Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130313a3338383a3a2f32392d3239203d3e203432363839.roa
File:                     326130313a3338383a3a2f32392d3239203d3e203432363839.roa (raw, json)
Hash identifier:          qXKE8dCs/iA+s4aAZga14k59LzcbUpHTUtXlxI77EV0=
Subject key identifier:   FE:0C:B7:FF:84:5A:FC:46:34:43:5A:08:79:05:CF:81:1C:EA:4D:8D
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       420D1645F118D3C54936316298C0FA9522AB3672
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130313a3338383a3a2f32392d3239203d3e203432363839.roa
Signing time:             Tue 18 Feb 2025 10:21:31 +0000
ROA not before:           Tue 18 Feb 2025 10:16:31 +0000
ROA not after:            Tue 17 Feb 2026 10:21:31 +0000
asID:                     42689
IP address blocks:        2a01:388::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:0d:16:45:f1:18:d3:c5:49:36:31:62:98:c0:fa:95:22:ab:36:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Feb 18 10:16:31 2025 GMT
            Not After : Feb 17 10:21:31 2026 GMT
        Subject: CN=FE0CB7FF845AFC4634435A087905CF811CEA4D8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:21:46:05:6b:ab:90:79:fe:3a:2f:59:ba:ac:
                    20:31:ba:52:4f:83:c8:59:e7:f0:cc:ee:3f:75:4a:
                    b0:11:66:c2:3b:eb:ce:a7:29:f0:ee:25:77:bf:cd:
                    b8:03:a3:99:eb:b2:4e:ac:e6:7e:51:db:8d:f2:54:
                    13:25:19:ae:38:cd:c2:08:d2:44:8b:7f:65:8a:33:
                    e4:82:e1:6e:a8:71:e2:8a:04:de:a2:d0:80:92:4c:
                    45:03:32:f4:a8:6a:47:df:80:14:e1:bc:04:2e:0f:
                    eb:a4:94:85:0a:b4:82:48:81:3c:99:e9:4c:3d:0f:
                    19:6d:85:dd:cf:47:0c:44:95:ca:c7:c1:9f:60:27:
                    96:f2:e0:95:18:5d:49:03:3a:53:39:ef:88:bc:e4:
                    cc:ef:87:bd:8c:70:59:e0:60:cb:78:58:95:ef:76:
                    b0:dd:52:31:2e:47:84:2c:99:94:97:18:fb:a3:e9:
                    98:fd:64:78:e1:4d:28:7a:ad:9b:7e:28:c3:d8:5d:
                    f3:a4:a5:1d:d4:75:25:39:e0:ab:6d:03:df:47:97:
                    7d:3a:59:96:be:72:54:b4:37:de:c3:ef:c0:ca:af:
                    fe:e7:76:61:d4:9a:3e:89:9a:f3:13:73:3d:90:c6:
                    f6:03:92:ca:0d:76:61:42:2b:61:76:3e:54:24:fd:
                    31:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:0C:B7:FF:84:5A:FC:46:34:43:5A:08:79:05:CF:81:1C:EA:4D:8D
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130313a3338383a3a2f32392d3239203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:388::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:a0:20:68:2e:da:01:92:9a:fd:82:85:c8:46:a8:d9:fc:13:
         b8:9f:3c:b8:7d:af:46:5a:1f:03:2f:4e:18:80:67:46:55:03:
         ac:cd:98:cc:b8:bf:2e:45:d7:c5:d4:dc:21:08:d3:33:96:e1:
         22:92:94:52:9f:f5:2b:b0:11:71:33:6e:9c:b8:bf:03:d5:9d:
         ef:8b:e3:5c:99:3f:83:1b:97:3d:10:09:f5:eb:e8:fd:64:cc:
         3d:ee:82:96:53:6f:ed:3f:93:98:3b:34:9d:d6:ce:ab:e0:12:
         f0:3b:ef:d2:f0:7a:c0:2f:ec:5d:54:1e:8a:8d:48:95:c8:71:
         f2:30:6a:8e:5f:e1:63:5c:74:1c:9d:41:d9:5c:00:c4:0e:cb:
         6d:2b:cb:d7:46:2e:e9:08:fa:3a:2c:2b:91:9b:a5:bf:1b:db:
         d7:81:a2:46:46:50:c8:8f:cd:43:99:f3:49:51:5a:b1:c6:86:
         8b:e9:62:5e:9f:59:a2:f2:10:d9:7b:a6:f5:42:ff:2b:1b:2b:
         ea:37:bd:8a:af:76:41:ba:5e:3a:fe:0e:a1:95:58:62:76:e5:
         7e:03:7f:c0:dd:83:56:b9:fe:75:b6:c9:67:04:cb:ac:7a:d4:
         ed:db:73:fd:35:7d:c6:d8:77:d3:05:05:57:a1:4a:5f:f5:0c:
         80:15:30:5f
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUQg0WRfEY08VJNjFimMD6lSKrNnIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNTAyMTgxMDE2MzFaFw0yNjAyMTcxMDIxMzFaMDMxMTAvBgNV
BAMTKEZFMENCN0ZGODQ1QUZDNDYzNDQzNUEwODc5MDVDRjgxMUNFQTREOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+IUYFa6uQef46L1m6rCAxulJP
g8hZ5/DM7j91SrARZsI7686nKfDuJXe/zbgDo5nrsk6s5n5R243yVBMlGa44zcII
0kSLf2WKM+SC4W6oceKKBN6i0ICSTEUDMvSoakffgBThvAQuD+uklIUKtIJIgTyZ
6Uw9Dxlthd3PRwxElcrHwZ9gJ5by4JUYXUkDOlM574i85Mzvh72McFngYMt4WJXv
drDdUjEuR4QsmZSXGPuj6Zj9ZHjhTSh6rZt+KMPYXfOkpR3UdSU54KttA99Hl306
WZa+clS0N97D78DKr/7ndmHUmj6JmvMTcz2QxvYDksoNdmFCK2F2PlQk/TGVAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQU/gy3/4Ra/EY0Q1oIeQXPgRzqTY0wHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzI2MTMwMzEzYTMzMzgzODNh
M2EyZjMyMzkyZDMyMzkyMDNkM2UyMDM0MzIzNjM4Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqAQOI
MA0GCSqGSIb3DQEBCwUAA4IBAQBPoCBoLtoBkpr9goXIRqjZ/BO4nzy4fa9GWh8D
L04YgGdGVQOszZjMuL8uRdfF1NwhCNMzluEikpRSn/UrsBFxM26cuL8D1Z3vi+Nc
mT+DG5c9EAn16+j9ZMw97oKWU2/tP5OYOzSd1s6r4BLwO+/S8HrAL+xdVB6KjUiV
yHHyMGqOX+FjXHQcnUHZXADEDsttK8vXRi7pCPo6LCuRm6W/G9vXgaJGRlDIj81D
mfNJUVqxxoaL6WJen1mi8hDZe6b1Qv8rGyvqN72Kr3ZBul46/g6hlVhiduV+A3/A
3YNWuf51tslnBMusetTt23P9NX3G2HfTBQVXoUpf9QyAFTBf
-----END CERTIFICATE-----