Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/323030313a346365383a3a2f32392d3239203d3e203539373136.roa
File:                     323030313a346365383a3a2f32392d3239203d3e203539373136.roa (raw, json)
Hash identifier:          CgDSfpo0IftLrA7o4eNAILZADKAHzaR3sZbqAdusdP4=
Subject key identifier:   1B:D1:ED:85:E7:4D:96:20:D4:75:B2:89:42:E6:39:40:91:8F:E8:CA
Certificate issuer:       /CN=78d65d4a22df705beed7b3432fbe48a356597724
Certificate serial:       06A32A6AD00546AFEA846F9325EC3C85C49A3FD8
Authority key identifier: 78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/323030313a346365383a3a2f32392d3239203d3e203539373136.roa
Signing time:             Fri 29 Aug 2025 08:14:02 +0000
ROA not before:           Fri 29 Aug 2025 08:09:02 +0000
ROA not after:            Fri 28 Aug 2026 08:14:02 +0000
asID:                     59716
IP address blocks:        2001:4ce8::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:a3:2a:6a:d0:05:46:af:ea:84:6f:93:25:ec:3c:85:c4:9a:3f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d65d4a22df705beed7b3432fbe48a356597724
        Validity
            Not Before: Aug 29 08:09:02 2025 GMT
            Not After : Aug 28 08:14:02 2026 GMT
        Subject: CN=1BD1ED85E74D9620D475B28942E63940918FE8CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:56:90:b2:d0:14:62:3a:1b:95:6a:da:40:71:
                    24:0c:00:be:38:1c:83:4f:7e:5b:79:43:50:30:78:
                    ee:c3:ac:11:c7:1f:07:f3:7c:16:af:c9:23:fc:4a:
                    ee:24:e9:9a:3c:95:b7:08:b3:39:ad:6d:c0:af:40:
                    ff:d5:f1:17:6b:7f:6b:cb:3e:13:6f:40:34:03:af:
                    3f:41:12:6c:3d:56:af:69:b4:3f:1a:61:0b:45:ca:
                    96:3c:09:c5:5e:c7:47:80:63:97:e5:02:09:2c:c0:
                    1c:90:79:99:9d:9d:47:41:35:dd:f6:89:71:72:e2:
                    a7:d7:64:90:90:2e:28:43:0f:2c:32:91:45:4a:86:
                    30:02:b7:0a:ea:ed:b2:91:e6:51:e7:d7:2d:a4:cb:
                    10:ec:83:89:1d:3f:be:f7:35:f8:27:36:40:e4:f6:
                    84:48:9c:5d:aa:b9:df:8e:61:aa:94:7b:d7:23:20:
                    6a:d4:86:86:2d:cc:bc:a8:2d:6f:d5:31:7e:0f:8d:
                    e9:61:bc:1f:37:87:e5:05:6e:79:d1:7c:f8:12:63:
                    45:45:94:c1:1a:ac:f8:ba:3b:1b:51:bb:45:ef:da:
                    3e:78:29:30:fe:54:87:38:7e:eb:fa:bd:0e:1e:6b:
                    47:45:c2:1b:6b:14:cd:6f:fe:a0:5f:75:21:0f:77:
                    3f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D1:ED:85:E7:4D:96:20:D4:75:B2:89:42:E6:39:40:91:8F:E8:CA
            X509v3 Authority Key Identifier:
