Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa
File:                     323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          cAb30fVqTd8++M4lv8QD26BvmJIcWc1fy7zzqGZ9Hbs=
Subject key identifier:   82:94:E9:09:1C:7B:7A:E1:18:A3:9D:EB:AC:77:2A:AC:B0:EA:0B:A3
Certificate issuer:       /CN=6019c116c8ae318afd4b822e9f4eeea0c34baaca
Certificate serial:       639A92C87FAD092CF9500DA9B7E1DAC46609F9C7
Authority key identifier: 60:19:C1:16:C8:AE:31:8A:FD:4B:82:2E:9F:4E:EE:A0:C3:4B:AA:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa
Signing time:             Sun 15 Sep 2024 14:50:39 +0000
ROA not before:           Sun 15 Sep 2024 14:45:39 +0000
ROA not after:            Sun 14 Sep 2025 14:50:39 +0000
asID:                     0
IP address blocks:        2001:7f8:157::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:9a:92:c8:7f:ad:09:2c:f9:50:0d:a9:b7:e1:da:c4:66:09:f9:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6019c116c8ae318afd4b822e9f4eeea0c34baaca
        Validity
            Not Before: Sep 15 14:45:39 2024 GMT
            Not After : Sep 14 14:50:39 2025 GMT
        Subject: CN=8294E9091C7B7AE118A39DEBAC772AACB0EA0BA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:10:5e:92:33:cb:06:ef:cd:8b:81:68:cb:6f:
                    36:ad:24:c9:4e:43:b3:c2:b8:56:84:d2:76:f7:c8:
                    1f:d3:94:84:8f:cb:81:c2:0e:a1:64:1d:65:25:e5:
                    28:26:da:27:45:0f:f3:34:9c:44:94:25:a5:45:cb:
                    9b:2d:7a:5f:f6:c9:52:bc:3d:d6:6a:18:a4:53:a0:
                    67:5d:7f:2a:7d:6d:1b:7d:c2:21:71:db:f0:ec:fd:
                    5e:f2:72:2a:07:7f:f0:fd:f7:ac:16:74:c1:5e:cc:
                    38:2e:d8:54:c6:c2:87:0a:30:98:95:25:0c:32:5d:
                    dc:68:8a:09:24:d7:0d:7c:b2:92:84:0f:f0:a1:69:
                    d1:5e:a2:aa:0b:76:ee:bb:3b:d9:ee:ce:07:0e:31:
                    cc:a7:00:7c:7b:f0:71:f6:7f:95:84:92:60:a6:d6:
                    ab:19:7f:85:27:bd:39:9e:3d:0c:b6:b6:02:9b:b6:
                    b3:bf:7a:44:65:b7:2d:63:ed:b2:98:6c:fd:0c:a7:
                    58:de:02:d0:e4:3f:78:f1:dc:e2:6b:e2:bb:bb:d0:
                    5d:a2:d2:e9:d6:d8:0b:6c:73:d9:df:47:77:f1:60:
                    42:b9:cd:6d:90:a2:7a:62:02:8a:bc:bc:5b:c9:ac:
                    09:2f:22:09:f6:1b:a7:79:b3:b4:20:08:3a:02:07:
                    ca:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:94:E9:09:1C:7B:7A:E1:18:A3:9D:EB:AC:77:2A:AC:B0:EA:0B:A3
            X509v3 Authority Key Identifier:
                keyid:60:19:C1:16:C8:AE:31:8A:FD:4B:82:2E:9F:4E:EE:A0:C3:4B:AA:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:157::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:24:c9:ab:b5:e4:b1:15:9e:f6:df:55:bc:44:9c:76:e2:4b:
