e:46:5b:e7:9e:66:33:
         83:c2:33:de:a7:01:a9:33:8f:d3:57:9c:5c:3c:9c:eb:a1:ef:
         5f:11:79:1c:c0:35:2d:d4:eb:09:4f:fc:2a:12:e4:a2:06:50:
         30:35:c1:75
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUWHo3iqt9xK7aWkRgbLfaEh+fH24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUM4MjEyQzVEMURERTg0QjU1NzNFRkM3M0RBQjg0MkQ5
QjhEOTAyQjAeFw0yNTEwMTAxOTA4MTlaFw0yNjEwMDkxOTEzMTlaMDMxMTAvBgNV
BAMTKEM2ODk2OEJGMjA4NjgxMTYxOUQ4NDVGRDZBODQ3RTg3N0I2QzIyRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL7r1mcjG6v+TOx6j0eF0loGJt
fqswOkvZeFr+sAbvNnPzhI616I42t3NSIsBbab+VSUqbasODrb9aUp0051MdvIAB
KHk6QmU5wpE+wWHKSGA3WPI8m0FibvC2bZtZ7+KhCqj7cVdjmeUuiSd6SijI++uS
KhWiKokZIA3DxdpyU1yGZvNdY7InX82txV8JQc03EIQKdTpoNolYqR6ZdoNAaVIo
eM4pTm/rju4qg+vTE8HswzLblyCknNa6DbeJXoat5JwBVNaA7keRu/iH/j+nxhY8
XAba436AN7av1cffs2APy8HoEdkaMgRShBCa2YCWtwaDUpArXHjuNeSUjLYZAgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQUxolovyCGgRYZ2EX9aoR+h3tsIuQwHwYDVR0j
BBgwFoAUnIISxdHd6EtVc+/HPauELZuNkCswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWJmMDRjN2MtZjgyZC00NzFkLTg1YWQtOThjNjVkZTFj
OTEyLzMvOUM4MjEyQzVEMURERTg0QjU1NzNFRkM3M0RBQjg0MkQ5QjhEOTAyQi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC85QzgyMTJDNUQxRERFODRCNTU3M0VGQzcz
REFCODQyRDlCOEQ5MDJCLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9lYmYwNGM3Yy1mODJkLTQ3MWQtODVhZC05OGM2NWRlMWM5MTIvMy8zMjYxMzEz
NDNhMzczNTM4MzAzYTY1NjQzMTM4M2EzYTJmMzQzNjJkMzQzODIwM2QzZTIwMzIz
MTM1MzkzNTM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcCKhR1gO0YMA0GCSqGSIb3DQEBCwUAA4IBAQCD
uFcRlg1xEmO4O4wUEwvFEYUupy91nbHJRpO6KdV6gPjRDEBKfjuK1dgRUTrAA7Jo
9f2eVAL8RVavsjX6k3Syjbk53M44Xi/a8I5PASW8c4SQd/WRhEJvvZIUOOf67/Fm
Pwtq5Krl8d8mcbTUAwX2cZNOUTL1AczmZUcmnTa3Dotah7q3PL03TkEqpkJ+b9LB
QQF44fr296FXn4WJlEXw6KYDlUOGnLunqVJQHn530avPIxGVqw8cNezsoaZBI3q7
g6QeQkn5+WwGzaBbqlm5Z55GW+eeZjODwjPepwGpM4/TV5xcPJzroe9fEXkcwDUt
1OsJT/wqEuSiBlAwNcF1
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:26 2025 by rpki-client