Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130313a3230653a3a2f33322d3332203d3e203431303531.roa
File:                     326130313a3230653a3a2f33322d3332203d3e203431303531.roa (raw, json)
Hash identifier:          dHo42eRURsQRPaktXGGvl5v6FK2mmQ17gzUqGLoOaR0=
Subject key identifier:   1C:58:D1:95:6F:47:7C:9F:A9:80:25:9E:79:B1:B6:F7:CB:6B:88:B6
Certificate issuer:       /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial:       4CCE608255AAE0602D5C13C0159976D1266AA3DE
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130313a3230653a3a2f33322d3332203d3e203431303531.roa
Signing time:             Wed 04 Jun 2025 21:32:14 +0000
ROA not before:           Wed 04 Jun 2025 21:27:14 +0000
ROA not after:            Wed 03 Jun 2026 21:32:14 +0000
asID:                     41051
IP address blocks:        2a01:20e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 01:40:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:ce:60:82:55:aa:e0:60:2d:5c:13:c0:15:99:76:d1:26:6a:a3:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
        Validity
            Not Before: Jun  4 21:27:14 2025 GMT
            Not After : Jun  3 21:32:14 2026 GMT
        Subject: CN=1C58D1956F477C9FA980259E79B1B6F7CB6B88B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a1:c9:e3:41:7d:dc:14:6a:e8:6c:08:5e:65:
                    29:cc:ae:2f:8e:c6:86:5b:56:6f:ab:d4:67:df:79:
                    86:7d:69:c5:e4:5b:4b:33:a6:59:c5:b3:e4:a6:e4:
                    39:5b:2d:d1:d5:c1:c8:8b:28:3e:5f:9a:39:f4:4f:
                    4c:99:40:38:ae:85:8f:81:75:ad:60:95:49:e6:cc:
                    41:e2:d4:37:fc:d7:8b:7e:cf:c0:b8:f7:70:df:5f:
                    1b:5f:6e:e6:50:75:e4:bc:fe:e3:5a:d9:03:4f:57:
                    55:1c:85:ab:d3:63:04:9d:eb:94:0d:b0:cf:ac:41:
                    cd:46:cc:5a:e7:3c:a2:96:f9:a4:2c:1f:ea:06:96:
                    c5:86:00:19:d2:c1:bb:f3:11:30:08:0d:98:c5:53:
                    58:03:47:1c:63:fa:5c:e3:ab:c8:ba:a8:74:bf:08:
                    17:86:bf:0b:e9:c8:03:3a:1c:65:bb:e4:7e:b8:7f:
                    4d:1a:cf:67:36:72:40:fc:ba:25:e7:ac:41:d5:e1:
                    05:fa:e9:f6:69:55:f4:2a:44:44:bb:88:79:00:76:
                    91:05:5f:91:13:4b:7a:e6:2b:0b:14:c3:f0:b5:6e:
                    87:00:e4:b0:2a:5b:97:c9:9f:1d:ed:50:39:6c:df:
                    54:c1:03:12:60:76:38:dd:09:61:8a:4b:c5:35:b2:
                    16:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:58:D1:95:6F:47:7C:9F:A9:80:25:9E:79:B1:B6:F7:CB:6B:88:B6
            X509v3 Authority Key Identifier:
                keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130313a3230653a3a2f33322d3332203d3e203431303531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:20e::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:71:fa:15:3d:74:cd:12:9f:19:16:45:c3:0d:88:6c:12:95:
         fe:3b:12:56:b9:00:4d:7b:9d:58:72:86:4b:75:69:e3:1f:cf:
         60:d6:7a:31:15:2e:b8:58:a8:33:09:77:a6:4a:3b:1a:d0:53:
         36:64:9b:1f:05:e1:54:d9:3a:31:db:f0:92:51:ab:9e:be:25:
         41:3d:9f:87:97:dd:55:91:29:db:4f:5e:80:54:a7:a1:89:41:
         6b:3a:ca:2c:9b:68:22:c9:5c:a9:23:14:27:31:a4:56:b4:f2:
         a6:89:08:9a:27:0b:78:b2:60:36:95:31:d8:c4:82:2b:13:c1:
         a6:46:01:44:43:0c:6b:8f:f3:72:75:79:35:b2:74:4c:b6:97:
         36:52:5e:77:85:10:5a:c0:70:29:5a:d2:9a:83:2c:77:d9:2d:
         cc:3c:90:39:b2:6e:ee:41:6c:99:ae:39:13:c5:de:bd:b6:7e:
         df:e6:2a:7f:c7:56:96:e0:12:40:66:5d:fc:3d:bd:79:18:73:
         a3:7a:58:b1:2f:11:12:81:30:b8:c0:21:d1:94:4d:00:75:d8:
         94:17:a1:c2:bb:c9:0f:61:6d:43:90:b1:5f:8d:31:7b:43:47:
         ff:ed:f3:af:54:08:df:0e:53:c7:3f:17:c8:38:18:76:66:74:
         b4:ac:75:65
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTM5gglWq4GAtXBPAFZl20SZqo94wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNTA2MDQyMTI3MTRaFw0yNjA2MDMyMTMyMTRaMDMxMTAvBgNV
BAMTKDFDNThEMTk1NkY0NzdDOUZBOTgwMjU5RTc5QjFCNkY3Q0I2Qjg4QjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsocnjQX3cFGrobAheZSnMri+O
xoZbVm+r1GffeYZ9acXkW0szplnFs+Sm5DlbLdHVwciLKD5fmjn0T0yZQDiuhY+B
da1glUnmzEHi1Df814t+z8C493DfXxtfbuZQdeS8/uNa2QNPV1UchavTYwSd65QN
sM+sQc1GzFrnPKKW+aQsH+oGlsWGABnSwbvzETAIDZjFU1gDRxxj+lzjq8i6qHS/
CBeGvwvpyAM6HGW75H64f00az2c2ckD8uiXnrEHV4QX66fZpVfQqRES7iHkAdpEF
X5ETS3rmKwsUw/C1bocA5LAqW5fJnx3tUDls31TBAxJgdjjdCWGKS8U1shaXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHFjRlW9HfJ+pgCWeebG298triLYwHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIGpBggrBgEFBQcBCwSBnDCBmTCBlgYIKwYBBQUHMAuGgYlyc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMyNjEzMDMxM2EzMjMwNjUz
YTNhMmYzMzMyMmQzMzMyMjAzZDNlMjAzNDMxMzAzNTMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgEC
DjANBgkqhkiG9w0BAQsFAAOCAQEAQ3H6FT10zRKfGRZFww2IbBKV/jsSVrkATXud
WHKGS3Vp4x/PYNZ6MRUuuFioMwl3pko7GtBTNmSbHwXhVNk6MdvwklGrnr4lQT2f
h5fdVZEp209egFSnoYlBazrKLJtoIslcqSMUJzGkVrTypokImicLeLJgNpUx2MSC
KxPBpkYBREMMa4/zcnV5NbJ0TLaXNlJed4UQWsBwKVrSmoMsd9ktzDyQObJu7kFs
ma45E8XevbZ+3+Yqf8dWluASQGZd/D29eRhzo3pYsS8REoEwuMAh0ZRNAHXYlBeh
wrvJD2FtQ5CxX40xe0NH/+3zr1QI3w5Txz8XyDgYdmZ0tKx1ZQ==
-----END CERTIFICATE-----