         98:39:9f:22:f0:a7:f5:c2:e4:59:da:4b:74:bc:70:f6:de:ab:
         2c:f3:65:b4:82:bd:f7:d7:96:fd:97:7b:f8:b6:12:b5:73:7a:
         03:f6:90:b8:0b:ec:fd:da:17:42:17:83:eb:81:4b:78:bd:91:
         44:ae:7c:37:33:8a:48:b6:12:39:b3:fb:c9:00:1f:bf:f9:7f:
         9e:08:bf:15:4d:1e:6b:e9:eb:42:ae:69:ef:a0:5e:a3:e3:44:
         9e:8f:78:ca:51:db:4f:8a:52:6c:e1:1a:cf:e1:04:b0:82:36:
         44:80:42:85:f9:3e:26:d2:83:eb:f5:b1:86:6d:f8:96:c9:25:
         d9:62:2a:40:a2:46:13:02:5c:86:bc:6f:04:62:ae:6b:c4:83:
         af:80:15:22:db:a9:c9:7a:ac:33:9a:32:70:8a:4d:e7:bd:c9:
         82:9c:92:21:34:ba:b7:4a:89:33:9e:b1:8c:43:7a:15:37:ec:
         63:21:5e:03:a5:a2:06:fe:e3:72:2f:54:a3:a9:00:44:79:ee:
         1f:f5:62:2c:fc:45:1c:34:a1:3d:14:de:5a:83:23:11:e1:75:
         e1:69:d3:23:d8:6d:c1:c8:d4:68:06:05:fd:4c:45:61:3f:45:
         95:4b:1d:f4
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUY5qSyH+tCSz5UA2pt+HaxGYJ+ccwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxOWMxMTZjOGFlMzE4YWZkNGI4MjJlOWY0ZWVlYTBj
MzRiYWFjYTAeFw0yNDA5MTUxNDQ1MzlaFw0yNTA5MTQxNDUwMzlaMDMxMTAvBgNV
BAMTKDgyOTRFOTA5MUM3QjdBRTExOEEzOURFQkFDNzcyQUFDQjBFQTBCQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNEF6SM8sG782LgWjLbzatJMlO
Q7PCuFaE0nb3yB/TlISPy4HCDqFkHWUl5Sgm2idFD/M0nESUJaVFy5stel/2yVK8
PdZqGKRToGddfyp9bRt9wiFx2/Ds/V7ycioHf/D996wWdMFezDgu2FTGwocKMJiV
JQwyXdxoigkk1w18spKED/ChadFeoqoLdu67O9nuzgcOMcynAHx78HH2f5WEkmCm
1qsZf4UnvTmePQy2tgKbtrO/ekRlty1j7bKYbP0Mp1jeAtDkP3jx3OJr4ru70F2i
0unW2Atsc9nfR3fxYEK5zW2QonpiAoq8vFvJrAkvIgn2G6d5s7QgCDoCB8oFAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUgpTpCRx7euEYo53rrHcqrLDqC6MwHwYDVR0j
BBgwFoAUYBnBFsiuMYr9S4Iun07uoMNLqsowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMtMjA1OC00M2JiLTlhYzYtNWFiNDJkZmJm
NDA5LzMvNjAxOUMxMTZDOEFFMzE4QUZENEI4MjJFOUY0RUVFQTBDMzRCQUFDQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1lCbkJGc2l1TVlyOVM0SXVuMDd1b01O
THFzby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMt
MjA1OC00M2JiLTlhYzYtNWFiNDJkZmJmNDA5LzMvMzIzMDMwMzEzYTM3NjYzODNh
MzEzNTM3M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQf4
AVcwDQYJKoZIhvcNAQELBQADggEBAEskyau15LEVnvbfVbxEnHbiS5g5nyLwp/XC
5FnaS3S8cPbeqyzzZbSCvffXlv2Xe/i2ErVzegP2kLgL7P3aF0IXg+uBS3i9kUSu
fDcziki2Ejmz+8kAH7/5f54IvxVNHmvp60Kuae+gXqPjRJ6PeMpR20+KUmzhGs/h
BLCCNkSAQoX5PibSg+v1sYZt+JbJJdliKkCiRhMCXIa8bwRirmvEg6+AFSLbqcl6
rDOaMnCKTee9yYKckiE0urdKiTOesYxDehU37GMhXgOlogb+43IvVKOpAER57h/1
Yiz8RRw0oT0U3lqDIxHhdeFp0yPYbcHI1GgGBf1MRWE/RZVLHfQ=
-----END CERTIFICATE-----