Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/323630323a663961323a3a2f34382d3438203d3e203436373636.roa
File:                     323630323a663961323a3a2f34382d3438203d3e203436373636.roa (raw, json)
Hash identifier:          dNvxw0+R2mi2yZ7yZ+PkpHw5t4IMqFyhS0zsCoWaY88=
Subject key identifier:   88:C6:74:C3:9B:84:77:0D:64:1D:97:4A:9F:D7:8B:8D:73:EE:E5:E5
Certificate issuer:       /CN=89d4f40fed1166159109937674aef0279ad039550feccf8d61
Certificate serial:       6562E8D700F2C157F0892D6A72BB993349B010B1
Authority key identifier: 24:72:94:9B:3C:23:49:30:DB:E9:9B:1B:5C:D5:19:6A:B1:6D:15:1B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/89d4f40fed1166159109937674aef0279ad039550feccf8d61.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/323630323a663961323a3a2f34382d3438203d3e203436373636.roa
Signing time:             Thu 02 Jan 2025 21:03:21 +0000
ROA not before:           Thu 02 Jan 2025 20:58:21 +0000
ROA not after:            Thu 01 Jan 2026 21:03:21 +0000
asID:                     46766
IP address blocks:        2602:f9a2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/2472949B3C234930DBE99B1B5CD5196AB16D151B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/2472949B3C234930DBE99B1B5CD5196AB16D151B.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/89d4f40fed1166159109937674aef0279ad039550feccf8d61.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/3d9879da-145f-4f21-a7c3-da6b59a01625.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/3d9879da-145f-4f21-a7c3-da6b59a01625.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 10:25:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:62:e8:d7:00:f2:c1:57:f0:89:2d:6a:72:bb:99:33:49:b0:10:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89d4f40fed1166159109937674aef0279ad039550feccf8d61
        Validity
            Not Before: Jan  2 20:58:21 2025 GMT
            Not After : Jan  1 21:03:21 2026 GMT
        Subject: CN=88C674C39B84770D641D974A9FD78B8D73EEE5E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:48:36:e4:52:53:0b:e4:4f:15:8d:8d:dd:2b:
                    dc:db:87:24:29:1b:93:e9:a6:23:af:33:18:c1:87:
                    f4:6c:ab:a8:b9:fe:f7:21:3e:a3:13:82:23:b9:96:
                    3c:18:be:53:62:e2:a5:c1:04:fd:d0:4b:76:f3:15:
                    87:93:5d:fb:cb:b1:c9:be:99:bc:48:72:65:a5:c3:
                    23:31:53:fe:f8:56:a9:6d:ea:db:2e:ee:37:da:41:
                    25:08:1c:37:f4:b9:16:79:59:ea:51:73:5a:4b:37:
                    b6:b7:58:65:5b:53:5e:dd:57:2b:a4:78:1a:1e:47:
                    4b:de:4c:1b:9c:25:5a:6d:cf:04:ba:3c:0e:4e:2b:
                    fb:79:1c:12:b3:e4:b6:8f:36:00:88:60:65:9a:52:
                    2a:67:44:97:b8:7d:d4:4b:53:43:27:cf:83:90:f2:
                    b7:bc:7d:73:1f:d2:b3:7d:1d:a9:a9:99:db:1a:64:
                    95:82:15:64:f4:8d:17:c9:b3:30:63:83:8a:42:48:
                    3f:1a:e6:0e:58:a0:f5:28:dd:bf:dd:3d:f7:4b:50:
                    87:96:43:e3:a4:de:8f:5e:48:58:4e:55:ca:55:99:
                    d9:29:7c:f4:45:cd:b4:4b:61:12:9e:2e:b4:b2:25:
                    c0:a7:00:7d:95:41:23:89:23:38:d3:92:9e:23:5b:
                    05:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C6:74:C3:9B:84:77:0D:64:1D:97:4A:9F:D7:8B:8D:73:EE:E5:E5
            X509v3 Authority Key Identifier:
