Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/326130323a313334383a3a2f33322d3332203d3e203531303539.roa
File:                     326130323a313334383a3a2f33322d3332203d3e203531303539.roa (raw, json)
Hash identifier:          m1f4nPrGA7NIFsgD+MozFWSfEE7oftrO8GsKaqSdlt8=
Subject key identifier:   78:2A:F3:A1:EA:25:95:0F:28:94:2F:E8:F3:BC:CB:76:88:F9:97:F5
Certificate issuer:       /CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
Certificate serial:       197899DAEF8697E1A49182C889A95416412E386A
Authority key identifier: 45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/326130323a313334383a3a2f33322d3332203d3e203531303539.roa
Signing time:             Tue 07 Nov 2023 09:46:39 +0000
ROA not before:           Tue 07 Nov 2023 09:41:39 +0000
ROA not after:            Tue 05 Nov 2024 09:46:39 +0000
asID:                     51059
IP address blocks:        2a02:1348::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:78:99:da:ef:86:97:e1:a4:91:82:c8:89:a9:54:16:41:2e:38:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
        Validity
            Not Before: Nov  7 09:41:39 2023 GMT
            Not After : Nov  5 09:46:39 2024 GMT
        Subject: CN=782AF3A1EA25950F28942FE8F3BCCB7688F997F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:61:69:70:0c:8c:a0:4f:46:d4:26:1c:b1:3b:
                    cf:36:f9:7d:5c:bc:0b:f3:47:f0:61:51:d5:90:08:
                    db:0e:4f:fe:36:69:45:4c:16:1f:e8:c0:8a:9e:45:
                    1b:45:62:a7:aa:23:11:b7:ce:33:8f:df:37:11:5a:
                    e9:2d:23:6c:72:40:25:df:a0:23:5e:81:77:ab:29:
                    f1:24:5a:b4:48:2e:be:bc:46:59:de:e0:77:f3:5f:
                    d7:42:e8:9b:e1:76:91:99:7d:06:29:b6:e4:32:3f:
                    ca:32:18:b5:30:46:ce:66:58:4f:ea:49:6f:3f:20:
                    7e:b9:dd:c7:43:4f:c0:b4:35:67:ef:1c:6c:dc:46:
                    a8:0f:20:df:8f:88:35:1c:13:a1:13:4a:3c:22:09:
                    03:e8:0b:8a:73:6a:7f:8d:e7:7f:62:44:34:5a:df:
                    a3:d9:cf:d6:db:17:53:5d:a6:14:99:e0:92:9f:b7:
                    aa:b6:d0:14:fe:c5:b0:fc:aa:e0:a9:69:ab:6b:76:
                    27:99:18:0d:56:88:09:f3:92:da:9f:8c:82:2c:d0:
                    36:f6:a5:05:85:c8:4e:51:95:7b:4f:20:b6:8f:eb:
                    cc:99:77:f5:c4:0a:35:83:92:98:98:2f:f8:32:a1:
                    cd:2c:04:08:c6:4a:0e:e8:e8:5d:e2:04:e5:be:d6:
                    62:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:2A:F3:A1:EA:25:95:0F:28:94:2F:E8:F3:BC:CB:76:88:F9:97:F5
            X509v3 Authority Key Identifier:
                keyid:45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/326130323a313334383a3a2f33322d3332203d3e203531303539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:1348::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:d7:5b:3a:08:b7:a3:a0:ee:14:ad:2b:23:b7:3c:2f:c9:0b:
