Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130303a313364303a3a2f32392d3239203d3e203432363839.roa
File:                     326130303a313364303a3a2f32392d3239203d3e203432363839.roa (raw, json)
Hash identifier:          hA932Sk7UDCaPfxEVgEZHbPE1NpCcYSD8YbIswtrf/w=
Subject key identifier:   47:02:3F:48:30:C6:06:35:01:6C:6D:57:E3:49:6C:61:FF:50:1C:1E
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       462C00DDA06DA7C37948122E2528204820123B5C
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130303a313364303a3a2f32392d3239203d3e203432363839.roa
Signing time:             Tue 18 Feb 2025 10:21:31 +0000
ROA not before:           Tue 18 Feb 2025 10:16:31 +0000
ROA not after:            Tue 17 Feb 2026 10:21:31 +0000
asID:                     42689
IP address blocks:        2a00:13d0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 23:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:2c:00:dd:a0:6d:a7:c3:79:48:12:2e:25:28:20:48:20:12:3b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Feb 18 10:16:31 2025 GMT
            Not After : Feb 17 10:21:31 2026 GMT
        Subject: CN=47023F4830C60635016C6D57E3496C61FF501C1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:79:ab:6b:66:02:fb:8c:fa:d5:4e:e2:c7:8e:
                    76:5c:07:d2:d5:07:52:51:d8:ef:85:78:0e:3b:df:
                    ce:96:40:08:82:a6:38:84:66:03:0a:eb:12:f1:e6:
                    0d:2e:ce:ed:4f:64:b7:27:c2:a9:cc:86:a2:d2:d7:
                    78:b8:c1:b6:5c:ae:b8:b6:80:84:e9:91:67:f3:eb:
                    f7:21:00:7c:9e:46:df:b9:b3:41:14:5a:6a:e5:a2:
                    66:76:d0:d2:9c:66:78:e9:f3:01:f6:02:47:35:96:
                    d3:f8:e8:5c:07:37:c7:47:b8:bb:c7:16:aa:fb:86:
                    df:26:2f:d1:aa:cd:0d:e7:ce:ce:43:4f:b7:cb:7d:
                    21:5a:1c:79:4e:59:39:07:27:32:f8:25:3b:9c:6c:
                    ff:54:fd:15:f4:1e:67:20:e0:7e:16:40:7d:08:1d:
                    73:43:4b:19:a3:8f:d2:e0:2f:5d:09:84:b1:82:a6:
                    5e:fa:99:99:d1:64:08:27:13:38:af:c0:07:b0:6f:
                    88:ee:4d:cd:c1:d7:b4:40:37:06:24:1c:83:37:4c:
                    0e:11:ab:f8:c6:79:65:b3:00:a7:94:37:95:61:61:
                    41:1c:84:1e:67:9f:3a:c0:fa:0f:e3:d7:b4:86:eb:
                    ff:49:aa:8e:1c:e5:6e:70:38:f0:a4:8a:57:b6:c6:
                    3c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:02:3F:48:30:C6:06:35:01:6C:6D:57:E3:49:6C:61:FF:50:1C:1E
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130303a313364303a3a2f32392d3239203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:13d0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:99:4e:43:c5:0e:4b:40:67:68:37:ff:41:cf:e7:f8:f9:8b:
         17:e1:60:22:bd:d2:bd:74:c8:1b:17:2d:41:90:46:36:73:73:
         36:d0:0c:36:14:13:9d:76:37:3b:be:8a:11:26:2e:b0:6a:52:
         2d:c2:9d:a5:e7:ed:c9:20:23:b1:ec:76:ed:84:c9:66:42:ed:
         19:4e:82:c9:3e:4b:23:09:a8:ff:9a:cf:e2:9f:7e:1a:1d:7c:
         c1:04:ec:6b:ea:63:12:79:a7:e4:57:77:e7:a2:69:64:94:d7:
         ba:d4:ae:cb:9f:74:69:b6:74:0f:e3:87:0e:52:c6:5b:a2:85:
         1b:ca:0d:d7:a3:4e:ed:75:a7:3b:b0:f0:22:76:14:0e:c8:c4:
         12:1f:69:0c:bc:ed:01:f1:65:21:1b:df:d6:ce:bb:c5:3a:58:
         95:a4:40:7f:8b:db:8d:5f:a2:8d:9d:ca:1a:98:8e:fc:ab:43:
         25:c1:00:87:94:35:6a:e7:87:bb:b7:64:24:32:9f:28:4b:26:
         2a:62:bf:0b:30:dd:ab:62:5a:80:ac:fd:4c:97:ff:e9:0e:4c:
         2c:55:6c:f3:a2:38:ae:79:d9:f4:03:33:da:fd:3d:12:fd:24:
         e4:f6:7f:eb:87:54:d3:c8:34:b2:2b:a3:e4:54:04:f6:d7:75:
         48:21:56:3b
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIURiwA3aBtp8N5SBIuJSggSCASO1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNTAyMTgxMDE2MzFaFw0yNjAyMTcxMDIxMzFaMDMxMTAvBgNV
BAMTKDQ3MDIzRjQ4MzBDNjA2MzUwMTZDNkQ1N0UzNDk2QzYxRkY1MDFDMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJeatrZgL7jPrVTuLHjnZcB9LV
B1JR2O+FeA47386WQAiCpjiEZgMK6xLx5g0uzu1PZLcnwqnMhqLS13i4wbZcrri2
gITpkWfz6/chAHyeRt+5s0EUWmrlomZ20NKcZnjp8wH2Akc1ltP46FwHN8dHuLvH
Fqr7ht8mL9GqzQ3nzs5DT7fLfSFaHHlOWTkHJzL4JTucbP9U/RX0Hmcg4H4WQH0I
HXNDSxmjj9LgL10JhLGCpl76mZnRZAgnEzivwAewb4juTc3B17RANwYkHIM3TA4R
q/jGeWWzAKeUN5VhYUEchB5nnzrA+g/j17SG6/9Jqo4c5W5wOPCkile2xjxXAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQURwI/SDDGBjUBbG1X40lsYf9QHB4wHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzI2MTMwMzAzYTMxMzM2NDMw
M2EzYTJmMzIzOTJkMzIzOTIwM2QzZTIwMzQzMjM2MzgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoA
E9AwDQYJKoZIhvcNAQELBQADggEBAB2ZTkPFDktAZ2g3/0HP5/j5ixfhYCK90r10
yBsXLUGQRjZzczbQDDYUE512Nzu+ihEmLrBqUi3CnaXn7ckgI7Hsdu2EyWZC7RlO
gsk+SyMJqP+az+KffhodfMEE7GvqYxJ5p+RXd+eiaWSU17rUrsufdGm2dA/jhw5S
xluihRvKDdejTu11pzuw8CJ2FA7IxBIfaQy87QHxZSEb39bOu8U6WJWkQH+L241f
oo2dyhqYjvyrQyXBAIeUNWrnh7u3ZCQynyhLJipivwsw3atiWoCs/UyX/+kOTCxV
bPOiOK552fQDM9r9PRL9JOT2f+uHVNPINLIro+RUBPbXdUghVjs=
-----END CERTIFICATE-----