Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a3a2f32392d3239203d3e2030.roa
File:                     326131313a663263303a3a2f32392d3239203d3e2030.roa (raw, json)
Hash identifier:          MwbOd1PIPCzSrz2vCyWZwXozAAfPC2Z+fHuw/d21vMI=
Subject key identifier:   B7:92:AB:8D:4B:B4:C0:48:7A:F7:C9:63:14:42:91:26:56:6E:13:F1
Certificate issuer:       /CN=0839a93dab544c296ffa143456844a8b2818b1d0
Certificate serial:       643BA24DB72B4B2E281BF7537D8788A72084B5FA
Authority key identifier: 08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a3a2f32392d3239203d3e2030.roa
Signing time:             Sun 30 Jun 2024 12:15:22 +0000
ROA not before:           Sun 30 Jun 2024 12:10:22 +0000
ROA not after:            Sun 29 Jun 2025 12:15:22 +0000
asID:                     0
IP address blocks:        2a11:f2c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:3b:a2:4d:b7:2b:4b:2e:28:1b:f7:53:7d:87:88:a7:20:84:b5:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0839a93dab544c296ffa143456844a8b2818b1d0
        Validity
            Not Before: Jun 30 12:10:22 2024 GMT
            Not After : Jun 29 12:15:22 2025 GMT
        Subject: CN=B792AB8D4BB4C0487AF7C96314429126566E13F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9b:b3:24:17:6c:f6:46:f3:28:1c:92:cd:34:
                    10:95:f9:92:80:26:5d:c8:b2:3a:43:f9:b3:1f:c7:
                    b3:53:f5:56:4f:9a:4a:c4:cc:c1:fb:ab:c4:b7:31:
                    92:e9:63:48:a2:8d:e0:10:a8:32:70:c1:df:c0:4f:
                    ce:7e:d5:5f:26:8f:49:6a:4e:53:d9:fc:97:04:21:
                    cb:8f:47:5f:c5:c8:42:1b:9f:5e:3c:d8:0a:ca:ce:
                    4c:c5:76:06:7d:80:ad:03:b7:c2:83:b2:b1:eb:5f:
                    1b:ed:8a:4d:c5:4f:e9:be:4d:e6:8b:f9:c7:47:63:
                    10:97:17:ee:e2:82:72:7a:99:cf:99:4d:ba:79:d3:
                    ce:d1:33:6e:83:2e:40:8a:6c:f1:c2:2a:28:ca:3d:
                    42:59:c4:f2:ef:f4:c7:80:f6:29:78:37:09:a3:19:
                    c8:2e:3d:b9:d7:83:66:ad:95:09:b2:37:fb:85:eb:
                    a4:ca:a4:1d:00:56:a1:2e:0a:3c:07:45:5d:dd:7e:
                    d1:df:fd:58:c6:eb:99:ee:90:72:09:bb:be:9e:1f:
                    a0:5e:78:44:3d:42:23:29:55:72:d1:54:97:c7:8c:
                    77:ff:59:a7:ec:d6:14:62:a4:0d:88:58:a3:56:46:
                    95:af:75:5e:90:ad:81:83:99:c1:64:43:14:65:6e:
                    fc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:92:AB:8D:4B:B4:C0:48:7A:F7:C9:63:14:42:91:26:56:6E:13:F1
            X509v3 Authority Key Identifier:
                keyid:08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a3a2f32392d3239203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         cc:84:59:dc:02:9c:6e:3f:92:f5:3a:22:7b:fe:bd:4d:9c:a8:
