Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa
File:                     326131313a353730303a3a2f33322d3332203d3e203438303730.roa (raw, json)
Hash identifier:          M1W/UI7nVvcG5IlyKmaYpsnNndD+L3rNJ9g8XuVAe1c=
Subject key identifier:   72:1E:B3:03:59:C7:88:16:CE:FC:9D:BF:60:50:29:CE:66:D5:AD:A5
Certificate issuer:       /CN=98a87cad5b710890a9528f166f4202393824e6b8
Certificate serial:       56FDD54726F09A34EC1E508143415032AE606220
Authority key identifier: 98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa
Signing time:             Tue 25 Jun 2024 15:49:17 +0000
ROA not before:           Tue 25 Jun 2024 15:44:17 +0000
ROA not after:            Tue 24 Jun 2025 15:49:17 +0000
asID:                     48070
IP address blocks:        2a11:5700::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 00:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:fd:d5:47:26:f0:9a:34:ec:1e:50:81:43:41:50:32:ae:60:62:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a87cad5b710890a9528f166f4202393824e6b8
        Validity
            Not Before: Jun 25 15:44:17 2024 GMT
            Not After : Jun 24 15:49:17 2025 GMT
        Subject: CN=721EB30359C78816CEFC9DBF605029CE66D5ADA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bf:d5:83:8d:aa:88:d4:eb:9e:13:ac:20:b4:
                    95:e3:9f:5b:33:61:2a:e5:b9:aa:63:6a:9b:ec:57:
                    53:82:52:68:05:4c:16:a7:86:cc:ba:f5:7a:36:71:
                    05:f2:1f:7f:bb:ab:7a:fd:e0:b0:69:a4:58:56:ed:
                    7e:81:f7:c8:18:4d:ba:3a:3a:db:d9:20:b9:5e:5d:
                    c9:bb:56:86:a3:da:a8:d4:3c:b5:43:db:c4:70:2f:
                    a9:2a:78:0d:ce:91:7d:4d:44:56:2e:76:5a:22:fd:
                    57:b4:5b:f4:19:66:74:bc:76:92:05:85:bb:96:99:
                    63:46:44:6e:be:ec:e5:2a:a6:29:96:72:08:a6:22:
                    50:b9:d0:12:0f:a0:76:10:1c:11:1c:cb:ed:a8:ee:
                    7f:82:82:ec:58:e2:c6:75:fc:70:24:8c:6f:cb:55:
                    09:90:b5:be:01:62:52:89:98:cb:60:35:dc:b8:f9:
                    34:77:4e:90:8c:69:68:05:83:14:c6:23:29:ff:35:
                    41:d4:5a:a4:7c:a6:df:dc:9c:4d:78:a2:57:32:bf:
                    e7:5c:01:25:fe:38:e0:fa:f2:12:74:0d:e9:65:6b:
                    1b:cd:d1:57:76:76:fc:41:77:93:8c:c7:44:2e:a1:
                    47:d8:8e:f0:c3:eb:be:64:f1:b8:a4:27:b3:35:d4:
                    92:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:1E:B3:03:59:C7:88:16:CE:FC:9D:BF:60:50:29:CE:66:D5:AD:A5
            X509v3 Authority Key Identifier:
                keyid:98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5700::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:c3:5f:3c:3a:c7:10:33:78:da:72:45:bc:7b:f9:cf:96:e6:
