Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130313a3338383a3a2f32392d3239203d3e203432363839.roa
File:                     326130313a3338383a3a2f32392d3239203d3e203432363839.roa (raw, json)
Hash identifier:          D0p4nAtDon0BMBn2o1B2iMQYD9858JgnthCV++8/olU=
Subject key identifier:   14:FF:E9:91:D9:BB:60:C9:C2:E9:72:83:AF:58:55:A5:D9:F6:7A:0D
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       457311108C1DB849D1FA3255090307816511A599
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130313a3338383a3a2f32392d3239203d3e203432363839.roa
Signing time:             Tue 19 Mar 2024 10:17:00 +0000
ROA not before:           Tue 19 Mar 2024 10:12:00 +0000
ROA not after:            Tue 18 Mar 2025 10:17:00 +0000
asID:                     42689
IP address blocks:        2a01:388::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:73:11:10:8c:1d:b8:49:d1:fa:32:55:09:03:07:81:65:11:a5:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Mar 19 10:12:00 2024 GMT
            Not After : Mar 18 10:17:00 2025 GMT
        Subject: CN=14FFE991D9BB60C9C2E97283AF5855A5D9F67A0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5a:29:34:40:8e:8d:85:90:87:f4:8a:35:6d:
                    4b:f1:1d:89:0a:f0:bb:32:bc:86:b9:52:52:1a:fe:
                    06:60:be:a7:87:6c:f3:dd:0d:15:bd:34:82:6c:08:
                    c7:bd:e9:70:ab:6b:2b:f1:2e:42:ee:af:97:70:7b:
                    14:10:8d:19:fa:b1:cf:a4:a4:51:68:a8:55:e6:b7:
                    13:fe:e4:49:ff:2f:5a:46:6d:87:67:8f:a0:70:46:
                    85:e8:f3:e9:80:d7:e8:4b:73:fe:1c:0d:1b:d7:98:
                    b5:81:be:5e:de:cd:f2:6a:17:ff:4a:df:80:04:1f:
                    8b:ea:5d:06:8f:d5:5c:1b:1b:3a:11:ed:01:a6:8e:
                    57:bc:88:4d:7d:bf:af:08:16:76:e8:48:a8:20:1e:
                    30:37:53:61:52:76:84:3f:98:be:ed:aa:c2:d5:ca:
                    6a:6f:3e:d1:b1:af:1a:42:8f:89:d6:0c:47:46:1a:
                    a1:6d:07:1f:54:ab:59:e2:49:06:c8:7e:9b:37:80:
                    b4:16:6c:be:3a:a2:82:41:85:5c:0e:f7:55:05:fc:
                    60:7e:20:02:4b:da:8a:5b:29:03:01:10:2f:90:0f:
                    e4:41:ef:a4:5a:50:b2:62:dc:6f:d7:ce:c9:02:e0:
                    08:3a:e4:bf:bc:fa:a5:95:b7:b1:29:bc:8f:34:5d:
                    79:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:FF:E9:91:D9:BB:60:C9:C2:E9:72:83:AF:58:55:A5:D9:F6:7A:0D
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130313a3338383a3a2f32392d3239203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:388::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:ba:28:aa:60:f5:cb:c7:38:ce:40:fc:07:d3:0b:b2:25:b2:
         ac:63:e7:62:be:07:4a:b0:1b:53:96:b0:46:5a:fb:ab:63:ab:
         38:0b:c0:f0:5b:9d:36:3f:5f:96:3c:d7:12:40:9f:2e:43:5f:
         01:2c:62:fb:75:ec:8b:c0:31:bc:d0:f8:06:74:18:b5:49:01:
         74:e8:e6:bc:28:90:eb:69:39:f6:93:30:49:84:00:22:f7:16:
         98:63:b8:b7:f0:d5:06:d8:92:da:27:46:dc:68:44:0a:4b:82:
         34:15:ca:ba:53:4d:21:68:5a:6d:f4:2a:12:c7:8f:70:d7:77:
         2e:48:75:31:46:20:88:9b:29:bc:2d:d1:f9:92:0c:7c:09:da:
         00:e9:dc:f4:f1:59:9b:73:bb:cf:66:40:a0:06:e0:cf:ed:fb:
         14:a5:46:8b:fe:af:38:1e:a2:5e:65:c4:43:29:ce:d7:e0:50:
         cf:33:40:f1:1f:b1:b2:33:21:c6:7d:3b:f5:ec:bb:fc:aa:eb:
         ae:6f:3e:4e:78:0d:d4:12:83:0d:6a:77:8b:9c:f3:16:8d:d4:
         0a:ab:94:b0:37:23:cb:32:ea:e5:97:54:c8:69:a8:03:82:7b:
         f3:4d:40:e4:52:d7:32:0c:da:09:b9:4c:25:fe:23:54:df:7b:
         b4:ea:a5:85
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIURXMREIwduEnR+jJVCQMHgWURpZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDAzMTkxMDEyMDBaFw0yNTAzMTgxMDE3MDBaMDMxMTAvBgNV
BAMTKDE0RkZFOTkxRDlCQjYwQzlDMkU5NzI4M0FGNTg1NUE1RDlGNjdBMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsWik0QI6NhZCH9Io1bUvxHYkK
8LsyvIa5UlIa/gZgvqeHbPPdDRW9NIJsCMe96XCrayvxLkLur5dwexQQjRn6sc+k
pFFoqFXmtxP+5En/L1pGbYdnj6BwRoXo8+mA1+hLc/4cDRvXmLWBvl7ezfJqF/9K
34AEH4vqXQaP1VwbGzoR7QGmjle8iE19v68IFnboSKggHjA3U2FSdoQ/mL7tqsLV
ympvPtGxrxpCj4nWDEdGGqFtBx9Uq1niSQbIfps3gLQWbL46ooJBhVwO91UF/GB+
IAJL2opbKQMBEC+QD+RB76RaULJi3G/XzskC4Ag65L+8+qWVt7EpvI80XXm1AgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUFP/pkdm7YMnC6XKDr1hVpdn2eg0wHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzI2MTMwMzEzYTMzMzgzODNh
M2EyZjMyMzkyZDMyMzkyMDNkM2UyMDM0MzIzNjM4Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqAQOI
MA0GCSqGSIb3DQEBCwUAA4IBAQBBuiiqYPXLxzjOQPwH0wuyJbKsY+divgdKsBtT
lrBGWvurY6s4C8DwW502P1+WPNcSQJ8uQ18BLGL7deyLwDG80PgGdBi1SQF06Oa8
KJDraTn2kzBJhAAi9xaYY7i38NUG2JLaJ0bcaEQKS4I0Fcq6U00haFpt9CoSx49w
13cuSHUxRiCImym8LdH5kgx8CdoA6dz08Vmbc7vPZkCgBuDP7fsUpUaL/q84HqJe
ZcRDKc7X4FDPM0DxH7GyMyHGfTv17Lv8quuubz5OeA3UEoMNaneLnPMWjdQKq5Sw
NyPLMurll1TIaagDgnvzTUDkUtcyDNoJuUwl/iNU33u06qWF
-----END CERTIFICATE-----