Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/326131343a373538343a3a2f33322d3438203d3e2030.roa
File:                     326131343a373538343a3a2f33322d3438203d3e2030.roa (raw, json)
Hash identifier:          HC5kDjVMrwXXN3g1iTf/AQWuBATDhC7av//SMk1mPlY=
Subject key identifier:   2C:08:CE:01:67:0E:E3:EC:70:CA:64:4E:63:DF:A8:17:7D:A1:90:D0
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       62767E9C5DBC99FE7C893C7F3D8CDD92549D3262
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/326131343a373538343a3a2f33322d3438203d3e2030.roa
Signing time:             Sun 20 Oct 2024 01:16:47 +0000
ROA not before:           Sun 20 Oct 2024 01:11:47 +0000
ROA not after:            Sun 19 Oct 2025 01:16:47 +0000
asID:                     0
IP address blocks:        2a14:7584::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:76:7e:9c:5d:bc:99:fe:7c:89:3c:7f:3d:8c:dd:92:54:9d:32:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Oct 20 01:11:47 2024 GMT
            Not After : Oct 19 01:16:47 2025 GMT
        Subject: CN=2C08CE01670EE3EC70CA644E63DFA8177DA190D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:72:f1:8e:01:8f:4e:d2:b7:e2:79:f9:de:3e:
                    ad:ec:0b:bf:4d:96:70:bb:00:fb:31:92:6d:d0:a3:
                    18:93:22:8d:d4:9f:a3:15:ab:bd:41:8a:3f:4b:6b:
                    6b:79:8f:64:f8:0c:50:ff:9f:4f:fa:77:6f:b9:cd:
                    40:69:cb:35:6f:79:db:e5:1d:2f:3f:99:28:e7:2a:
                    b4:cc:6b:6a:1d:25:20:8a:ce:de:c8:49:d3:2e:1d:
                    13:2a:41:f3:54:98:2d:d5:d9:bf:9a:25:7f:7f:4d:
                    17:8c:f2:53:a7:ba:74:49:58:14:1b:c9:03:35:fe:
                    54:ce:f5:9a:c5:70:3a:d2:fb:c5:7a:11:24:b2:1f:
                    8e:0b:71:b1:2c:54:dc:f1:4e:cd:07:e2:10:67:a9:
                    bd:1b:1b:39:8d:45:7c:5d:3e:b4:05:e1:82:a9:fc:
                    38:83:3e:65:ef:1e:14:7b:88:77:03:af:09:8a:9c:
                    ff:6c:2b:c6:09:9b:54:0c:da:ce:20:32:71:32:a0:
                    48:dc:af:13:83:2a:62:5b:17:bb:5d:29:01:8a:a0:
                    b0:fe:37:88:38:76:a9:2c:d8:fd:8b:9a:3b:cb:0c:
                    0a:ad:5d:75:fd:2f:ad:e1:a4:08:8c:a2:29:83:c8:
                    95:61:11:02:44:d9:1a:ce:05:4f:21:8d:1d:43:eb:
                    ca:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:08:CE:01:67:0E:E3:EC:70:CA:64:4E:63:DF:A8:17:7D:A1:90:D0
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/326131343a373538343a3a2f33322d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:da:1b:ed:6f:84:cd:5c:59:43:e5:ca:04:53:63:1c:d3:3c:
         06:06:33:0a:af:45:fc:74:a2:93:bb:ad:5a:12:7b:dc:a0:36:
         99:35:83:8b:09:69:4c:a2:a0:37:32:70:d2:b6:30:ce:32:08:
         0b:87:72:b6:b8:2f:82:af:14:4d:7d:0c:28:55:46:27:c3:a0:
         72:3d:9d:ee:dc:04:29:fd:5a:21:f3:b9:97:4f:60:6d:b9:a9:
         5a:26:6b:06:4d:5d:4c:de:e4:52:35:42:eb:35:bd:e6:f0:96:
         47:dd:7a:76:24:ee:8a:ac:58:6e:45:22:b8:cc:e2:8d:c3:42:
         f6:06:3f:b4:08:19:5d:f6:7d:41:24:7c:31:e0:1f:c7:d5:9c:
         dd:ad:30:02:56:fb:29:ff:42:94:2e:ce:1b:b0:a6:63:7a:29:
         d1:26:bb:e3:50:90:c7:ae:db:54:62:4b:79:2c:c5:38:0d:7a:
         71:48:f2:f5:a4:17:8c:b0:14:90:6c:78:83:d5:b9:3d:13:9b:
         28:f1:d1:48:67:ef:2f:0c:c3:dd:ac:98:5b:81:b6:a3:2c:58:
         34:04:7a:10:85:92:99:df:39:47:de:30:b9:8c:fa:e1:38:ad:
         61:bc:36:64:46:c1:bf:08:f7:df:1c:d2:b9:e0:88:ba:0f:af:
         96:f5:67:e4
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUYnZ+nF28mf58iTx/PYzdklSdMmIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNDEwMjAwMTExNDdaFw0yNTEwMTkwMTE2NDdaMDMxMTAvBgNV
BAMTKDJDMDhDRTAxNjcwRUUzRUM3MENBNjQ0RTYzREZBODE3N0RBMTkwRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3cvGOAY9O0rfiefnePq3sC79N
lnC7APsxkm3QoxiTIo3Un6MVq71Bij9La2t5j2T4DFD/n0/6d2+5zUBpyzVvedvl
HS8/mSjnKrTMa2odJSCKzt7ISdMuHRMqQfNUmC3V2b+aJX9/TReM8lOnunRJWBQb
yQM1/lTO9ZrFcDrS+8V6ESSyH44LcbEsVNzxTs0H4hBnqb0bGzmNRXxdPrQF4YKp
/DiDPmXvHhR7iHcDrwmKnP9sK8YJm1QM2s4gMnEyoEjcrxODKmJbF7tdKQGKoLD+
N4g4dqks2P2LmjvLDAqtXXX9L63hpAiMoimDyJVhEQJE2RrOBU8hjR1D68oRAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQULAjOAWcO4+xwymROY9+oF32hkNAwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODkyNzBmNmMt
YTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2YzODI0LzAvMzI2MTMxMzQzYTM3MzUzODM0
M2EzYTJmMzMzMjJkMzQzODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqFHWEMA0GCSqG
SIb3DQEBCwUAA4IBAQBg2hvtb4TNXFlD5coEU2Mc0zwGBjMKr0X8dKKTu61aEnvc
oDaZNYOLCWlMoqA3MnDStjDOMggLh3K2uC+CrxRNfQwoVUYnw6ByPZ3u3AQp/Voh
87mXT2BtualaJmsGTV1M3uRSNULrNb3m8JZH3Xp2JO6KrFhuRSK4zOKNw0L2Bj+0
CBld9n1BJHwx4B/H1ZzdrTACVvsp/0KULs4bsKZjeinRJrvjUJDHrttUYkt5LMU4
DXpxSPL1pBeMsBSQbHiD1bk9E5so8dFIZ+8vDMPdrJhbgbajLFg0BHoQhZKZ3zlH
3jC5jPrhOK1hvDZkRsG/CPffHNK54Ii6D6+W9Wfk
-----END CERTIFICATE-----