Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/326130333a323738303a3a2f33322d3332203d3e203537323338.roa
File:                     326130333a323738303a3a2f33322d3332203d3e203537323338.roa (raw, json)
Hash identifier:          ZJMA0HY+0VHkjTEIEcmv1mrdTOFT4Dp4No+bAYgTwiY=
Subject key identifier:   E3:5D:5C:ED:E5:28:2A:E0:A9:00:29:22:02:26:2D:83:A0:1F:A9:17
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       58CBCA3AD587218A3179C9A42D237E26911FA358
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/326130333a323738303a3a2f33322d3332203d3e203537323338.roa
Signing time:             Thu 04 Apr 2024 11:05:15 +0000
ROA not before:           Thu 04 Apr 2024 11:00:15 +0000
ROA not after:            Thu 03 Apr 2025 11:05:15 +0000
asID:                     57238
IP address blocks:        2a03:2780::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:cb:ca:3a:d5:87:21:8a:31:79:c9:a4:2d:23:7e:26:91:1f:a3:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:15 2024 GMT
            Not After : Apr  3 11:05:15 2025 GMT
        Subject: CN=E35D5CEDE5282AE0A900292202262D83A01FA917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2d:0c:45:b8:7f:e1:57:99:61:93:b2:e3:ee:
                    10:05:ba:d3:99:fa:32:3d:1d:e2:99:d8:f4:d9:64:
                    d3:c7:fe:91:96:1e:91:da:45:d1:dc:4b:16:3d:f7:
                    ce:1a:07:61:8d:8a:fd:6f:98:69:90:48:27:3b:ce:
                    5d:41:7e:2d:b7:3c:37:79:a9:8c:62:8a:92:50:e7:
                    b5:10:86:6a:55:95:c7:f1:6a:5b:46:f8:ff:dd:a1:
                    b6:2e:3c:2f:e7:6a:08:eb:2b:50:08:ee:c2:a6:99:
                    bf:a5:58:c4:2d:09:1e:b3:76:d6:95:21:77:ab:b4:
                    f5:ca:bc:18:fe:5e:0d:8a:58:dc:68:c8:3a:3b:05:
                    3b:b7:62:72:3a:64:41:2f:c9:7c:5e:7d:cb:27:8e:
                    3e:50:f6:42:e2:f8:16:20:06:21:40:38:90:6e:e5:
                    7f:6e:b0:d7:c2:f6:4e:37:f3:80:24:60:97:e1:3a:
                    42:ec:f2:39:2f:ae:26:78:6e:35:3c:0b:2b:22:cb:
                    a1:be:ff:b3:31:ae:13:58:e6:bc:63:3b:3c:22:65:
                    df:54:dd:08:76:6c:7f:3f:e1:b8:47:18:ef:ab:6c:
                    37:7d:2d:f5:00:21:d3:c8:9d:41:a3:a0:5e:04:0e:
                    80:12:37:e2:41:bb:d6:2d:8a:6b:87:81:d3:1c:af:
                    08:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:5D:5C:ED:E5:28:2A:E0:A9:00:29:22:02:26:2D:83:A0:1F:A9:17
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/326130333a323738303a3a2f33322d3332203d3e203537323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2780::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:f0:d5:93:e2:fe:f7:c8:33:7f:b0:81:e4:8e:30:c0:05:e9:
         82:d1:af:6b:de:a7:bf:cc:db:79:da:4d:02:be:37:7d:02:ef:
         9b:fb:e2:ca:ee:f9:64:7d:7d:8a:de:e7:10:a5:b6:b4:ac:c4:
         a6:6b:24:cd:f3:46:08:5b:0e:8e:30:db:cb:7a:43:a3:a6:45:
         bb:2a:d8:f0:09:d2:bc:e9:55:d0:ec:df:e0:0e:ab:fd:e9:29:
         f8:af:2c:22:ca:20:06:89:14:22:cd:73:27:e8:7f:a7:7f:e1:
         b7:11:63:13:47:8b:24:83:aa:7c:6a:4e:50:1e:3e:9a:18:c0:
         15:17:46:f2:c3:c7:e7:79:59:5e:6d:e1:e6:43:95:e3:b6:e5:
         93:9d:54:9c:2c:b8:ed:dc:fd:eb:18:e8:e5:58:1d:5b:da:49:
         48:ad:db:41:e8:56:f4:e3:7c:df:7d:54:75:3f:5d:80:64:36:
         71:4b:db:45:26:17:ab:99:e5:e1:3d:5a:61:fc:00:7a:0d:a0:
         1f:40:67:ee:09:eb:02:4f:c5:2b:bd:79:0b:96:28:93:22:46:
         c5:6f:94:eb:15:a7:98:1c:de:ff:de:f2:51:83:75:ed:9d:4f:
         25:2c:60:d9:6b:ca:d4:0f:52:4f:7d:76:18:5b:48:0f:dc:af:
         8a:f1:09:b2
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUWMvKOtWHIYoxecmkLSN+JpEfo1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTVaFw0yNTA0MDMxMTA1MTVaMDMxMTAvBgNV
BAMTKEUzNUQ1Q0VERTUyODJBRTBBOTAwMjkyMjAyMjYyRDgzQTAxRkE5MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9LQxFuH/hV5lhk7Lj7hAFutOZ
+jI9HeKZ2PTZZNPH/pGWHpHaRdHcSxY9984aB2GNiv1vmGmQSCc7zl1Bfi23PDd5
qYxiipJQ57UQhmpVlcfxaltG+P/dobYuPC/nagjrK1AI7sKmmb+lWMQtCR6zdtaV
IXertPXKvBj+Xg2KWNxoyDo7BTu3YnI6ZEEvyXxefcsnjj5Q9kLi+BYgBiFAOJBu
5X9usNfC9k4384AkYJfhOkLs8jkvriZ4bjU8Cysiy6G+/7MxrhNY5rxjOzwiZd9U
3Qh2bH8/4bhHGO+rbDd9LfUAIdPInUGjoF4EDoASN+JBu9YtimuHgdMcrwgBAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQU411c7eUoKuCpACkiAiYtg6AfqRcwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzI2MTMwMzMzYTMyMzczODMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzNzMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoD
J4AwDQYJKoZIhvcNAQELBQADggEBADHw1ZPi/vfIM3+wgeSOMMAF6YLRr2vep7/M
23naTQK+N30C75v74sru+WR9fYre5xCltrSsxKZrJM3zRghbDo4w28t6Q6OmRbsq
2PAJ0rzpVdDs3+AOq/3pKfivLCLKIAaJFCLNcyfof6d/4bcRYxNHiySDqnxqTlAe
PpoYwBUXRvLDx+d5WV5t4eZDleO25ZOdVJwsuO3c/esY6OVYHVvaSUit20HoVvTj
fN99VHU/XYBkNnFL20UmF6uZ5eE9WmH8AHoNoB9AZ+4J6wJPxSu9eQuWKJMiRsVv
lOsVp5gc3v/e8lGDde2dTyUsYNlrytQPUk99dhhbSA/cr4rxCbI=
-----END CERTIFICATE-----