Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/326130623a346530343a3a2f33322d3438203d3e203236393534.roa
File:                     326130623a346530343a3a2f33322d3438203d3e203236393534.roa (raw, json)
Hash identifier:          LizvwJL2nprToghg5qQqGpfO97UmahWuyDJ1ZaaEJS0=
Subject key identifier:   17:38:B7:83:48:19:3E:8A:A2:91:B3:D5:2D:8B:23:79:DE:70:57:30
Certificate issuer:       /CN=42e508fba8960f48071b119accbf57bdbf3a8057
Certificate serial:       5BECA35EABC7ABDA9D6CCB5253294AAFD5FF55F3
Authority key identifier: 42:E5:08:FB:A8:96:0F:48:07:1B:11:9A:CC:BF:57:BD:BF:3A:80:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QuUI-6iWD0gHGxGazL9Xvb86gFc.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/326130623a346530343a3a2f33322d3438203d3e203236393534.roa
Signing time:             Thu 31 Oct 2024 15:38:42 +0000
ROA not before:           Thu 31 Oct 2024 15:33:42 +0000
ROA not after:            Thu 30 Oct 2025 15:38:42 +0000
asID:                     26954
IP address blocks:        2a0b:4e04::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QuUI-6iWD0gHGxGazL9Xvb86gFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:ec:a3:5e:ab:c7:ab:da:9d:6c:cb:52:53:29:4a:af:d5:ff:55:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42e508fba8960f48071b119accbf57bdbf3a8057
        Validity
            Not Before: Oct 31 15:33:42 2024 GMT
            Not After : Oct 30 15:38:42 2025 GMT
        Subject: CN=1738B78348193E8AA291B3D52D8B2379DE705730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:24:4f:df:a7:0f:7d:62:de:37:53:cb:94:0d:
                    26:15:10:73:c0:b7:1e:75:7a:76:13:a1:f1:7f:0d:
                    cd:b1:d1:6c:b3:0c:ee:0c:35:d0:7f:dc:70:92:94:
                    9f:f6:7c:92:5a:f2:13:c2:b2:0e:8d:df:ec:bc:59:
                    f1:c5:37:9c:0d:76:1e:c9:34:05:51:1d:18:2a:63:
                    eb:6f:e2:be:96:b9:d2:0b:65:65:63:2a:89:eb:d9:
                    b1:28:55:8c:92:0d:e0:e3:c6:00:19:fa:17:16:ce:
                    bd:b1:65:f1:3e:ab:c8:bd:f2:a8:f3:64:a1:b2:57:
                    4d:52:ca:3a:91:bd:d4:e8:ce:61:e4:08:46:1b:b2:
                    90:12:2d:52:68:ad:77:79:ca:0b:c4:6c:f1:34:12:
                    8e:4d:2b:ab:93:c1:72:85:11:61:7d:72:d4:a2:5a:
                    ea:08:c2:a5:41:b2:c6:31:aa:1a:8e:d7:29:54:bd:
                    b4:31:bd:21:42:7f:81:30:e5:46:a9:e9:23:f6:35:
                    5c:b1:84:4c:29:4c:df:11:93:de:6d:e1:6a:b9:89:
                    5a:82:61:5a:62:fa:34:b4:05:d7:44:dc:de:02:a7:
                    72:10:18:30:74:fa:bd:1b:0b:87:75:cb:1e:1a:55:
                    d3:5d:a8:61:cc:36:70:e7:0b:37:2a:23:47:11:34:
                    4f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:38:B7:83:48:19:3E:8A:A2:91:B3:D5:2D:8B:23:79:DE:70:57:30
            X509v3 Authority Key Identifier:
                keyid:42:E5:08:FB:A8:96:0F:48:07:1B:11:9A:CC:BF:57:BD:BF:3A:80:57