         af:9b:6b:8d:52:fc:8b:99:cb:c3:f4:d1:43:77:0d:82:b0:a4:
         0d:03:d3:02:59:3c:0e:12:ba:4f:c4:93:38:07:f8:10:72:c9:
         af:96:d9:0d:5a:4f:57:d6:79:73:07:08:51:b1:aa:a2:70:73:
         3f:72:00:fe:49:89:47:e2:c8:1a:50:71:39:bf:c0:8a:83:43:
         58:61:95:98:df:95:c5:48:f1:fd:37:fa:02:0c:b1:62:98:93:
         4d:97:e0:83:a3:1a:43:c9:5f:e1:d6:c0:b6:49:35:ab:52:5e:
         19:52:db:0d:a5:c8:37:39:d5:2c:be:e9:20:70:2c:ca:d5:be:
         86:43:d6:a5:c8:a6:88:21:92:10:e4:a5:c5:e8:f8:0f:4b:e4:
         db:16:2b:c3:32:86:41:7a:7d:d7:d6:6e:07:a3:ef:61:00:25:
         60:c0:fb:7b:8b:24:2e:88:a5:50:48:4a:45:2b:b6:6e:79:5d:
         a3:a2:de:1e:83:25:72:ef:47:16:a7:5d:a9:3d:96:9e:43:13:
         fe:cb:2e:34:ac:9b:98:e8:d8:f0:d9:4e:8d:f8:df:39:e5:aa:
         c2:ee:bf:9c:0a:cf:31:e9:e9:14:0e:05:05:0e:45:1e:a3:71:
         5f:ab:aa:08
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUZDuiTbcrSy4oG/dTfYeIpyCEtfowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDgzOWE5M2RhYjU0NGMyOTZmZmExNDM0NTY4NDRhOGIy
ODE4YjFkMDAeFw0yNDA2MzAxMjEwMjJaFw0yNTA2MjkxMjE1MjJaMDMxMTAvBgNV
BAMTKEI3OTJBQjhENEJCNEMwNDg3QUY3Qzk2MzE0NDI5MTI2NTY2RTEzRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpm7MkF2z2RvMoHJLNNBCV+ZKA
Jl3IsjpD+bMfx7NT9VZPmkrEzMH7q8S3MZLpY0iijeAQqDJwwd/AT85+1V8mj0lq
TlPZ/JcEIcuPR1/FyEIbn1482ArKzkzFdgZ9gK0Dt8KDsrHrXxvtik3FT+m+TeaL
+cdHYxCXF+7ignJ6mc+ZTbp5087RM26DLkCKbPHCKijKPUJZxPLv9MeA9il4Nwmj
GcguPbnXg2atlQmyN/uF66TKpB0AVqEuCjwHRV3dftHf/VjG65nukHIJu76eH6Be
eEQ9QiMpVXLRVJfHjHf/Wafs1hRipA2IWKNWRpWvdV6QrYGDmcFkQxRlbvy1AgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUt5KrjUu0wEh698ljFEKRJlZuE/EwHwYDVR0j
BBgwFoAUCDmpPatUTClv+hQ0VoRKiygYsdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGRlODM3ZmItNjM5MC00MWI1LTgyYTAtZjBkMDJjMDNh
MmM2LzcvMDgzOUE5M0RBQjU0NEMyOTZGRkExNDM0NTY4NDRBOEIyODE4QjFEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NEbXBQYXRVVENsdi1oUTBWb1JLaXln
WXNkQS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGRlODM3ZmIt
NjM5MC00MWI1LTgyYTAtZjBkMDJjMDNhMmM2LzcvMzI2MTMxMzEzYTY2MzI2MzMw
M2EzYTJmMzIzOTJkMzIzOTIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqEfLAMA0GCSqG
SIb3DQEBCwUAA4IBAQDMhFncApxuP5L1OiJ7/r1NnKivm2uNUvyLmcvD9NFDdw2C
sKQNA9MCWTwOErpPxJM4B/gQcsmvltkNWk9X1nlzBwhRsaqicHM/cgD+SYlH4sga
UHE5v8CKg0NYYZWY35XFSPH9N/oCDLFimJNNl+CDoxpDyV/h1sC2STWrUl4ZUtsN
pcg3OdUsvukgcCzK1b6GQ9alyKaIIZIQ5KXF6PgPS+TbFivDMoZBen3X1m4Ho+9h
ACVgwPt7iyQuiKVQSEpFK7ZueV2jot4egyVy70cWp12pPZaeQxP+yy40rJuY6Njw
2U6N+N855arC7r+cCs8x6ekUDgUFDkUeo3Ffq6oI
-----END CERTIFICATE-----