Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930303a3a2f33322d3332203d3e2035363530.roa
File:                     326131333a623930303a3a2f33322d3332203d3e2035363530.roa (raw, json)
Hash identifier:          O/uOtyjfl4MlQDYp72kf544XXXljSkWM6HF13huBkEM=
Subject key identifier:   E4:2D:79:C0:2C:8C:EC:6D:8F:30:43:AB:08:1D:BD:F8:C9:A3:E6:D9
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       4FC67AC3C815991D78F39F543680CBE31C0BBB5E
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930303a3a2f33322d3332203d3e2035363530.roa
Signing time:             Mon 10 Mar 2025 18:37:40 +0000
ROA not before:           Mon 10 Mar 2025 18:32:40 +0000
ROA not after:            Mon 09 Mar 2026 18:37:40 +0000
asID:                     5650
IP address blocks:        2a13:b900::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 03:24:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:c6:7a:c3:c8:15:99:1d:78:f3:9f:54:36:80:cb:e3:1c:0b:bb:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Mar 10 18:32:40 2025 GMT
            Not After : Mar  9 18:37:40 2026 GMT
        Subject: CN=E42D79C02C8CEC6D8F3043AB081DBDF8C9A3E6D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:76:4e:ee:e0:3d:37:18:24:cc:08:9d:3f:0f:
                    61:80:d5:14:13:cf:74:34:48:71:12:b0:12:44:be:
                    ef:3d:eb:19:f2:05:2c:f5:8b:b5:3c:93:27:03:14:
                    87:75:b7:38:36:c7:f5:51:fd:b7:2a:0c:da:99:9d:
                    de:57:7a:b3:85:39:82:74:06:c5:5f:b1:25:b9:5d:
                    21:81:b0:ae:06:75:5f:64:e1:59:d4:43:c5:57:86:
                    9f:c2:d8:ec:b7:2b:59:05:fc:de:67:5e:f0:b3:01:
                    7f:85:52:75:c2:ff:31:ae:6c:26:a9:65:3a:34:27:
                    c8:1c:3b:36:3f:9f:6a:71:e4:7f:f8:bf:26:c1:47:
                    98:1b:70:f0:e2:93:29:83:cf:3c:76:c0:54:b6:5b:
                    fc:bb:8d:1e:00:b5:c7:ab:b9:67:ce:22:da:79:20:
                    ef:8c:47:39:e1:65:b2:4e:cd:d9:3b:44:dd:9b:1e:
                    b3:4f:53:3e:23:ef:a9:af:12:37:e6:0c:30:c8:42:
                    37:03:83:5c:05:a0:7c:dc:27:bd:e0:7e:c1:be:30:
                    ff:79:12:0e:53:f8:57:62:81:dd:23:86:07:fc:64:
                    93:a6:d8:1b:34:93:8b:1d:95:5d:f2:57:ef:34:c7:
                    41:db:55:46:a2:09:30:f7:a0:31:f0:97:f5:0e:78:
                    8c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:2D:79:C0:2C:8C:EC:6D:8F:30:43:AB:08:1D:BD:F8:C9:A3:E6:D9
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930303a3a2f33322d3332203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b900::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:42:13:33:d6:4d:56:f5:a3:5d:eb:2b:06:b3:89:d4:19:86:
         96:fa:28:64:c1:c2:99:09:dc:d6:1d:3f:ca:b3:2f:27:31:f7:
         2a:b0:40:da:b4:a9:44:7f:f3:94:c8:bf:fb:ee:2d:44:99:c2:
         db:e1:0c:75:af:bf:e8:1d:a0:2f:90:6f:e7:59:4a:79:3e:f4:
         db:4a:bc:1f:72:de:b4:90:7b:1c:42:a2:b9:54:03:6e:a1:bd:
         d9:3c:9f:24:35:d0:11:4a:79:71:51:0b:37:6f:bc:d1:66:9a:
         c6:74:5d:c2:0b:e9:23:1c:74:e0:42:ca:cb:09:1a:b8:0b:ad:
         9e:60:88:61:83:10:91:8a:40:95:84:b6:88:e9:7e:d2:7a:80:
         67:75:dc:37:e1:6f:7d:c6:c2:ed:36:02:65:77:dc:a8:93:63:
         16:54:60:d9:e1:54:07:49:38:aa:f6:b4:65:44:82:fc:30:4d:
         5a:5e:21:4a:8f:6e:2f:10:b7:9a:d4:e6:c4:6e:62:65:8f:b6:
         db:35:27:41:85:d2:cf:55:87:c8:07:30:3e:27:02:17:65:42:
         8d:9d:1a:c7:ee:e2:3e:c6:c9:cf:4d:c6:a1:cd:9f:80:eb:40:
         1a:5f:e4:03:76:77:9e:13:aa:a5:7c:e7:9d:e2:e2:62:31:87:
         01:3f:48:94
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUT8Z6w8gVmR14859UNoDL4xwLu14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNTAzMTAxODMyNDBaFw0yNjAzMDkxODM3NDBaMDMxMTAvBgNV
BAMTKEU0MkQ3OUMwMkM4Q0VDNkQ4RjMwNDNBQjA4MURCREY4QzlBM0U2RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbdk7u4D03GCTMCJ0/D2GA1RQT
z3Q0SHESsBJEvu896xnyBSz1i7U8kycDFId1tzg2x/VR/bcqDNqZnd5XerOFOYJ0
BsVfsSW5XSGBsK4GdV9k4VnUQ8VXhp/C2Oy3K1kF/N5nXvCzAX+FUnXC/zGubCap
ZTo0J8gcOzY/n2px5H/4vybBR5gbcPDikymDzzx2wFS2W/y7jR4AtceruWfOItp5
IO+MRznhZbJOzdk7RN2bHrNPUz4j76mvEjfmDDDIQjcDg1wFoHzcJ73gfsG+MP95
Eg5T+Fdigd0jhgf8ZJOm2Bs0k4sdlV3yV+80x0HbVUaiCTD3oDHwl/UOeIy5AgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQU5C15wCyM7G2PMEOrCB29+Mmj5tkwHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzI2MTMxMzMzYTYyMzkzMDMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzNjM1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqE7kA
MA0GCSqGSIb3DQEBCwUAA4IBAQCkQhMz1k1W9aNd6ysGs4nUGYaW+ihkwcKZCdzW
HT/Ksy8nMfcqsEDatKlEf/OUyL/77i1EmcLb4Qx1r7/oHaAvkG/nWUp5PvTbSrwf
ct60kHscQqK5VANuob3ZPJ8kNdARSnlxUQs3b7zRZprGdF3CC+kjHHTgQsrLCRq4
C62eYIhhgxCRikCVhLaI6X7SeoBnddw34W99xsLtNgJld9yok2MWVGDZ4VQHSTiq
9rRlRIL8ME1aXiFKj24vELea1ObEbmJlj7bbNSdBhdLPVYfIBzA+JwIXZUKNnRrH
7uI+xsnPTcahzZ+A60AaX+QDdneeE6qlfOed4uJiMYcBP0iU
-----END CERTIFICATE-----