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/42E508FBA8960F48071B119ACCBF57BDBF3A8057.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QuUI-6iWD0gHGxGazL9Xvb86gFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/326130623a346530343a3a2f33322d3438203d3e203236393534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4e04::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:16:ff:d6:cb:34:11:65:61:ee:5d:01:fd:ad:b7:56:d0:5a:
         22:e5:dc:af:95:d9:a5:9f:32:54:e3:74:ff:d6:39:84:34:41:
         5d:51:98:32:51:bb:fe:de:53:f8:8f:3e:00:bd:e7:a9:2e:d4:
         22:17:34:33:8a:ea:81:1d:41:41:ea:11:c6:f9:d5:51:10:35:
         59:ef:3c:23:e5:ba:6d:1c:6b:cd:55:58:a6:72:d8:a2:0c:58:
         a0:bb:15:30:ea:bf:0c:c9:49:4d:e2:8f:8a:04:b5:aa:c4:c4:
         1b:88:e0:18:d2:68:aa:a2:6a:3a:2f:10:75:19:19:c5:b5:d6:
         b4:e7:54:8c:bd:c7:4e:d3:43:08:45:4d:48:36:3f:3b:0d:ee:
         eb:ef:d4:fe:06:ec:88:8b:2f:22:6c:dd:49:9f:48:82:ea:8d:
         d8:95:88:3c:b2:d7:20:91:10:ce:90:65:de:61:85:ec:f4:f0:
         d0:76:cd:2d:08:83:e2:e3:78:98:5a:31:6e:ad:b0:bc:1d:52:
         bd:2c:1f:50:bd:d8:6c:6a:17:97:90:e8:9d:58:ac:5e:bc:16:
         e0:56:ec:9b:97:8e:00:af:7f:f1:79:3c:7a:94:c3:24:de:7a:
         24:c0:a7:10:fb:3a:ef:37:e7:ae:04:61:d9:b7:58:03:df:b4:
         05:62:4c:fa
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUW+yjXqvHq9qdbMtSUylKr9X/VfMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDJlNTA4ZmJhODk2MGY0ODA3MWIxMTlhY2NiZjU3YmRi
ZjNhODA1NzAeFw0yNDEwMzExNTMzNDJaFw0yNTEwMzAxNTM4NDJaMDMxMTAvBgNV
BAMTKDE3MzhCNzgzNDgxOTNFOEFBMjkxQjNENTJEOEIyMzc5REU3MDU3MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbJE/fpw99Yt43U8uUDSYVEHPA
tx51enYTofF/Dc2x0WyzDO4MNdB/3HCSlJ/2fJJa8hPCsg6N3+y8WfHFN5wNdh7J
NAVRHRgqY+tv4r6WudILZWVjKonr2bEoVYySDeDjxgAZ+hcWzr2xZfE+q8i98qjz
ZKGyV01SyjqRvdTozmHkCEYbspASLVJorXd5ygvEbPE0Eo5NK6uTwXKFEWF9ctSi
WuoIwqVBssYxqhqO1ylUvbQxvSFCf4Ew5Uap6SP2NVyxhEwpTN8Rk95t4Wq5iVqC
YVpi+jS0BddE3N4Cp3IQGDB0+r0bC4d1yx4aVdNdqGHMNnDnCzcqI0cRNE8bAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUFzi3g0gZPoqikbPVLYsjed5wVzAwHwYDVR0j
BBgwFoAUQuUI+6iWD0gHGxGazL9Xvb86gFcwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzNiOGVjMDEtOGJhNS00NzlmLWEyMjktMGFiNzBlNDgx
NWJiLzAvNDJFNTA4RkJBODk2MEY0ODA3MUIxMTlBQ0NCRjU3QkRCRjNBODA1Ny5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1F1VUktNmlXRDBnSEd4R2F6TDlYdmI4
NmdGYy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNzNiOGVjMDEt
OGJhNS00NzlmLWEyMjktMGFiNzBlNDgxNWJiLzAvMzI2MTMwNjIzYTM0NjUzMDM0
M2EzYTJmMzMzMjJkMzQzODIwM2QzZTIwMzIzNjM5MzUzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoL
TgQwDQYJKoZIhvcNAQELBQADggEBABUW/9bLNBFlYe5dAf2tt1bQWiLl3K+V2aWf
MlTjdP/WOYQ0QV1RmDJRu/7eU/iPPgC956ku1CIXNDOK6oEdQUHqEcb51VEQNVnv
PCPlum0ca81VWKZy2KIMWKC7FTDqvwzJSU3ij4oEtarExBuI4BjSaKqiajovEHUZ
GcW11rTnVIy9x07TQwhFTUg2PzsN7uvv1P4G7IiLLyJs3UmfSILqjdiViDyy1yCR
EM6QZd5hhez08NB2zS0Ig+LjeJhaMW6tsLwdUr0sH1C92GxqF5eQ6J1YrF68FuBW
7JuXjgCvf/F5PHqUwyTeeiTApxD7Ou83564EYdm3WAPftAViTPo=
-----END CERTIFICATE-----