Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ca811f8-d075-4e50-9bbf-7b2d0907168f/0/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa
File:                     323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          PSUbGINMXDXcZ2iqGImWYJzUtI6J2N2niY8PAy2nylU=
Subject key identifier:   C2:68:02:B4:BE:D3:D8:FD:FF:20:0F:51:FE:E1:B2:AE:5F:DB:36:05
Certificate issuer:       /CN=7c4bb19365741b7885e0a322377b13b581d82e0e
Certificate serial:       61137D674A0A744C64F4E027090F13D546A0E18A
Authority key identifier: 7C:4B:B1:93:65:74:1B:78:85:E0:A3:22:37:7B:13:B5:81:D8:2E:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEuxk2V0G3iF4KMiN3sTtYHYLg4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ca811f8-d075-4e50-9bbf-7b2d0907168f/0/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa
Signing time:             Sun 07 Apr 2024 17:34:04 +0000
ROA not before:           Sun 07 Apr 2024 17:29:04 +0000
ROA not after:            Sun 06 Apr 2025 17:34:04 +0000
asID:                     0
IP address blocks:        2001:7f8:157::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ca811f8-d075-4e50-9bbf-7b2d0907168f/0/7C4BB19365741B7885E0A322377B13B581D82E0E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ca811f8-d075-4e50-9bbf-7b2d0907168f/0/7C4BB19365741B7885E0A322377B13B581D82E0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fEuxk2V0G3iF4KMiN3sTtYHYLg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:13:7d:67:4a:0a:74:4c:64:f4:e0:27:09:0f:13:d5:46:a0:e1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c4bb19365741b7885e0a322377b13b581d82e0e
        Validity
            Not Before: Apr  7 17:29:04 2024 GMT
            Not After : Apr  6 17:34:04 2025 GMT
        Subject: CN=C26802B4BED3D8FDFF200F51FEE1B2AE5FDB3605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5d:c6:57:b6:f1:7b:82:ac:a1:e0:ac:99:7f:
                    39:bd:57:36:f6:45:d6:2f:ce:f9:64:04:9c:4a:ce:
                    3b:2c:2e:3b:8f:42:f8:0e:f4:c3:fa:09:e4:f6:fa:
                    fd:6a:5f:40:72:33:e2:88:a8:6b:0a:03:18:af:d4:
                    cc:e9:8b:95:64:48:c0:1d:a0:72:e8:68:58:88:72:
                    00:60:bc:6f:76:00:b8:0e:49:c1:f2:53:92:f5:5d:
                    18:c0:00:e6:51:35:ef:8f:08:41:95:d6:1a:a3:bc:
                    98:6d:5d:07:49:d6:e9:a1:84:0c:9f:02:38:72:7c:
                    88:4c:7f:40:63:04:6a:32:ad:a5:25:12:71:50:70:
                    85:27:e4:bc:5f:26:1b:a2:7b:11:71:4d:23:68:07:
                    9f:85:2c:1b:80:ce:a8:2c:53:86:05:a8:37:9a:eb:
                    e6:9c:cf:59:75:62:1b:f3:00:dd:ad:62:69:fd:eb:
                    63:a1:16:f2:e5:ff:ed:32:37:23:83:c7:10:1a:7b:
                    73:da:d4:b0:b0:c8:b2:f8:da:71:57:dd:6a:fc:c0:
                    bb:45:7c:dd:61:94:c9:62:b7:33:71:c7:27:14:6a:
                    25:7c:4a:6e:d4:56:70:da:53:48:a0:42:85:01:fe:
                    98:56:71:34:a6:d8:93:65:c0:31:66:48:4b:6f:fb:
                    eb:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:68:02:B4:BE:D3:D8:FD:FF:20:0F:51:FE:E1:B2:AE:5F:DB:36:05
            X509v3 Authority Key Identifier:
