Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930343a3a2f33322d3332203d3e2035363530.roa
File:                     326131333a623930343a3a2f33322d3332203d3e2035363530.roa (raw, json)
Hash identifier:          NxII85muRlkPy6Ue9rBPty6Qe2NOTHZ5aybygZpMWdo=
Subject key identifier:   86:BB:1F:14:31:FD:EE:72:9B:C5:47:37:30:79:6C:F2:0B:40:DB:9B
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       2F461873B61537BE8314A4AF4FEC51AE67A1DCFB
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930343a3a2f33322d3332203d3e2035363530.roa
Signing time:             Mon 10 Mar 2025 18:37:45 +0000
ROA not before:           Mon 10 Mar 2025 18:32:45 +0000
ROA not after:            Mon 09 Mar 2026 18:37:45 +0000
asID:                     5650
IP address blocks:        2a13:b904::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 03:24:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:46:18:73:b6:15:37:be:83:14:a4:af:4f:ec:51:ae:67:a1:dc:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Mar 10 18:32:45 2025 GMT
            Not After : Mar  9 18:37:45 2026 GMT
        Subject: CN=86BB1F1431FDEE729BC5473730796CF20B40DB9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0c:95:28:d1:cc:3e:cb:97:d6:a6:c6:c7:c6:
                    4e:8a:a9:a3:7b:8f:52:c9:84:7b:b2:d5:f7:06:bd:
                    7f:b7:42:55:64:09:db:b1:93:2f:13:72:54:a4:4e:
                    88:95:2c:2c:ce:43:29:6c:21:62:b6:77:87:89:76:
                    33:fe:0a:ab:35:66:9c:aa:94:23:92:bf:7c:16:47:
                    09:b2:5d:f0:cb:9a:65:2d:19:b5:a5:a2:bd:25:44:
                    2e:e9:55:e8:06:2c:ef:30:cc:e0:91:4c:dc:17:36:
                    8a:1f:0b:e6:61:6e:89:4d:ab:26:df:1f:cf:41:96:
                    b2:0e:f8:f0:94:0e:dc:cb:e2:61:60:4d:29:82:40:
                    44:2b:fb:a0:14:c3:71:e1:09:42:6a:7c:d6:5c:64:
                    e1:b4:81:7a:cb:8c:88:a8:62:6a:30:ce:ef:9d:0a:
                    77:19:f9:1e:a6:de:6c:ab:18:7f:35:a8:81:1a:d9:
                    ee:f1:f3:f0:ed:d8:0a:28:5f:5d:55:3b:0d:ab:cc:
                    34:c8:0b:d8:cc:53:c2:8c:aa:7b:14:8a:10:d2:e0:
                    69:74:06:4b:20:b6:42:62:7a:7e:6c:34:58:55:4c:
                    da:4c:fe:53:6a:fa:2d:ec:3b:09:24:78:7a:23:3e:
                    ea:44:fe:fa:c7:e8:54:88:27:8c:13:b9:cb:e0:89:
                    fe:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BB:1F:14:31:FD:EE:72:9B:C5:47:37:30:79:6C:F2:0B:40:DB:9B
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930343a3a2f33322d3332203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b904::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:33:6f:f8:22:35:49:7c:9d:fd:4a:50:66:5f:04:3a:c7:56:
         60:2b:43:11:70:91:cd:af:1e:7d:ae:35:91:5d:5b:ae:63:f5:
         73:71:d0:3a:de:84:37:3e:48:1a:2d:21:d8:7e:d1:0b:76:0a:
         94:f4:a7:da:c7:bd:60:82:45:6a:84:3a:f6:c1:1f:e0:9c:e4:
         ba:6e:8d:96:37:f5:a5:ca:50:e6:d1:e7:e9:97:34:6a:cc:41:
         1e:64:df:5d:84:f1:64:1e:e2:e0:01:19:ba:c5:12:cf:87:c2:
         49:2e:44:5a:16:32:d6:a4:6e:a6:12:45:3a:cc:89:e4:1d:2a:
         95:16:d3:53:ad:f7:fa:cb:f2:15:63:bb:c0:3f:47:c1:34:fa:
         d0:0b:57:a3:de:fe:6f:65:9c:1d:89:b9:4c:1c:04:eb:2e:83:
         e5:78:bd:2c:d0:f4:ca:ea:9a:ee:7d:61:73:eb:1f:30:d3:57:
         e0:3b:50:bb:13:6c:08:8f:e3:9b:1b:03:61:25:14:1b:e9:38:
         d1:45:30:23:4b:c4:f9:04:c3:25:6e:6d:f6:43:a5:e8:72:42:
         50:20:f7:bc:cf:9b:79:63:73:ca:e4:37:4d:f7:9e:b8:c5:c2:
         b7:28:bf:2e:fb:2d:73:d2:d1:ec:34:79:5b:3a:a8:00:67:d7:
         5b:cd:76:63
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUL0YYc7YVN76DFKSvT+xRrmeh3PswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNTAzMTAxODMyNDVaFw0yNjAzMDkxODM3NDVaMDMxMTAvBgNV
BAMTKDg2QkIxRjE0MzFGREVFNzI5QkM1NDczNzMwNzk2Q0YyMEI0MERCOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDJUo0cw+y5fWpsbHxk6KqaN7
j1LJhHuy1fcGvX+3QlVkCduxky8TclSkToiVLCzOQylsIWK2d4eJdjP+Cqs1Zpyq
lCOSv3wWRwmyXfDLmmUtGbWlor0lRC7pVegGLO8wzOCRTNwXNoofC+ZhbolNqybf
H89BlrIO+PCUDtzL4mFgTSmCQEQr+6AUw3HhCUJqfNZcZOG0gXrLjIioYmowzu+d
CncZ+R6m3myrGH81qIEa2e7x8/Dt2AooX11VOw2rzDTIC9jMU8KMqnsUihDS4Gl0
BksgtkJien5sNFhVTNpM/lNq+i3sOwkkeHojPupE/vrH6FSIJ4wTucvgif75AgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUhrsfFDH97nKbxUc3MHls8gtA25swHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzI2MTMxMzMzYTYyMzkzMDM0
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzNjM1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqE7kE
MA0GCSqGSIb3DQEBCwUAA4IBAQADM2/4IjVJfJ39SlBmXwQ6x1ZgK0MRcJHNrx59
rjWRXVuuY/VzcdA63oQ3PkgaLSHYftELdgqU9Kfax71ggkVqhDr2wR/gnOS6bo2W
N/WlylDm0efplzRqzEEeZN9dhPFkHuLgARm6xRLPh8JJLkRaFjLWpG6mEkU6zInk
HSqVFtNTrff6y/IVY7vAP0fBNPrQC1ej3v5vZZwdiblMHATrLoPleL0s0PTK6pru
fWFz6x8w01fgO1C7E2wIj+ObGwNhJRQb6TjRRTAjS8T5BMMlbm32Q6XockJQIPe8
z5t5Y3PK5DdN9564xcK3KL8u+y1z0tHsNHlbOqgAZ9dbzXZj
-----END CERTIFICATE-----