Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/326130323a323937303a3a2f32392d3239203d3e203433383437.roa
File:                     326130323a323937303a3a2f32392d3239203d3e203433383437.roa (raw, json)
Hash identifier:          s2Lo9o3m7PNA+VTM8h6HfGJuLE7e0u+GGo764aM9FW4=
Subject key identifier:   B9:EB:7B:70:E2:36:53:1B:6E:7C:A7:20:96:E7:DA:94:B4:1B:51:29
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       056A1D0165FCE26AD6F8E5663862A32251404B5C
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/326130323a323937303a3a2f32392d3239203d3e203433383437.roa
Signing time:             Wed 29 Jan 2025 13:36:36 +0000
ROA not before:           Wed 29 Jan 2025 13:31:36 +0000
ROA not after:            Wed 28 Jan 2026 13:36:36 +0000
asID:                     43847
IP address blocks:        2a02:2970::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:6a:1d:01:65:fc:e2:6a:d6:f8:e5:66:38:62:a3:22:51:40:4b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:36 2025 GMT
            Not After : Jan 28 13:36:36 2026 GMT
        Subject: CN=B9EB7B70E236531B6E7CA72096E7DA94B41B5129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ef:11:ef:e4:ca:2d:aa:fa:e3:13:3f:9a:12:
                    f1:db:05:9d:c8:6d:b5:61:e2:3b:23:8c:1b:1c:cc:
                    23:58:4a:12:c4:7c:c7:37:31:77:3c:63:7f:65:69:
                    2f:75:67:a8:c7:c6:68:5d:80:f8:8b:f6:74:b0:20:
                    ee:8c:c3:d2:38:f2:7a:5a:ae:54:13:b3:d6:36:1d:
                    eb:3e:54:a4:5a:a6:07:7f:f5:60:87:1b:68:61:36:
                    e8:38:a6:4c:47:61:47:8f:e3:07:4a:c9:a4:cc:db:
                    35:4e:ab:c2:50:9d:48:01:55:6e:53:16:e1:ba:b6:
                    b1:dd:a3:70:9a:f6:d7:9a:e1:de:56:49:fa:1a:d1:
                    26:5c:ef:85:19:da:67:b3:f6:7e:f1:8b:57:ee:42:
                    9f:d1:6d:d3:d5:37:0a:83:e2:64:b2:fd:b3:fd:c6:
                    f7:5c:1f:dc:95:7f:27:60:b8:4a:fd:ea:f9:cc:b8:
                    7c:49:54:d7:4c:6a:20:1c:a6:8a:54:75:7a:6e:32:
                    4b:31:d7:c0:93:38:21:bf:1b:5e:8a:ed:48:d6:7c:
                    18:a2:3e:43:99:c2:b2:b7:e8:a5:ab:05:17:e9:fa:
                    7c:9c:14:55:47:f4:af:b6:ca:b6:b6:b3:13:71:90:
                    41:50:cd:02:bc:84:52:1a:c9:fb:6f:04:cc:90:a2:
                    3a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:EB:7B:70:E2:36:53:1B:6E:7C:A7:20:96:E7:DA:94:B4:1B:51:29
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/326130323a323937303a3a2f32392d3239203d3e203433383437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2970::/29

    Signature Algorithm: sha256WithRSAEncryption
         c5:3f:d0:9d:06:6d:b4:97:66:12:29:59:32:dc:69:23:dc:09:
         50:81:b6:31:51:cf:78:67:3c:6e:dc:2a:28:8c:0c:4f:ec:d9:
         a3:9a:1e:1e:f5:b7:9f:19:00:5f:00:05:92:ab:35:e9:3f:7d:
         75:e7:77:fe:3e:95:73:c9:22:88:e6:2d:d2:74:5c:84:64:ba:
         b8:b5:3b:c4:5b:43:bf:3d:49:19:48:98:6b:c3:f4:11:81:fe:
         60:4b:08:32:cb:89:cc:4b:da:65:9a:a8:1d:35:a5:a6:cb:1f:
         a4:cb:02:c2:0f:35:aa:29:49:80:4c:02:f0:56:76:7d:21:1f:
         af:d7:f6:5a:3f:46:c7:de:67:f2:74:0f:5a:21:70:be:77:56:
         2e:31:01:13:e8:25:dc:8b:58:16:ec:7d:00:b7:f9:1d:74:93:
         0e:c2:05:86:43:bc:f6:07:b9:f2:0a:03:dc:07:d4:a0:ec:ec:
         87:8c:09:56:04:80:e0:f6:6f:28:78:95:2d:6b:24:73:96:76:
         45:73:c7:8e:6c:c1:32:52:b9:06:3a:59:ab:1f:3d:b6:60:ef:
         1b:f9:ab:94:24:b8:64:38:eb:e7:6b:ef:74:2c:e0:15:cc:a2:
         08:e8:1b:b5:22:ed:2b:45:41:57:cb:76:9d:d6:2f:8d:13:7c:
         b7:1f:32:17
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUBWodAWX84mrW+OVmOGKjIlFAS1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxMzZaFw0yNjAxMjgxMzM2MzZaMDMxMTAvBgNV
BAMTKEI5RUI3QjcwRTIzNjUzMUI2RTdDQTcyMDk2RTdEQTk0QjQxQjUxMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa7xHv5MotqvrjEz+aEvHbBZ3I
bbVh4jsjjBsczCNYShLEfMc3MXc8Y39laS91Z6jHxmhdgPiL9nSwIO6Mw9I48npa
rlQTs9Y2Hes+VKRapgd/9WCHG2hhNug4pkxHYUeP4wdKyaTM2zVOq8JQnUgBVW5T
FuG6trHdo3Ca9tea4d5WSfoa0SZc74UZ2mez9n7xi1fuQp/RbdPVNwqD4mSy/bP9
xvdcH9yVfydguEr96vnMuHxJVNdMaiAcpopUdXpuMksx18CTOCG/G16K7UjWfBii
PkOZwrK36KWrBRfp+nycFFVH9K+2yra2sxNxkEFQzQK8hFIayftvBMyQojovAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUuet7cOI2UxtufKcglufalLQbUSkwHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzI2MTMwMzIzYTMyMzkzNzMw
M2EzYTJmMzIzOTJkMzIzOTIwM2QzZTIwMzQzMzM4MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoC
KXAwDQYJKoZIhvcNAQELBQADggEBAMU/0J0GbbSXZhIpWTLcaSPcCVCBtjFRz3hn
PG7cKiiMDE/s2aOaHh71t58ZAF8ABZKrNek/fXXnd/4+lXPJIojmLdJ0XIRkuri1
O8RbQ789SRlImGvD9BGB/mBLCDLLicxL2mWaqB01pabLH6TLAsIPNaopSYBMAvBW
dn0hH6/X9lo/RsfeZ/J0D1ohcL53Vi4xARPoJdyLWBbsfQC3+R10kw7CBYZDvPYH
ufIKA9wH1KDs7IeMCVYEgOD2byh4lS1rJHOWdkVzx45swTJSuQY6WasfPbZg7xv5
q5QkuGQ46+dr73Qs4BXMogjoG7Ui7StFQVfLdp3WL40TfLcfMhc=
-----END CERTIFICATE-----