Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130303a313364303a3a2f32392d3239203d3e203432363839.roa
File:                     326130303a313364303a3a2f32392d3239203d3e203432363839.roa (raw, json)
Hash identifier:          BkPRDSdASY9DWUe9jSASeBCeqtHiu2s7vMlybOvIH38=
Subject key identifier:   A7:44:B4:38:7A:08:C5:2F:E3:A2:1F:84:FF:AD:5E:9F:59:0D:E4:D7
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       1D345AA54DDBF05C4E5F07F7C443C083A210DF6F
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130303a313364303a3a2f32392d3239203d3e203432363839.roa
Signing time:             Tue 19 Mar 2024 10:17:25 +0000
ROA not before:           Tue 19 Mar 2024 10:12:25 +0000
ROA not after:            Tue 18 Mar 2025 10:17:25 +0000
asID:                     42689
IP address blocks:        2a00:13d0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:34:5a:a5:4d:db:f0:5c:4e:5f:07:f7:c4:43:c0:83:a2:10:df:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Mar 19 10:12:25 2024 GMT
            Not After : Mar 18 10:17:25 2025 GMT
        Subject: CN=A744B4387A08C52FE3A21F84FFAD5E9F590DE4D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5c:e7:74:40:89:87:f5:f9:0b:b3:00:39:c3:
                    9e:3a:8e:b9:8c:24:a5:3e:fb:33:d8:65:03:86:72:
                    a0:b2:33:dc:92:d9:d5:c5:34:c6:67:2b:3e:f4:8c:
                    52:6f:88:36:bb:af:f5:73:b6:e1:25:04:6b:36:36:
                    45:f5:b6:78:6c:0e:bb:0b:2a:84:62:3a:ef:46:42:
                    f4:71:95:d4:f2:a2:4a:85:4a:d7:31:b0:dc:fd:09:
                    37:a2:61:be:b0:b3:ff:d6:9f:c6:59:8d:7f:6a:87:
                    98:83:a4:af:e9:d2:10:8e:f7:04:3d:79:e4:de:de:
                    e5:0b:01:77:7a:c6:06:de:65:69:53:19:95:6b:52:
                    f3:19:31:a6:4a:38:7e:a1:68:a6:17:d6:3f:f3:fa:
                    53:0f:43:25:a9:7b:06:d0:f3:65:5e:77:c2:14:cf:
                    38:3d:e1:30:07:8c:64:cd:8a:1a:eb:54:0e:5c:ad:
                    63:98:2f:83:b0:18:72:25:e8:22:13:22:6a:d2:99:
                    8c:32:9f:b3:b1:bd:2e:06:98:fa:1d:1d:03:b5:f8:
                    09:73:10:5b:b7:44:49:4d:40:94:54:cf:8c:d3:88:
                    c2:c0:4e:81:d8:87:9f:ff:bb:b9:6e:43:fa:96:06:
                    e6:95:5d:43:aa:29:8a:f6:f2:b2:87:3c:4b:cb:d4:
                    f7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:44:B4:38:7A:08:C5:2F:E3:A2:1F:84:FF:AD:5E:9F:59:0D:E4:D7
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130303a313364303a3a2f32392d3239203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:13d0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:6b:a6:96:6a:b0:5b:7d:bc:db:3e:b1:1a:3f:f9:54:bc:47:
         41:f7:01:1f:33:87:99:85:ae:3d:dd:a9:ab:4a:39:b7:06:05:
         fd:cb:bf:e9:63:ca:e9:37:e6:87:75:5e:75:32:d0:8d:41:ea:
         5e:56:87:f4:6b:69:e6:1c:b6:14:3d:fe:5a:15:ab:0b:4b:9f:
         46:bd:3d:b1:a8:44:19:52:7f:7e:7c:8a:63:69:21:dc:a9:28:
         3c:6c:b2:3b:bf:5d:01:44:6b:a0:a4:a2:7a:78:fd:82:f8:be:
         88:69:ad:2f:79:bf:99:72:89:71:f4:36:6e:31:a6:f2:e1:0a:
         11:c6:3a:b1:31:d4:fa:91:27:d8:35:e1:0e:fc:1c:fd:74:df:
         6c:df:4f:48:1e:2d:47:e7:ce:05:70:58:96:ba:00:8b:5e:fa:
         c2:96:59:4d:69:d7:54:87:5e:58:5b:d7:7f:cf:df:74:41:56:
         6d:d8:c2:b6:ca:4b:68:0d:d1:49:9a:61:2d:c6:e9:f9:e1:ec:
         02:33:a8:30:84:30:a7:d7:27:3a:45:18:cf:d4:e8:dd:0c:66:
         1d:f3:f7:38:9e:af:bc:b9:0c:65:08:31:18:82:e8:d7:c6:a7:
         77:df:25:4c:08:81:bf:80:42:b4:d8:4a:e0:07:5d:53:c1:05:
         84:50:1b:0f
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUHTRapU3b8FxOXwf3xEPAg6IQ328wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDAzMTkxMDEyMjVaFw0yNTAzMTgxMDE3MjVaMDMxMTAvBgNV
BAMTKEE3NDRCNDM4N0EwOEM1MkZFM0EyMUY4NEZGQUQ1RTlGNTkwREU0RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdXOd0QImH9fkLswA5w546jrmM
JKU++zPYZQOGcqCyM9yS2dXFNMZnKz70jFJviDa7r/VztuElBGs2NkX1tnhsDrsL
KoRiOu9GQvRxldTyokqFStcxsNz9CTeiYb6ws//Wn8ZZjX9qh5iDpK/p0hCO9wQ9
eeTe3uULAXd6xgbeZWlTGZVrUvMZMaZKOH6haKYX1j/z+lMPQyWpewbQ82Ved8IU
zzg94TAHjGTNihrrVA5crWOYL4OwGHIl6CITImrSmYwyn7OxvS4GmPodHQO1+Alz
EFu3RElNQJRUz4zTiMLAToHYh5//u7luQ/qWBuaVXUOqKYr28rKHPEvL1PcJAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUp0S0OHoIxS/joh+E/61en1kN5NcwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzI2MTMwMzAzYTMxMzM2NDMw
M2EzYTJmMzIzOTJkMzIzOTIwM2QzZTIwMzQzMjM2MzgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoA
E9AwDQYJKoZIhvcNAQELBQADggEBAC5rppZqsFt9vNs+sRo/+VS8R0H3AR8zh5mF
rj3dqatKObcGBf3Lv+ljyuk35od1XnUy0I1B6l5Wh/RraeYcthQ9/loVqwtLn0a9
PbGoRBlSf358imNpIdypKDxssju/XQFEa6Ckonp4/YL4vohprS95v5lyiXH0Nm4x
pvLhChHGOrEx1PqRJ9g14Q78HP1032zfT0geLUfnzgVwWJa6AIte+sKWWU1p11SH
Xlhb13/P33RBVm3YwrbKS2gN0UmaYS3G6fnh7AIzqDCEMKfXJzpFGM/U6N0MZh3z
9zier7y5DGUIMRiC6NfGp3ffJUwIgb+AQrTYSuAHXVPBBYRQGw8=
-----END CERTIFICATE-----