                keyid:78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/323030313a346365383a3a2f32392d3239203d3e203539373136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4ce8::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:fc:d8:1f:ce:76:91:56:b3:af:72:e3:ef:13:2d:38:54:25:
         28:21:87:00:ba:b1:6f:de:91:23:8d:4f:9e:36:22:54:61:8a:
         2d:27:e8:6a:73:a2:98:18:af:62:fc:06:cf:34:77:c4:67:6e:
         b3:4d:d6:45:49:f3:87:f2:3c:22:5e:4e:e2:87:28:34:49:31:
         0b:14:1c:e4:1a:76:04:05:37:86:e7:ed:43:01:cd:c4:f8:5c:
         57:80:49:22:dc:7b:1f:72:37:a0:1b:bc:15:77:f2:9a:30:d6:
         9a:28:3f:27:d3:a2:c0:fa:39:95:87:cf:f2:f5:ee:af:c4:8c:
         51:c1:8a:88:1f:12:70:da:06:17:38:9e:87:b2:38:c8:b9:c8:
         d8:84:cf:de:77:6a:48:5c:a8:1f:9d:6e:67:18:21:f3:85:be:
         46:3b:dc:54:6a:39:ed:05:ca:f0:0d:0f:8c:b4:49:e0:0d:13:
         59:36:ac:db:e0:45:16:58:e9:f2:16:b6:f5:ac:2f:50:0e:53:
         bb:19:de:18:95:40:d7:42:43:df:5c:b7:16:e7:23:3c:0f:47:
         12:87:52:6e:a4:1d:9f:39:bf:3c:30:b3:7c:a5:e9:3f:41:ce:
         82:b2:a7:11:cf:09:c9:22:8a:d9:6f:30:0a:d1:ce:61:37:77:
         9e:3f:21:7a
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUBqMqatAFRq/qhG+TJew8hcSaP9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzhkNjVkNGEyMmRmNzA1YmVlZDdiMzQzMmZiZTQ4YTM1
NjU5NzcyNDAeFw0yNTA4MjkwODA5MDJaFw0yNjA4MjgwODE0MDJaMDMxMTAvBgNV
BAMTKDFCRDFFRDg1RTc0RDk2MjBENDc1QjI4OTQyRTYzOTQwOTE4RkU4Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVpCy0BRiOhuVatpAcSQMAL44
HINPflt5Q1AweO7DrBHHHwfzfBavySP8Su4k6Zo8lbcIszmtbcCvQP/V8Rdrf2vL
PhNvQDQDrz9BEmw9Vq9ptD8aYQtFypY8CcVex0eAY5flAgkswByQeZmdnUdBNd32
iXFy4qfXZJCQLihDDywykUVKhjACtwrq7bKR5lHn1y2kyxDsg4kdP773NfgnNkDk
9oRInF2qud+OYaqUe9cjIGrUhoYtzLyoLW/VMX4PjelhvB83h+UFbnnRfPgSY0VF
lMEarPi6OxtRu0Xv2j54KTD+VIc4fuv6vQ4ea0dFwhtrFM1v/qBfdSEPdz/1AgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUG9HthedNliDUdbKJQuY5QJGP6MowHwYDVR0j
BBgwFoAUeNZdSiLfcFvu17NDL75Io1ZZdyQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNWFkMTUtYWYwYi00NWNkLWI4ODMtMWEwNThmYTBl
YmExLzAvNzhENjVENEEyMkRGNzA1QkVFRDdCMzQzMkZCRTQ4QTM1NjU5NzcyNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VOWmRTaUxmY0Z2dTE3TkRMNzVJbzFa
WmR5US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODkyNWFkMTUt
YWYwYi00NWNkLWI4ODMtMWEwNThmYTBlYmExLzAvMzIzMDMwMzEzYTM0NjM2NTM4
M2EzYTJmMzIzOTJkMzIzOTIwM2QzZTIwMzUzOTM3MzEzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyAB
TOgwDQYJKoZIhvcNAQELBQADggEBABn82B/OdpFWs69y4+8TLThUJSghhwC6sW/e
kSONT542IlRhii0n6GpzopgYr2L8Bs80d8RnbrNN1kVJ84fyPCJeTuKHKDRJMQsU
HOQadgQFN4bn7UMBzcT4XFeASSLcex9yN6AbvBV38pow1pooPyfTosD6OZWHz/L1
7q/EjFHBiogfEnDaBhc4noeyOMi5yNiEz953akhcqB+dbmcYIfOFvkY73FRqOe0F
yvAND4y0SeANE1k2rNvgRRZY6fIWtvWsL1AOU7sZ3hiVQNdCQ99ctxbnIzwPRxKH
Um6kHZ85vzwws3yl6T9BzoKypxHPCckiitlvMArRzmE3d54/IXo=
-----END CERTIFICATE-----