Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/326130643a623238303a3a2f32392d3239203d3e203431373230.roa
File:                     326130643a623238303a3a2f32392d3239203d3e203431373230.roa (raw, json)
Hash identifier:          YrKMLBs8xCiL955bvB/8G11UYsLmajFWAxqi9VeJEB4=
Subject key identifier:   CA:22:89:C0:DB:1B:F6:C4:43:B4:FD:B4:54:3A:5A:2F:48:85:12:3C
Certificate issuer:       /CN=88cdd9c193da9185a4ac15b2ade875fe97b6f491
Certificate serial:       1FFBC87C732353F4C19972C1E0266A4E23663C65
Authority key identifier: 88:CD:D9:C1:93:DA:91:85:A4:AC:15:B2:AD:E8:75:FE:97:B6:F4:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/326130643a623238303a3a2f32392d3239203d3e203431373230.roa
Signing time:             Thu 22 Aug 2024 15:49:55 +0000
ROA not before:           Thu 22 Aug 2024 15:44:55 +0000
ROA not after:            Thu 21 Aug 2025 15:49:55 +0000
asID:                     41720
IP address blocks:        2a0d:b280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Nov 2024 15:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:fb:c8:7c:73:23:53:f4:c1:99:72:c1:e0:26:6a:4e:23:66:3c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88cdd9c193da9185a4ac15b2ade875fe97b6f491
        Validity
            Not Before: Aug 22 15:44:55 2024 GMT
            Not After : Aug 21 15:49:55 2025 GMT
        Subject: CN=CA2289C0DB1BF6C443B4FDB4543A5A2F4885123C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b8:01:f2:68:ab:a0:00:2b:42:68:3d:8f:8d:
                    81:af:46:c0:71:66:87:3c:b9:f1:c1:89:01:67:39:
                    5c:ce:04:67:4f:fd:ef:bd:78:29:e5:31:1d:b0:c4:
                    93:9b:f7:00:b2:1a:dc:1f:43:09:1e:06:52:5f:fe:
                    3a:fa:4d:ac:52:59:6d:7b:33:6f:be:36:8e:a8:c0:
                    57:1c:4a:85:af:10:bc:4d:5d:0e:b1:5a:f4:4d:ac:
                    47:c1:02:97:f8:aa:cb:cb:c7:4b:8e:a3:9d:3c:fa:
                    17:9c:04:3f:5c:47:92:54:c7:2c:e7:71:de:07:4c:
                    d2:4d:04:87:b9:86:ab:16:d4:c3:6f:76:b2:89:c1:
                    25:52:08:62:83:a2:04:85:62:06:5b:e2:f0:ba:91:
                    89:0c:c0:91:65:0e:6d:49:a7:c2:64:41:dc:46:76:
                    66:d8:37:b3:77:51:bf:aa:ca:e9:e8:49:96:e5:33:
                    34:ed:5a:fd:a5:51:55:d8:0e:f3:33:cb:d0:34:95:
                    ab:25:0f:0f:69:a1:c8:bc:c5:9c:4f:89:b6:5e:1d:
                    3d:a6:e6:94:36:8b:2c:bf:11:b1:de:ea:75:2e:f8:
                    a7:f2:27:85:86:57:d3:fd:b7:25:fb:11:93:b0:04:
                    a9:f1:f4:95:45:01:36:5e:a8:e3:ce:5a:10:56:9e:
                    45:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:22:89:C0:DB:1B:F6:C4:43:B4:FD:B4:54:3A:5A:2F:48:85:12:3C
            X509v3 Authority Key Identifier:
