Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/326130333a323738303a3a2f33322d3332203d3e203537323338.roa
File:                     326130333a323738303a3a2f33322d3332203d3e203537323338.roa (raw, json)
Hash identifier:          3ogyUPr1c5N2o9ugaR891m0jcGM4rFLaSDjN0j4tkaY=
Subject key identifier:   2F:6B:98:91:9A:95:6A:76:71:A9:64:42:3A:D3:92:50:60:9D:DB:8A
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       7B9123F5A7ECE383EF551DCE8E5C4B6E7DE0281B
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/326130333a323738303a3a2f33322d3332203d3e203537323338.roa
Signing time:             Thu 06 Mar 2025 11:53:55 +0000
ROA not before:           Thu 06 Mar 2025 11:48:55 +0000
ROA not after:            Thu 05 Mar 2026 11:53:55 +0000
asID:                     57238
IP address blocks:        2a03:2780::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:42:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:91:23:f5:a7:ec:e3:83:ef:55:1d:ce:8e:5c:4b:6e:7d:e0:28:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar  6 11:48:55 2025 GMT
            Not After : Mar  5 11:53:55 2026 GMT
        Subject: CN=2F6B98919A956A7671A964423AD39250609DDB8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d4:34:ee:02:82:ad:62:b9:8c:2d:9d:0c:6d:
                    f6:1b:56:7f:99:64:77:f2:da:95:39:d7:94:65:32:
                    c6:d9:cf:41:50:7c:c3:c7:70:70:33:52:88:8f:23:
                    6e:05:13:90:4e:69:51:e1:53:83:db:3b:d5:4d:f1:
                    ba:03:82:e3:28:d2:16:84:6c:60:38:8f:75:f2:4a:
                    95:bd:b2:48:03:41:1a:bf:40:ad:c1:75:c7:b9:ce:
                    27:63:ea:71:63:1a:3c:92:d3:47:7e:d9:2a:56:dc:
                    76:6e:e1:4e:d6:6c:09:41:2a:17:54:8b:ce:0a:15:
                    9d:c4:7c:c7:22:35:e5:9a:73:24:f5:9b:b1:16:6d:
                    38:0c:77:31:c5:d4:f5:34:be:4e:e3:e1:b9:73:bc:
                    41:dd:71:50:ef:7a:90:2a:97:50:c4:3c:c2:c2:5c:
                    1f:2a:16:5f:05:dd:3a:49:23:b8:a1:b5:c5:c5:3b:
                    ef:0c:0a:ca:2c:dc:8e:65:35:c6:57:c9:da:ad:eb:
                    ca:fa:7d:07:95:93:90:4b:9b:4c:01:3e:54:17:ed:
                    3c:bf:b3:bd:5a:01:ee:40:f2:9d:a0:af:9d:de:fd:
                    9f:70:7a:c1:42:c0:c9:78:29:49:ca:a2:49:a7:f7:
                    38:85:64:be:6a:e6:71:4d:15:45:86:c4:a1:fd:78:
                    b4:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:6B:98:91:9A:95:6A:76:71:A9:64:42:3A:D3:92:50:60:9D:DB:8A
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/326130333a323738303a3a2f33322d3332203d3e203537323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2780::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:7f:db:cd:88:27:c1:c8:5f:b5:3a:70:03:fa:68:4a:f2:b8:
         49:20:af:5d:12:16:16:20:7a:3b:e9:a0:c2:8b:c5:17:cc:8c:
         cd:bb:80:22:7c:2b:02:1b:88:3e:67:87:ac:f4:04:5c:20:81:
         38:7f:cc:ca:2d:43:92:61:ba:83:3e:cf:3b:08:d9:bc:16:eb:
         57:06:69:5d:b7:67:5c:11:22:ca:8f:a0:69:08:c0:35:1c:c9:
         b7:51:13:d4:a1:ff:f4:f8:b6:3d:c3:68:79:fe:8f:2d:d1:ee:
         7f:78:99:16:75:21:e9:03:66:73:7e:20:03:d8:73:9a:0f:12:
         ef:20:da:d0:1a:03:92:09:fe:f1:51:74:f6:79:f0:a7:8b:50:
         61:5a:43:93:6b:62:51:a3:32:45:96:f5:2d:f1:6e:c7:9d:0d:
         02:e2:bf:b4:a9:fb:a4:36:e1:1f:cb:5e:60:ae:5d:c6:1f:84:
         94:ce:09:e6:0c:0f:60:c1:d4:59:ce:01:4a:18:5b:92:f6:a5:
         2a:c5:a4:57:39:2b:0c:b2:90:32:4d:db:74:83:64:70:8e:b0:
         2b:b2:fb:9c:40:bb:90:c9:8f:3f:05:a9:f0:95:e0:11:3d:89:
         bb:04:ee:3c:f9:a9:10:54:16:e5:8f:bf:e6:66:ac:ce:04:b1:
         d8:04:a6:96
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUe5Ej9afs44PvVR3OjlxLbn3gKBswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTAzMDYxMTQ4NTVaFw0yNjAzMDUxMTUzNTVaMDMxMTAvBgNV
BAMTKDJGNkI5ODkxOUE5NTZBNzY3MUE5NjQ0MjNBRDM5MjUwNjA5RERCOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC11DTuAoKtYrmMLZ0MbfYbVn+Z
ZHfy2pU515RlMsbZz0FQfMPHcHAzUoiPI24FE5BOaVHhU4PbO9VN8boDguMo0haE
bGA4j3XySpW9skgDQRq/QK3Bdce5zidj6nFjGjyS00d+2SpW3HZu4U7WbAlBKhdU
i84KFZ3EfMciNeWacyT1m7EWbTgMdzHF1PU0vk7j4blzvEHdcVDvepAql1DEPMLC
XB8qFl8F3TpJI7ihtcXFO+8MCsos3I5lNcZXydqt68r6fQeVk5BLm0wBPlQX7Ty/
s71aAe5A8p2gr53e/Z9wesFCwMl4KUnKokmn9ziFZL5q5nFNFUWGxKH9eLQVAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUL2uYkZqVanZxqWRCOtOSUGCd24owHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzI2MTMwMzMzYTMyMzczODMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzNzMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoD
J4AwDQYJKoZIhvcNAQELBQADggEBABB/282IJ8HIX7U6cAP6aEryuEkgr10SFhYg
ejvpoMKLxRfMjM27gCJ8KwIbiD5nh6z0BFwggTh/zMotQ5JhuoM+zzsI2bwW61cG
aV23Z1wRIsqPoGkIwDUcybdRE9Sh//T4tj3DaHn+jy3R7n94mRZ1IekDZnN+IAPY
c5oPEu8g2tAaA5IJ/vFRdPZ58KeLUGFaQ5NrYlGjMkWW9S3xbsedDQLiv7Sp+6Q2
4R/LXmCuXcYfhJTOCeYMD2DB1FnOAUoYW5L2pSrFpFc5KwyykDJN23SDZHCOsCuy
+5xAu5DJjz8FqfCV4BE9ibsE7jz5qRBUFuWPv+ZmrM4EsdgEppY=
-----END CERTIFICATE-----