Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/326130303a316466303a3a2f33322d3332203d3e2035343634.roa
File:                     326130303a316466303a3a2f33322d3332203d3e2035343634.roa (raw, json)
Hash identifier:          XMw9F313q7zqwk9WgKtqBIUnF54AehPCvxl08cqiMlw=
Subject key identifier:   AF:B8:B2:92:F2:F2:F9:D4:29:3A:A8:57:47:78:85:37:F0:37:F1:20
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       3D76110BA1566AB92445B9D57498E55C529DD230
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/326130303a316466303a3a2f33322d3332203d3e2035343634.roa
Signing time:             Wed 22 May 2024 16:05:16 +0000
ROA not before:           Wed 22 May 2024 16:00:16 +0000
ROA not after:            Wed 21 May 2025 16:05:16 +0000
asID:                     5464
IP address blocks:        2a00:1df0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:76:11:0b:a1:56:6a:b9:24:45:b9:d5:74:98:e5:5c:52:9d:d2:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: May 22 16:00:16 2024 GMT
            Not After : May 21 16:05:16 2025 GMT
        Subject: CN=AFB8B292F2F2F9D4293AA85747788537F037F120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c5:b5:91:a9:7b:90:a9:16:70:9d:86:a1:11:
                    4a:16:5e:b8:a0:13:a8:64:3a:f2:0b:b1:ca:a9:30:
                    fc:72:91:0a:0e:09:bb:5b:ad:91:21:01:d6:5b:cc:
                    df:f6:99:76:fc:d6:a3:75:52:d3:46:03:38:11:fb:
                    d2:1d:e8:45:78:19:8c:d1:31:32:c1:3a:17:eb:46:
                    4f:2a:f0:ea:f5:68:27:6a:a9:6c:4a:f9:a6:66:bf:
                    3e:75:be:1c:8d:c6:9c:c2:f2:a4:4a:c6:2b:77:31:
                    7d:e4:59:78:ff:a1:7d:bd:f8:49:71:d3:52:74:9c:
                    0b:ca:cf:c8:25:03:f8:16:7a:6f:b1:63:76:c3:e8:
                    35:47:64:4c:43:1b:d6:ae:fc:bc:09:43:ed:4a:6c:
                    06:2e:3a:ca:96:93:86:5f:be:72:a5:52:5a:08:44:
                    cf:03:8d:fa:f2:46:d8:b7:fb:70:ac:31:f6:b9:25:
                    bc:d2:bd:3e:8c:0d:e4:1b:3b:f0:0b:11:bb:dc:87:
                    6a:24:53:c2:47:85:9d:fe:bb:65:6f:91:c1:d4:4c:
                    d9:05:c3:b4:12:c7:21:b1:73:d1:2c:c5:bf:3e:4e:
                    07:e3:ff:19:7c:8f:af:2a:de:fb:9a:dd:16:53:91:
                    b3:f7:c9:02:7b:08:70:de:9c:37:e7:e4:f9:da:33:
                    c3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B8:B2:92:F2:F2:F9:D4:29:3A:A8:57:47:78:85:37:F0:37:F1:20
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/326130303a316466303a3a2f33322d3332203d3e2035343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1df0::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:02:de:8f:dc:b2:50:a0:2f:59:7a:68:da:d6:e2:d5:bc:e2:
         37:23:ad:8c:e5:01:77:96:89:4b:14:83:03:ad:da:c1:90:0a:
         3d:be:ff:3e:27:4c:e6:77:69:8e:7e:a4:88:72:da:6f:53:79:
         94:52:4b:cc:9a:91:a6:88:a3:61:d7:42:67:bc:e2:e7:8d:9c:
         84:1e:fe:bb:7f:62:35:96:6e:e6:4f:26:f9:2c:3e:c9:07:98:
         35:9c:5c:c4:ba:d1:0f:0c:e2:b3:e4:d0:47:83:5f:be:4e:8c:
         27:67:f5:80:e4:54:dd:42:ba:e8:a0:ec:b6:45:fe:7e:6d:d1:
         44:21:16:af:f1:6d:5f:d8:dc:ea:7b:fe:d4:dc:37:e1:b7:a1:
         d2:55:f4:b3:93:57:00:77:45:a6:41:e1:d1:65:9b:a5:d8:fa:
         75:0a:5e:32:88:24:0e:b1:e4:f6:bd:fc:af:f6:d8:1c:1c:3f:
         e9:27:d4:b4:af:f3:87:df:7d:90:c5:1f:01:19:b9:78:0b:6e:
         41:0c:60:67:64:e1:83:6c:b2:3c:9b:79:48:40:54:dd:12:35:
         61:2f:15:ef:a6:d7:12:9f:d1:97:4f:5a:c6:d2:3a:ad:70:8b:
         01:34:af:f3:03:10:32:a9:68:6d:83:07:a8:9b:83:30:b2:74:
         bf:77:30:0e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUPXYRC6FWarkkRbnVdJjlXFKd0jAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNDA1MjIxNjAwMTZaFw0yNTA1MjExNjA1MTZaMDMxMTAvBgNV
BAMTKEFGQjhCMjkyRjJGMkY5RDQyOTNBQTg1NzQ3Nzg4NTM3RjAzN0YxMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcxbWRqXuQqRZwnYahEUoWXrig
E6hkOvILscqpMPxykQoOCbtbrZEhAdZbzN/2mXb81qN1UtNGAzgR+9Id6EV4GYzR
MTLBOhfrRk8q8Or1aCdqqWxK+aZmvz51vhyNxpzC8qRKxit3MX3kWXj/oX29+Elx
01J0nAvKz8glA/gWem+xY3bD6DVHZExDG9au/LwJQ+1KbAYuOsqWk4ZfvnKlUloI
RM8DjfryRti3+3CsMfa5JbzSvT6MDeQbO/ALEbvch2okU8JHhZ3+u2VvkcHUTNkF
w7QSxyGxc9Esxb8+Tgfj/xl8j68q3vua3RZTkbP3yQJ7CHDenDfn5PnaM8PDAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUr7iykvLy+dQpOqhXR3iFN/A38SAwHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzI2MTMwMzAzYTMxNjQ2NjMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzNDM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqAB3w
MA0GCSqGSIb3DQEBCwUAA4IBAQAnAt6P3LJQoC9Zemja1uLVvOI3I62M5QF3lolL
FIMDrdrBkAo9vv8+J0zmd2mOfqSIctpvU3mUUkvMmpGmiKNh10JnvOLnjZyEHv67
f2I1lm7mTyb5LD7JB5g1nFzEutEPDOKz5NBHg1++TownZ/WA5FTdQrrooOy2Rf5+
bdFEIRav8W1f2Nzqe/7U3Dfht6HSVfSzk1cAd0WmQeHRZZul2Pp1Cl4yiCQOseT2
vfyv9tgcHD/pJ9S0r/OH332QxR8BGbl4C25BDGBnZOGDbLI8m3lIQFTdEjVhLxXv
ptcSn9GXT1rG0jqtcIsBNK/zAxAyqWhtgweom4MwsnS/dzAO
-----END CERTIFICATE-----