Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130643a6163303a3a2f32392d3239203d3e203432363839.roa
File:                     326130643a6163303a3a2f32392d3239203d3e203432363839.roa (raw, json)
Hash identifier:          iWnQiL43OfkpsQJ9d3yXGnIRVou4A9lRmSamb4sTIKM=
Subject key identifier:   E6:5F:2A:0C:26:54:D0:54:7A:0F:AF:27:43:E0:77:9D:2B:B6:C9:66
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       7AB2F8E8E6102974A215499B8D754DC9EF9DBA9C
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130643a6163303a3a2f32392d3239203d3e203432363839.roa
Signing time:             Tue 19 Mar 2024 10:23:30 +0000
ROA not before:           Tue 19 Mar 2024 10:18:30 +0000
ROA not after:            Tue 18 Mar 2025 10:23:30 +0000
asID:                     42689
IP address blocks:        2a0d:ac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 17:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:b2:f8:e8:e6:10:29:74:a2:15:49:9b:8d:75:4d:c9:ef:9d:ba:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Mar 19 10:18:30 2024 GMT
            Not After : Mar 18 10:23:30 2025 GMT
        Subject: CN=E65F2A0C2654D0547A0FAF2743E0779D2BB6C966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:8f:27:01:e2:55:11:7d:84:e2:94:52:14:3b:
                    3a:91:0d:b1:db:4e:d2:e8:77:d2:2c:75:d9:4b:fb:
                    ed:43:f4:ec:1a:7e:e1:2e:3d:80:61:d5:e1:bb:7c:
                    58:3a:6e:e7:3a:76:09:c0:a7:db:38:f6:57:b8:bc:
                    67:44:0c:7c:67:63:18:60:eb:b3:75:2f:f2:c8:08:
                    2c:09:b3:da:ea:f6:1d:3b:bb:31:aa:74:94:5a:4e:
                    db:25:a4:50:f5:9b:b3:9e:53:8a:87:8d:1a:55:26:
                    01:f9:0d:d4:91:99:f6:9f:8a:57:b5:25:0f:e7:53:
                    72:fb:b5:8a:5e:8d:72:dd:30:cf:7c:48:fa:0d:2b:
                    c3:16:c2:75:dd:3b:7f:28:42:e0:7c:d1:8c:4a:01:
                    c8:89:fc:26:2b:9d:65:22:52:00:e4:8b:ad:af:c3:
                    b5:c0:56:67:92:52:a7:95:31:bc:04:d7:19:e1:f9:
                    1b:83:74:bd:74:65:23:0b:db:c6:fd:67:c2:14:39:
                    4d:9d:ee:a9:8e:3b:fc:8e:42:65:e8:5b:67:62:4f:
                    42:9b:31:dd:48:29:de:13:31:54:88:c9:b3:02:84:
                    5e:61:10:6b:12:eb:19:cd:f5:66:25:e8:46:b4:cc:
                    3c:aa:fb:53:fc:0b:45:08:b8:e5:4a:9b:4b:7a:44:
                    ff:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:5F:2A:0C:26:54:D0:54:7A:0F:AF:27:43:E0:77:9D:2B:B6:C9:66
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130643a6163303a3a2f32392d3239203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:40:fc:f0:9d:43:da:ae:55:a8:08:2c:a7:25:0c:22:f6:11:
         55:10:ff:10:8d:43:f8:15:28:06:3c:c0:90:fa:db:4b:c2:ae:
         d2:10:31:33:72:95:cd:98:54:86:f9:66:b6:4c:98:63:41:d4:
         06:5b:d0:a5:19:44:f2:76:43:21:5f:4a:2b:e7:e3:d7:65:1b:
         3b:e1:03:81:88:04:1c:ba:2a:1e:08:a0:d2:5c:df:0e:db:bd:
         94:20:b9:88:8a:39:51:82:e7:2c:f2:cc:7e:77:c0:35:9d:b2:
         c2:ee:a8:72:fd:e1:88:d0:09:ac:6c:c7:71:f0:a1:0c:6f:f6:
         34:d5:00:a3:77:a2:46:39:3a:eb:5d:d4:07:c2:a7:19:64:e1:
         1b:36:0e:ce:63:29:75:75:42:6d:66:0b:45:6b:3d:a4:20:a5:
         cb:d7:18:16:7e:9f:4e:ff:47:82:8a:05:6b:d1:7a:e8:5b:fd:
         d8:c1:7b:45:d9:8f:db:84:69:27:71:36:f1:87:43:e8:99:ba:
         65:cb:ee:be:cc:35:b9:b3:cb:73:7b:eb:2d:81:34:f9:e2:c4:
         d7:9c:ad:a7:81:80:2d:a2:26:2b:f2:f5:ab:8a:16:77:3e:b2:
         1c:8a:2e:81:12:b8:ea:d7:37:ea:a0:ae:1e:2b:54:3b:19:92:
         57:53:e9:46
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUerL46OYQKXSiFUmbjXVNye+dupwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDAzMTkxMDE4MzBaFw0yNTAzMTgxMDIzMzBaMDMxMTAvBgNV
BAMTKEU2NUYyQTBDMjY1NEQwNTQ3QTBGQUYyNzQzRTA3NzlEMkJCNkM5NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcjycB4lURfYTilFIUOzqRDbHb
TtLod9IsddlL++1D9OwafuEuPYBh1eG7fFg6buc6dgnAp9s49le4vGdEDHxnYxhg
67N1L/LICCwJs9rq9h07uzGqdJRaTtslpFD1m7OeU4qHjRpVJgH5DdSRmfafile1
JQ/nU3L7tYpejXLdMM98SPoNK8MWwnXdO38oQuB80YxKAciJ/CYrnWUiUgDki62v
w7XAVmeSUqeVMbwE1xnh+RuDdL10ZSML28b9Z8IUOU2d7qmOO/yOQmXoW2diT0Kb
Md1IKd4TMVSIybMChF5hEGsS6xnN9WYl6Ea0zDyq+1P8C0UIuOVKm0t6RP+LAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQU5l8qDCZU0FR6D68nQ+B3nSu2yWYwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzI2MTMwNjQzYTYxNjMzMDNh
M2EyZjMyMzkyZDMyMzkyMDNkM2UyMDM0MzIzNjM4Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqDQrA
MA0GCSqGSIb3DQEBCwUAA4IBAQBOQPzwnUParlWoCCynJQwi9hFVEP8QjUP4FSgG
PMCQ+ttLwq7SEDEzcpXNmFSG+Wa2TJhjQdQGW9ClGUTydkMhX0or5+PXZRs74QOB
iAQcuioeCKDSXN8O272UILmIijlRgucs8sx+d8A1nbLC7qhy/eGI0AmsbMdx8KEM
b/Y01QCjd6JGOTrrXdQHwqcZZOEbNg7OYyl1dUJtZgtFaz2kIKXL1xgWfp9O/0eC
igVr0XroW/3YwXtF2Y/bhGkncTbxh0Pombply+6+zDW5s8tze+stgTT54sTXnK2n
gYAtoiYr8vWrihZ3PrIcii6BErjq1zfqoK4eK1Q7GZJXU+lG
-----END CERTIFICATE-----