                keyid:88:CD:D9:C1:93:DA:91:85:A4:AC:15:B2:AD:E8:75:FE:97:B6:F4:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/326130643a623238303a3a2f32392d3239203d3e203431373230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b280::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:65:01:4b:1a:e4:9d:57:da:da:59:07:7f:75:67:f4:b0:81:
         3c:01:20:21:01:7b:4f:48:ee:d4:12:6d:e3:2e:e4:cc:99:f3:
         2f:bf:02:6d:55:4c:4c:2c:e3:06:7f:3e:43:1f:21:5d:05:8b:
         a8:f1:c3:81:cb:40:31:0a:f1:47:de:69:7e:ab:29:5d:e8:ed:
         25:bd:28:8e:75:18:c7:c1:68:b0:a6:8e:96:74:a0:40:eb:8f:
         ad:a8:71:d5:cb:b6:1d:07:ab:f8:e5:15:3f:0b:2d:fd:28:ab:
         2b:10:3a:78:b5:30:8e:5b:29:61:74:26:d4:12:d7:44:58:8c:
         9a:0f:82:2e:d6:db:cc:a9:22:b1:48:79:a5:b9:38:c7:84:34:
         8a:25:dc:24:86:a5:b5:34:69:d8:16:02:d1:5d:24:f6:90:19:
         5c:05:8c:23:1c:a4:aa:bd:f2:ee:27:64:46:67:12:d1:c4:0d:
         eb:d2:4e:16:29:d4:1e:3f:62:7d:be:36:2d:e1:67:19:82:71:
         64:0e:2b:cb:63:a1:7a:c9:06:81:f2:bf:9c:5f:02:f0:87:d3:
         fa:a6:6e:ad:62:27:dd:fb:85:56:4e:df:82:a3:66:34:3e:50:
         f1:56:48:b4:7b:ca:20:70:e4:51:7a:32:fc:a7:7e:0b:49:b1:
         29:7f:1b:08
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUH/vIfHMjU/TBmXLB4CZqTiNmPGUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjZGQ5YzE5M2RhOTE4NWE0YWMxNWIyYWRlODc1ZmU5
N2I2ZjQ5MTAeFw0yNDA4MjIxNTQ0NTVaFw0yNTA4MjExNTQ5NTVaMDMxMTAvBgNV
BAMTKENBMjI4OUMwREIxQkY2QzQ0M0I0RkRCNDU0M0E1QTJGNDg4NTEyM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXuAHyaKugACtCaD2PjYGvRsBx
Zoc8ufHBiQFnOVzOBGdP/e+9eCnlMR2wxJOb9wCyGtwfQwkeBlJf/jr6TaxSWW17
M2++No6owFccSoWvELxNXQ6xWvRNrEfBApf4qsvLx0uOo508+hecBD9cR5JUxyzn
cd4HTNJNBIe5hqsW1MNvdrKJwSVSCGKDogSFYgZb4vC6kYkMwJFlDm1Jp8JkQdxG
dmbYN7N3Ub+qyunoSZblMzTtWv2lUVXYDvMzy9A0laslDw9poci8xZxPibZeHT2m
5pQ2iyy/EbHe6nUu+KfyJ4WGV9P9tyX7EZOwBKnx9JVFATZeqOPOWhBWnkVZAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUyiKJwNsb9sRDtP20VDpaL0iFEjwwHwYDVR0j
BBgwFoAUiM3ZwZPakYWkrBWyreh1/pe29JEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTZhZmYyMzQtNjFjNS00MjkwLThhNmQtNWYyYjkwMjcz
MjJmLzAvODhDREQ5QzE5M0RBOTE4NUE0QUMxNUIyQURFODc1RkU5N0I2RjQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNM1p3WlBha1lXa3JCV3lyZWgxX3Bl
MjlKRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTZhZmYyMzQt
NjFjNS00MjkwLThhNmQtNWYyYjkwMjczMjJmLzAvMzI2MTMwNjQzYTYyMzIzODMw
M2EzYTJmMzIzOTJkMzIzOTIwM2QzZTIwMzQzMTM3MzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoN
soAwDQYJKoZIhvcNAQELBQADggEBAKZlAUsa5J1X2tpZB391Z/SwgTwBICEBe09I
7tQSbeMu5MyZ8y+/Am1VTEws4wZ/PkMfIV0Fi6jxw4HLQDEK8UfeaX6rKV3o7SW9
KI51GMfBaLCmjpZ0oEDrj62ocdXLth0Hq/jlFT8LLf0oqysQOni1MI5bKWF0JtQS
10RYjJoPgi7W28ypIrFIeaW5OMeENIol3CSGpbU0adgWAtFdJPaQGVwFjCMcpKq9
8u4nZEZnEtHEDevSThYp1B4/Yn2+Ni3hZxmCcWQOK8tjoXrJBoHyv5xfAvCH0/qm
bq1iJ937hVZO34KjZjQ+UPFWSLR7yiBw5FF6MvynfgtJsSl/Gwg=
-----END CERTIFICATE-----