                keyid:24:72:94:9B:3C:23:49:30:DB:E9:9B:1B:5C:D5:19:6A:B1:6D:15:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/2472949B3C234930DBE99B1B5CD5196AB16D151B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/3d9879da-145f-4f21-a7c3-da6b59a01625/89d4f40fed1166159109937674aef0279ad039550feccf8d61.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/de7d55f7-ee60-4005-bad7-b42818cf50e8/6/323630323a663961323a3a2f34382d3438203d3e203436373636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f9a2::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:2b:88:87:6f:27:dd:e2:f8:18:21:d4:9b:e0:66:56:d8:88:
         cc:25:c3:de:98:dc:3c:05:9d:f9:9c:e8:75:08:fd:63:c8:7a:
         e3:a2:a0:81:96:43:75:d0:6f:02:f7:4e:09:a6:1b:14:90:91:
         98:4f:01:a6:6c:c3:90:ec:6f:f2:be:95:e2:0e:2b:6a:55:31:
         15:1b:f1:00:de:ae:fe:89:3d:6c:91:23:f7:e6:4f:d4:b3:98:
         98:4f:86:d7:1a:78:b1:e3:bc:9c:14:f2:49:8d:d1:94:a3:e1:
         45:15:19:7d:07:34:b9:66:04:7f:84:e2:eb:d5:fe:ce:2f:7f:
         23:ec:a9:da:d3:0a:f7:bc:96:54:3a:a5:a5:06:78:62:3b:5b:
         4e:1c:16:23:ef:aa:81:84:2f:7d:f1:27:ec:11:d1:ee:bb:97:
         2f:0e:b0:1f:d8:4a:5b:e7:b5:14:8e:5d:a1:23:36:4a:5b:bb:
         b1:b0:3f:ec:93:c2:fe:c6:6e:29:65:ff:1d:7d:61:de:fa:de:
         ba:0b:a6:cf:f3:a1:7b:53:40:35:12:a4:5f:14:9b:f9:e8:9b:
         87:77:97:a7:9b:d6:e8:13:14:36:2b:7b:98:ab:bc:37:fe:cd:
         f0:4f:b4:a5:20:4a:f0:97:54:33:4e:13:ba:27:c7:d8:2f:bd:
         25:b3:ec:ed
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgIUZWLo1wDywVfwiS1qcruZM0mwELEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODlkNGY0MGZlZDExNjYxNTkxMDk5Mzc2NzRhZWYwMjc5
YWQwMzk1NTBmZWNjZjhkNjEwHhcNMjUwMTAyMjA1ODIxWhcNMjYwMTAxMjEwMzIx
WjAzMTEwLwYDVQQDEyg4OEM2NzRDMzlCODQ3NzBENjQxRDk3NEE5RkQ3OEI4RDcz
RUVFNUU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUg25FJTC+RP
FY2N3Svc24ckKRuT6aYjrzMYwYf0bKuouf73IT6jE4IjuZY8GL5TYuKlwQT90Et2
8xWHk137y7HJvpm8SHJlpcMjMVP++FapberbLu432kElCBw39LkWeVnqUXNaSze2
t1hlW1Ne3VcrpHgaHkdL3kwbnCVabc8EujwOTiv7eRwSs+S2jzYAiGBlmlIqZ0SX
uH3US1NDJ8+DkPK3vH1zH9KzfR2pqZnbGmSVghVk9I0XybMwY4OKQkg/GuYOWKD1
KN2/3T33S1CHlkPjpN6PXkhYTlXKVZnZKXz0Rc20S2ESni60siXApwB9lUEjiSM4
05KeI1sFbQIDAQABo4ICzjCCAsowHQYDVR0OBBYEFIjGdMObhHcNZB2XSp/Xi41z
7uXlMB8GA1UdIwQYMBaAFCRylJs8I0kw2+mbG1zVGWqxbRUbMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2RlN2Q1NWY3LWVlNjAtNDAwNS1iYWQ3
LWI0MjgxOGNmNTBlOC82LzI0NzI5NDlCM0MyMzQ5MzBEQkU5OUIxQjVDRDUxOTZB
QjE2RDE1MUIuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC8zZDk4NzlkYS0xNDVmLTRmMjEtYTdjMy1k
YTZiNTlhMDE2MjUvODlkNGY0MGZlZDExNjYxNTkxMDk5Mzc2NzRhZWYwMjc5YWQw
Mzk1NTBmZWNjZjhkNjEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2RlN2Q1NWY3LWVlNjAtNDAwNS1iYWQ3LWI0MjgxOGNmNTBlOC82LzMyMzYzMDMy
M2E2NjM5NjEzMjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDM0MzYzNzM2MzYucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8E
AgACMAkDBwAmAvmiAAAwDQYJKoZIhvcNAQELBQADggEBAE4riIdvJ93i+Bgh1Jvg
ZlbYiMwlw96Y3DwFnfmc6HUI/WPIeuOioIGWQ3XQbwL3TgmmGxSQkZhPAaZsw5Ds
b/K+leIOK2pVMRUb8QDerv6JPWyRI/fmT9SzmJhPhtcaeLHjvJwU8kmN0ZSj4UUV
GX0HNLlmBH+E4uvV/s4vfyPsqdrTCve8llQ6paUGeGI7W04cFiPvqoGEL33xJ+wR
0e67ly8OsB/YSlvntRSOXaEjNkpbu7GwP+yTwv7Gbill/x19Yd763roLps/zoXtT
QDUSpF8Um/nom4d3l6eb1ugTFDYre5irvDf+zfBPtKUgSvCXVDNOE7onx9gvvSWz
7O0=
-----END CERTIFICATE-----