Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130303a363334303a3a2f33322d3332203d3e203538323939.roa
File:                     326130303a363334303a3a2f33322d3332203d3e203538323939.roa (raw, json)
Hash identifier:          r7Nz5sTQ0srB/YDhKbCNr13tvMGVCwAnxfmWfTPFEmA=
Subject key identifier:   70:34:45:83:93:C6:63:F1:DB:61:6E:E4:6F:BA:B5:ED:66:C5:FE:8E
Certificate issuer:       /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial:       3F47CC043D372EB80D8127FFA223ED693DC35621
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130303a363334303a3a2f33322d3332203d3e203538323939.roa
Signing time:             Wed 04 Jun 2025 21:32:17 +0000
ROA not before:           Wed 04 Jun 2025 21:27:17 +0000
ROA not after:            Wed 03 Jun 2026 21:32:17 +0000
asID:                     58299
IP address blocks:        2a00:6340::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:47:cc:04:3d:37:2e:b8:0d:81:27:ff:a2:23:ed:69:3d:c3:56:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
        Validity
            Not Before: Jun  4 21:27:17 2025 GMT
            Not After : Jun  3 21:32:17 2026 GMT
        Subject: CN=7034458393C663F1DB616EE46FBAB5ED66C5FE8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:17:f5:b2:3b:d9:c9:c4:40:65:e3:35:ee:0c:
                    85:c3:03:59:e2:ea:57:98:0f:c9:54:fc:9b:8b:67:
                    ed:0d:a7:18:53:cb:13:5b:0b:86:8f:e9:bd:af:ac:
                    df:f0:89:dd:2d:4d:41:e9:5b:18:01:c9:13:f2:8d:
                    ea:c4:0b:27:78:1b:21:81:6f:9b:79:de:c3:60:94:
                    36:1a:c9:13:1c:b5:ea:54:16:43:bd:14:90:b1:b1:
                    1a:de:73:c5:49:1e:25:65:e0:37:87:64:88:af:55:
                    b7:47:26:20:47:76:e1:c3:4c:1e:0b:ca:57:d1:fe:
                    79:9d:1f:6d:de:cc:ab:b0:2a:42:0b:cd:2f:39:c7:
                    41:15:6a:5d:f0:84:77:6b:ca:40:63:11:d5:e3:09:
                    99:83:14:a6:95:e8:dc:3e:8e:82:bd:6b:ac:b4:b9:
                    0c:f0:4c:7c:08:14:6c:f1:51:6e:c6:20:56:97:df:
                    0a:fe:a8:bc:56:a8:e3:6f:d5:c4:59:05:10:27:35:
                    ef:e5:0b:53:f3:2b:05:12:a6:cc:c4:67:70:9f:78:
                    e9:81:9b:d0:11:4a:5d:f7:6b:bb:76:9a:4d:07:88:
                    78:b1:47:32:55:29:37:d7:f7:3d:99:96:3a:97:34:
                    53:ec:de:ec:b5:33:4f:c1:25:a2:b1:43:3e:96:4c:
                    cf:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:34:45:83:93:C6:63:F1:DB:61:6E:E4:6F:BA:B5:ED:66:C5:FE:8E
            X509v3 Authority Key Identifier:
                keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130303a363334303a3a2f33322d3332203d3e203538323939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:6340::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:28:3b:fd:e3:14:c6:40:34:87:56:e2:02:12:ad:02:e9:7e:
         0c:1e:f0:f8:be:56:49:ec:f5:b9:5b:7c:52:54:7b:73:5d:21:
         6d:b1:ca:b6:33:c3:1d:c7:67:49:ab:0a:d4:59:de:f1:61:72:
         95:7c:b1:5a:e5:10:56:5d:ea:1d:eb:11:5b:6a:e2:67:dc:63:
         97:26:b0:eb:1c:ca:11:4b:47:84:14:85:e2:61:b8:71:76:c7:
         27:39:4d:5f:c2:8d:52:c0:1c:fa:69:bd:d8:2e:a8:d8:50:a8:
         a2:c9:85:52:b1:ba:eb:9e:aa:d7:99:36:95:a6:ff:cb:0e:b0:
         c9:64:57:89:0d:c5:cc:6a:a7:61:2d:5d:bf:62:e6:29:69:d8:
         56:34:33:3e:55:09:29:45:ca:de:83:22:e7:71:9a:78:7c:a2:
         33:c3:83:8c:79:41:7e:0b:51:f7:8a:f8:24:c5:24:28:4e:08:
         8d:25:3f:c5:8b:53:b2:d8:56:f0:36:57:cf:a8:8a:d2:5a:19:
         8f:8d:c6:4a:5a:93:66:c4:2c:d1:18:c0:88:11:c5:0f:ce:b5:
         be:81:1c:07:16:0c:50:9b:1e:df:0a:83:d3:6a:2f:6c:ff:ef:
         a8:0a:5e:59:f2:b4:a2:4d:aa:44:23:fe:2b:c1:5d:c2:c5:0a:
         91:2e:7d:af
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUP0fMBD03LrgNgSf/oiPtaT3DViEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNTA2MDQyMTI3MTdaFw0yNjA2MDMyMTMyMTdaMDMxMTAvBgNV
BAMTKDcwMzQ0NTgzOTNDNjYzRjFEQjYxNkVFNDZGQkFCNUVENjZDNUZFOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPF/WyO9nJxEBl4zXuDIXDA1ni
6leYD8lU/JuLZ+0NpxhTyxNbC4aP6b2vrN/wid0tTUHpWxgByRPyjerECyd4GyGB
b5t53sNglDYayRMctepUFkO9FJCxsRrec8VJHiVl4DeHZIivVbdHJiBHduHDTB4L
ylfR/nmdH23ezKuwKkILzS85x0EVal3whHdrykBjEdXjCZmDFKaV6Nw+joK9a6y0
uQzwTHwIFGzxUW7GIFaX3wr+qLxWqONv1cRZBRAnNe/lC1PzKwUSpszEZ3CfeOmB
m9ARSl33a7t2mk0HiHixRzJVKTfX9z2ZljqXNFPs3uy1M0/BJaKxQz6WTM//AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUcDRFg5PGY/HbYW7kb7q17WbF/o4wHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUHMAuGgYtyc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMyNjEzMDMwM2EzNjMzMzQz
MDNhM2EyZjMzMzIyZDMzMzIyMDNkM2UyMDM1MzgzMjM5Mzkucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAq
AGNAMA0GCSqGSIb3DQEBCwUAA4IBAQAyKDv94xTGQDSHVuICEq0C6X4MHvD4vlZJ
7PW5W3xSVHtzXSFtscq2M8Mdx2dJqwrUWd7xYXKVfLFa5RBWXeod6xFbauJn3GOX
JrDrHMoRS0eEFIXiYbhxdscnOU1fwo1SwBz6ab3YLqjYUKiiyYVSsbrrnqrXmTaV
pv/LDrDJZFeJDcXMaqdhLV2/YuYpadhWNDM+VQkpRcregyLncZp4fKIzw4OMeUF+
C1H3ivgkxSQoTgiNJT/Fi1Oy2FbwNlfPqIrSWhmPjcZKWpNmxCzRGMCIEcUPzrW+
gRwHFgxQmx7fCoPTai9s/++oCl5Z8rSiTapEI/4rwV3CxQqRLn2v
-----END CERTIFICATE-----