                keyid:7C:4B:B1:93:65:74:1B:78:85:E0:A3:22:37:7B:13:B5:81:D8:2E:0E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ca811f8-d075-4e50-9bbf-7b2d0907168f/0/7C4BB19365741B7885E0A322377B13B581D82E0E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEuxk2V0G3iF4KMiN3sTtYHYLg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ca811f8-d075-4e50-9bbf-7b2d0907168f/0/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:157::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:30:36:6a:7a:b7:a0:e2:99:31:3f:40:52:ef:a9:fb:b8:d4:
         0e:ef:6f:d9:1e:10:5b:97:7a:0e:f0:66:ff:bb:b9:82:7e:73:
         7d:fc:f6:df:cb:a5:e5:77:c8:f2:df:52:5a:29:70:13:31:65:
         30:56:c1:a8:2e:7e:da:38:74:2c:bc:f5:71:36:ea:ab:0c:79:
         cb:7f:0c:ab:96:04:cd:a9:7b:15:5b:bb:ba:19:58:2d:fb:16:
         3f:f9:b3:17:c3:07:d1:fe:98:f9:23:63:c4:29:e5:75:f7:34:
         8d:3b:17:fb:7c:61:0f:10:f8:ae:4f:47:1e:55:79:46:ce:8e:
         9e:dd:5b:1c:14:6c:be:0b:11:3b:7f:d1:ba:d3:cc:63:f6:83:
         8d:aa:5b:cf:d8:1f:66:45:75:49:8d:b2:54:b8:26:6d:d6:48:
         53:b8:53:51:4e:a7:63:aa:a4:d3:82:6b:58:c4:a9:73:de:6f:
         76:9c:55:af:ae:3b:94:3a:cc:7c:66:21:ea:29:a2:e1:ed:76:
         7c:b2:36:36:98:8d:dc:f1:9b:ae:3e:4b:e9:49:77:13:1c:95:
         aa:73:ec:ba:22:07:e7:1e:0c:ef:40:69:fb:28:7d:d3:50:dc:
         12:a4:e7:31:36:05:1e:4d:31:9d:50:3e:fd:7f:cf:e2:a4:12:
         36:f7:6c:00
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUYRN9Z0oKdExk9OAnCQ8T1Uag4YowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2M0YmIxOTM2NTc0MWI3ODg1ZTBhMzIyMzc3YjEzYjU4
MWQ4MmUwZTAeFw0yNDA0MDcxNzI5MDRaFw0yNTA0MDYxNzM0MDRaMDMxMTAvBgNV
BAMTKEMyNjgwMkI0QkVEM0Q4RkRGRjIwMEY1MUZFRTFCMkFFNUZEQjM2MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbXcZXtvF7gqyh4KyZfzm9Vzb2
RdYvzvlkBJxKzjssLjuPQvgO9MP6CeT2+v1qX0ByM+KIqGsKAxiv1Mzpi5VkSMAd
oHLoaFiIcgBgvG92ALgOScHyU5L1XRjAAOZRNe+PCEGV1hqjvJhtXQdJ1umhhAyf
AjhyfIhMf0BjBGoyraUlEnFQcIUn5LxfJhuiexFxTSNoB5+FLBuAzqgsU4YFqDea
6+acz1l1YhvzAN2tYmn962OhFvLl/+0yNyODxxAae3Pa1LCwyLL42nFX3Wr8wLtF
fN1hlMlitzNxxycUaiV8Sm7UVnDaU0igQoUB/phWcTSm2JNlwDFmSEtv++vBAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUwmgCtL7T2P3/IA9R/uGyrl/bNgUwHwYDVR0j
BBgwFoAUfEuxk2V0G3iF4KMiN3sTtYHYLg4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmNhODExZjgtZDA3NS00ZTUwLTliYmYtN2IyZDA5MDcx
NjhmLzAvN0M0QkIxOTM2NTc0MUI3ODg1RTBBMzIyMzc3QjEzQjU4MUQ4MkUwRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZFdXhrMlYwRzNpRjRLTWlOM3NUdFlI
WUxnNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmNhODExZjgt
ZDA3NS00ZTUwLTliYmYtN2IyZDA5MDcxNjhmLzAvMzIzMDMwMzEzYTM3NjYzODNh
MzEzNTM3M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQf4
AVcwDQYJKoZIhvcNAQELBQADggEBAGkwNmp6t6DimTE/QFLvqfu41A7vb9keEFuX
eg7wZv+7uYJ+c3389t/LpeV3yPLfUlopcBMxZTBWwagufto4dCy89XE26qsMect/
DKuWBM2pexVbu7oZWC37Fj/5sxfDB9H+mPkjY8Qp5XX3NI07F/t8YQ8Q+K5PRx5V
eUbOjp7dWxwUbL4LETt/0brTzGP2g42qW8/YH2ZFdUmNslS4Jm3WSFO4U1FOp2Oq
pNOCa1jEqXPeb3acVa+uO5Q6zHxmIeopouHtdnyyNjaYjdzxm64+S+lJdxMclapz
7LoiB+ceDO9AafsofdNQ3BKk5zE2BR5NMZ1QPv1/z+KkEjb3bAA=
-----END CERTIFICATE-----