         dc:25:75:a2:90:c1:30:b7:46:8f:e0:97:92:44:28:38:6a:0f:
         b9:8a:5f:59:13:25:fb:d3:70:01:cd:b4:f2:21:06:1f:e4:e1:
         bd:d8:7f:f3:4c:53:b9:00:06:d7:83:9f:9b:be:79:a5:04:0b:
         fd:ae:a2:d3:f0:40:91:22:5e:8c:a8:96:6c:62:0c:8d:0d:e0:
         d7:3a:4e:6b:b1:1b:18:99:91:e2:67:85:26:b2:34:f2:83:1c:
         8d:21:b3:e0:0d:46:2a:8d:75:f1:1c:13:77:d2:65:ff:8e:1e:
         16:19:c3:6b:22:e5:f7:82:9e:c9:3a:a8:66:cf:46:be:43:f8:
         5d:36:1a:c1:d9:ff:2e:20:06:a7:8c:10:3b:e6:f5:29:46:9d:
         5c:1c:c0:d3:6f:40:a7:77:67:ca:bb:21:cb:b6:b4:c0:99:f7:
         76:e8:23:9c:ab:77:66:ac:f1:12:a9:3e:af:e3:aa:5a:ce:1c:
         24:e7:1f:f7:75:40:79:7b:f5:71:da:bd:81:ac:07:76:94:e6:
         88:e3:0b:d6:de:9a:cb:ab:e9:85:70:f6:5b:84:dc:82:7a:40:
         23:25:9c:90:cd:94:37:b2:89:c9:1f:e4:81:9c:23:f2:e2:23:
         2a:78:4b:3f
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUGXiZ2u+Gl+GkkYLIialUFkEuOGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUwMmU2M2NlMDFjYWQyMzlhYzM5N2JjMmJiNWU2YzM0
N2RjZWVlYTAeFw0yMzExMDcwOTQxMzlaFw0yNDExMDUwOTQ2MzlaMDMxMTAvBgNV
BAMTKDc4MkFGM0ExRUEyNTk1MEYyODk0MkZFOEYzQkNDQjc2ODhGOTk3RjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfYWlwDIygT0bUJhyxO882+X1c
vAvzR/BhUdWQCNsOT/42aUVMFh/owIqeRRtFYqeqIxG3zjOP3zcRWuktI2xyQCXf
oCNegXerKfEkWrRILr68Rlne4HfzX9dC6JvhdpGZfQYptuQyP8oyGLUwRs5mWE/q
SW8/IH653cdDT8C0NWfvHGzcRqgPIN+PiDUcE6ETSjwiCQPoC4pzan+N539iRDRa
36PZz9bbF1NdphSZ4JKft6q20BT+xbD8quCpaatrdieZGA1WiAnzktqfjIIs0Db2
pQWFyE5RlXtPILaP68yZd/XECjWDkpiYL/gyoc0sBAjGSg7o6F3iBOW+1mIjAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUeCrzoeollQ8olC/o87zLdoj5l/UwHwYDVR0j
BBgwFoAURQLmPOAcrSOaw5e8K7Xmw0fc7uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWRmMzNhNTctN2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUx
MWI0LzAvNDUwMkU2M0NFMDFDQUQyMzlBQzM5N0JDMkJCNUU2QzM0N0RDRUVFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JRTG1QT0FjclNPYXc1ZThLN1htdzBm
Yzd1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWRmMzNhNTct
N2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUxMWI0LzAvMzI2MTMwMzIzYTMxMzMzNDM4
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzMTMwMzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoC
E0gwDQYJKoZIhvcNAQELBQADggEBAJPXWzoIt6Og7hStKyO3PC/JC9wldaKQwTC3
Ro/gl5JEKDhqD7mKX1kTJfvTcAHNtPIhBh/k4b3Yf/NMU7kABteDn5u+eaUEC/2u
otPwQJEiXoyolmxiDI0N4Nc6TmuxGxiZkeJnhSayNPKDHI0hs+ANRiqNdfEcE3fS
Zf+OHhYZw2si5feCnsk6qGbPRr5D+F02GsHZ/y4gBqeMEDvm9SlGnVwcwNNvQKd3
Z8q7Icu2tMCZ93boI5yrd2as8RKpPq/jqlrOHCTnH/d1QHl79XHavYGsB3aU5ojj
C9bemsur6YVw9luE3IJ6QCMlnJDNlDeyickf5IGcI/LiIyp4Sz8=
-----END CERTIFICATE-----