Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a646130303a3a2f33322d3332203d3e203530353830.roa
File:                     326131333a646130303a3a2f33322d3332203d3e203530353830.roa (raw, json)
Hash identifier:          OHKDfo5l5/jEy46ijNWjc2QXFRSDD6WocUfsgvZEdnk=
Subject key identifier:   77:B8:4B:45:D6:73:67:09:58:BF:18:F8:CA:A3:BC:22:D0:67:FC:63
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       72AF9CC0F88A0D2AB8CB2CC7D9EC0EB6B5DCAECC
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a646130303a3a2f33322d3332203d3e203530353830.roa
Signing time:             Mon 10 Mar 2025 18:37:46 +0000
ROA not before:           Mon 10 Mar 2025 18:32:46 +0000
ROA not after:            Mon 09 Mar 2026 18:37:46 +0000
asID:                     50580
IP address blocks:        2a13:da00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 03:24:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:af:9c:c0:f8:8a:0d:2a:b8:cb:2c:c7:d9:ec:0e:b6:b5:dc:ae:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Mar 10 18:32:46 2025 GMT
            Not After : Mar  9 18:37:46 2026 GMT
        Subject: CN=77B84B45D673670958BF18F8CAA3BC22D067FC63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:93:a2:87:b6:d8:1b:a8:71:73:0e:37:a5:2c:
                    7f:6a:3e:0a:5b:e1:b6:e1:64:73:0d:71:30:9f:cd:
                    c3:0f:86:13:c9:ba:d4:56:26:4f:ef:08:e4:28:7a:
                    bf:73:46:c7:23:98:10:6a:5b:82:74:74:b9:4c:71:
                    16:e3:76:07:bb:2d:46:27:c4:c1:c6:45:f9:1f:15:
                    a2:e2:b9:ca:78:c5:47:c5:29:66:97:47:e5:18:da:
                    4d:aa:16:df:ff:31:23:ec:22:ee:37:f9:2c:a3:1e:
                    22:6e:46:55:38:70:0d:a4:b3:64:06:22:40:d7:26:
                    98:39:fd:90:1f:b6:df:5e:71:eb:db:0a:ca:61:1d:
                    a3:8d:ee:e1:9f:2c:0c:eb:43:7a:15:4a:c8:fb:98:
                    38:1d:4e:61:b2:40:8b:fe:86:f5:e4:9b:a6:7f:92:
                    96:a5:79:31:25:88:95:a2:06:70:5a:a2:f7:81:8a:
                    f0:ca:4f:c9:a5:e0:4d:a1:21:19:b5:61:b0:19:d1:
                    e8:84:68:2c:70:23:1b:be:f6:96:12:ce:f2:03:53:
                    4a:cb:f2:4c:a2:e2:96:50:19:db:8a:da:90:ab:c3:
                    09:9f:ca:39:84:ca:8f:71:00:49:be:54:99:3f:61:
                    42:85:59:fb:e5:cf:84:d8:c7:21:b3:d1:0d:8e:4e:
                    6c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:B8:4B:45:D6:73:67:09:58:BF:18:F8:CA:A3:BC:22:D0:67:FC:63
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a646130303a3a2f33322d3332203d3e203530353830.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:da00::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:eb:0b:be:75:3a:27:2e:c4:11:ef:b4:ac:f9:cd:d8:3a:51:
         db:f6:1c:4f:3d:17:76:ab:2f:99:cf:65:1c:2a:81:da:4f:68:
         af:1c:47:9c:c3:43:12:35:00:a0:22:fb:81:6c:e3:28:f0:41:
         70:97:da:15:60:2f:71:b5:8d:a5:ba:91:35:18:f9:21:13:4c:
         91:c1:7b:5b:a8:2a:85:71:72:ef:c2:02:3d:84:38:22:cb:53:
         19:96:5c:0c:8a:97:a3:16:5f:be:53:4e:25:d1:75:ef:4e:6b:
         36:04:0a:71:d7:24:aa:ea:aa:bb:97:9a:99:f2:d0:86:e9:8f:
         f4:4a:51:88:ca:fd:8e:dc:81:5b:47:04:4d:2e:e9:fb:1b:c5:
         fc:ee:68:de:a8:81:c5:0a:d2:1d:5a:ff:1c:17:0b:71:07:46:
         c3:9d:f7:26:f2:4f:17:ce:8c:93:cc:65:5b:76:98:11:0c:84:
         7d:4b:be:c6:c6:51:0c:e2:49:d5:4b:25:4d:e3:aa:d4:37:20:
         94:0a:76:eb:55:fe:23:27:b5:c0:92:45:ff:f0:fd:1a:40:37:
         ad:19:32:d6:9e:67:08:b2:22:67:65:4f:2c:4e:3a:21:9e:7d:
         c3:1c:e5:63:b2:62:8f:c6:8f:cc:42:5a:21:99:31:06:8e:4d:
         6d:8b:73:05
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUcq+cwPiKDSq4yyzH2ewOtrXcrswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNTAzMTAxODMyNDZaFw0yNjAzMDkxODM3NDZaMDMxMTAvBgNV
BAMTKDc3Qjg0QjQ1RDY3MzY3MDk1OEJGMThGOENBQTNCQzIyRDA2N0ZDNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpk6KHttgbqHFzDjelLH9qPgpb
4bbhZHMNcTCfzcMPhhPJutRWJk/vCOQoer9zRscjmBBqW4J0dLlMcRbjdge7LUYn
xMHGRfkfFaLiucp4xUfFKWaXR+UY2k2qFt//MSPsIu43+SyjHiJuRlU4cA2ks2QG
IkDXJpg5/ZAftt9ecevbCsphHaON7uGfLAzrQ3oVSsj7mDgdTmGyQIv+hvXkm6Z/
kpaleTEliJWiBnBaoveBivDKT8ml4E2hIRm1YbAZ0eiEaCxwIxu+9pYSzvIDU0rL
8kyi4pZQGduK2pCrwwmfyjmEyo9xAEm+VJk/YUKFWfvlz4TYxyGz0Q2OTmz5AgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUd7hLRdZzZwlYvxj4yqO8ItBn/GMwHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzI2MTMxMzMzYTY0NjEzMDMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzMDM1MzgzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoT
2gAwDQYJKoZIhvcNAQELBQADggEBAAfrC751OicuxBHvtKz5zdg6Udv2HE89F3ar
L5nPZRwqgdpPaK8cR5zDQxI1AKAi+4Fs4yjwQXCX2hVgL3G1jaW6kTUY+SETTJHB
e1uoKoVxcu/CAj2EOCLLUxmWXAyKl6MWX75TTiXRde9OazYECnHXJKrqqruXmpny
0Ibpj/RKUYjK/Y7cgVtHBE0u6fsbxfzuaN6ogcUK0h1a/xwXC3EHRsOd9ybyTxfO
jJPMZVt2mBEMhH1LvsbGUQziSdVLJU3jqtQ3IJQKdutV/iMntcCSRf/w/RpAN60Z
MtaeZwiyImdlTyxOOiGefcMc5WOyYo/Gj8xCWiGZMQaOTW2LcwU=
-----END CERTIFICATE-----