         dc:7e:f0:a6:d1:18:7b:85:bc:9e:b4:b8:4b:3c:a2:f0:01:19:
         c2:79:fa:d9:a5:90:8f:8e:b7:dd:d3:ae:76:69:53:b0:51:6f:
         e9:38:84:3b:a5:ad:15:0a:ea:6f:81:dd:70:f8:f4:23:23:07:
         02:10:b2:12:57:3b:c2:e4:11:7c:ff:2a:18:25:5c:94:d3:29:
         eb:8a:06:87:09:00:f8:c6:62:59:c3:45:1a:80:2f:26:dd:94:
         9c:94:09:7a:d2:0a:55:7b:fd:1f:c9:2a:e8:e4:9d:23:91:52:
         56:67:83:55:c4:81:a5:22:72:ba:9e:0d:25:0e:14:0a:6e:61:
         d3:30:1e:10:5c:25:44:5f:3b:2e:d3:54:fd:80:bb:20:61:dd:
         bc:55:79:f4:5b:6e:54:4b:74:8b:5c:22:79:1b:af:9f:e9:93:
         2f:f7:e0:7b:1f:0f:64:79:05:d9:04:0e:b1:56:68:4f:2a:d1:
         14:4f:63:f7:e7:eb:56:91:30:11:e3:3e:c8:38:a8:60:65:85:
         3b:84:89:ad:9f:55:2c:c9:41:d8:96:a7:6a:8e:02:2e:b4:62:
         01:b8:54:37:01:8b:9d:61:cb:37:b0:ad:47:a2:6b:20:a7:61:
         13:c3:7f:97
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUVv3VRybwmjTsHlCBQ0FQMq5gYiAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOThhODdjYWQ1YjcxMDg5MGE5NTI4ZjE2NmY0MjAyMzkz
ODI0ZTZiODAeFw0yNDA2MjUxNTQ0MTdaFw0yNTA2MjQxNTQ5MTdaMDMxMTAvBgNV
BAMTKDcyMUVCMzAzNTlDNzg4MTZDRUZDOURCRjYwNTAyOUNFNjZENUFEQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1v9WDjaqI1OueE6wgtJXjn1sz
YSrluapjapvsV1OCUmgFTBanhsy69Xo2cQXyH3+7q3r94LBppFhW7X6B98gYTbo6
OtvZILleXcm7Voaj2qjUPLVD28RwL6kqeA3OkX1NRFYudloi/Ve0W/QZZnS8dpIF
hbuWmWNGRG6+7OUqpimWcgimIlC50BIPoHYQHBEcy+2o7n+CguxY4sZ1/HAkjG/L
VQmQtb4BYlKJmMtgNdy4+TR3TpCMaWgFgxTGIyn/NUHUWqR8pt/cnE14olcyv+dc
ASX+OOD68hJ0DellaxvN0Vd2dvxBd5OMx0QuoUfYjvDD675k8bikJ7M11JKPAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUch6zA1nHiBbO/J2/YFApzmbVraUwHwYDVR0j
BBgwFoAUmKh8rVtxCJCpUo8Wb0ICOTgk5rgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUtNGIxYS00NmVhLTljOTUtNGFmMTI5NjRh
NDlkLzAvOThBODdDQUQ1QjcxMDg5MEE5NTI4RjE2NkY0MjAyMzkzODI0RTZCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL21LaDhyVnR4Q0pDcFVvOFdiMElDT1Rn
azVyZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUt
NGIxYS00NmVhLTljOTUtNGFmMTI5NjRhNDlkLzAvMzI2MTMxMzEzYTM1MzczMDMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzQzODMwMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoR
VwAwDQYJKoZIhvcNAQELBQADggEBACfDXzw6xxAzeNpyRbx7+c+W5tx+8KbRGHuF
vJ60uEs8ovABGcJ5+tmlkI+Ot93TrnZpU7BRb+k4hDulrRUK6m+B3XD49CMjBwIQ
shJXO8LkEXz/KhglXJTTKeuKBocJAPjGYlnDRRqALybdlJyUCXrSClV7/R/JKujk
nSORUlZng1XEgaUicrqeDSUOFApuYdMwHhBcJURfOy7TVP2AuyBh3bxVefRbblRL
dItcInkbr5/pky/34HsfD2R5BdkEDrFWaE8q0RRPY/fn61aRMBHjPsg4qGBlhTuE
ia2fVSzJQdiWp2qOAi60YgG4VDcBi51hyzewrUeiayCnYRPDf5c=
-----END CERTIFICATE-----