Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/326130313a3666303a3a2f34302d3430203d3e203432333636.roa
File:                     326130313a3666303a3a2f34302d3430203d3e203432333636.roa (raw, json)
Hash identifier:          vAVtz5s9Viy7umXb6Hn+YzhxqRGf3OoKSoQtqtvvRrs=
Subject key identifier:   7A:38:15:8A:CB:A5:D7:6A:DE:2F:62:13:2E:DB:FF:7B:78:CA:1A:BD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       398C1AF5866201BB3880B1147F4BFB381A04F18A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/326130313a3666303a3a2f34302d3430203d3e203432333636.roa
Signing time:             Mon 26 Feb 2024 08:53:14 +0000
ROA not before:           Mon 26 Feb 2024 08:48:14 +0000
ROA not after:            Mon 24 Feb 2025 08:53:14 +0000
asID:                     42366
IP address blocks:        2a01:6f0::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:8c:1a:f5:86:62:01:bb:38:80:b1:14:7f:4b:fb:38:1a:04:f1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:14 2024 GMT
            Not After : Feb 24 08:53:14 2025 GMT
        Subject: CN=7A38158ACBA5D76ADE2F62132EDBFF7B78CA1ABD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:61:1c:b6:77:96:09:73:98:a0:bb:c0:a4:21:
                    e8:9b:13:3e:0f:64:30:c6:22:94:08:f5:4e:ab:aa:
                    c2:fc:e0:19:21:70:92:97:85:db:47:62:17:1f:1d:
                    e0:f6:67:a3:2e:01:11:8a:10:70:78:b8:3f:7f:c4:
                    5d:91:7e:c0:d5:18:37:f9:f5:fe:bf:91:c7:9a:76:
                    7a:9b:48:f5:15:b9:1b:05:46:b7:ad:eb:51:36:c4:
                    8a:46:dc:07:51:ec:2c:a8:f0:dc:7e:ee:ae:12:71:
                    8a:43:f7:89:75:36:47:4c:7e:0a:c1:ad:d8:c4:b3:
                    8b:a6:18:70:32:fb:d3:fe:5e:6b:fc:3a:10:e0:65:
                    3e:31:20:52:0f:3d:53:67:7e:e2:5e:56:ca:6c:04:
                    a4:ab:64:d9:cd:a0:60:e0:f5:44:55:e4:04:61:f4:
                    7e:07:a4:b4:6c:ed:25:8e:0e:a7:28:9b:aa:1f:28:
                    85:33:90:95:d3:af:3a:b2:92:71:50:43:55:00:b0:
                    1b:44:b6:e7:88:5f:d9:26:cb:43:b9:24:61:6f:b4:
                    ee:65:87:ec:60:e0:56:c8:18:95:f7:70:85:a8:de:
                    96:8f:be:33:ef:b7:02:40:4a:d7:f8:6a:68:73:2c:
                    95:da:69:5c:99:92:97:59:50:c0:9a:c1:81:f1:fb:
                    df:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:38:15:8A:CB:A5:D7:6A:DE:2F:62:13:2E:DB:FF:7B:78:CA:1A:BD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/326130313a3666303a3a2f34302d3430203d3e203432333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:6f0::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:8a:da:f5:66:92:fa:cd:47:30:a6:6b:27:69:e6:34:a6:43:
         7d:b7:76:06:68:5f:e7:66:b7:09:f1:1f:11:21:01:2f:b0:bf:
         b4:ff:77:e9:14:c7:5a:33:0d:5a:8b:91:e5:25:24:b0:7a:2f:
         af:79:88:42:4f:ca:29:f2:26:54:18:58:59:76:4c:58:5f:21:
         a2:46:d7:3b:4a:cf:cb:68:29:e1:3c:82:b3:6c:68:be:8b:e7:
         bc:d5:36:0d:eb:34:59:91:39:06:0a:ac:b2:38:a8:92:4c:71:
         06:4c:4d:f8:cb:f3:5d:6e:f8:af:9e:74:1c:63:56:83:6b:a6:
         01:4f:aa:47:ea:c8:67:25:af:2c:a9:6b:7e:bb:4d:4f:a6:75:
         7f:be:f4:75:97:f5:59:85:31:0c:43:26:29:9e:2b:fb:7b:84:
         1c:f9:40:5f:0a:c5:6b:df:d1:e7:e2:68:69:9f:ae:a3:a2:48:
         73:51:25:a9:22:f7:99:f8:6c:e4:ea:65:96:ea:ed:2d:ed:16:
         31:65:0c:02:e7:db:30:97:29:b5:bf:ea:51:fa:12:ca:a9:42:
         15:19:de:87:c0:a6:ae:a2:8c:a3:f7:d3:9a:69:b3:93:39:1e:
         50:c6:52:42:eb:89:c3:c1:53:4a:0e:91:8f:e8:ea:fc:5b:f0:
         71:18:22:e8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOYwa9YZiAbs4gLEUf0v7OBoE8YowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTRaFw0yNTAyMjQwODUzMTRaMDMxMTAvBgNV
BAMTKDdBMzgxNThBQ0JBNUQ3NkFERTJGNjIxMzJFREJGRjdCNzhDQTFBQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnYRy2d5YJc5igu8CkIeibEz4P
ZDDGIpQI9U6rqsL84BkhcJKXhdtHYhcfHeD2Z6MuARGKEHB4uD9/xF2RfsDVGDf5
9f6/kceadnqbSPUVuRsFRret61E2xIpG3AdR7Cyo8Nx+7q4ScYpD94l1NkdMfgrB
rdjEs4umGHAy+9P+Xmv8OhDgZT4xIFIPPVNnfuJeVspsBKSrZNnNoGDg9URV5ARh
9H4HpLRs7SWODqcom6ofKIUzkJXTrzqyknFQQ1UAsBtEtueIX9kmy0O5JGFvtO5l
h+xg4FbIGJX3cIWo3paPvjPvtwJAStf4amhzLJXaaVyZkpdZUMCawYHx+9+9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUejgVisul12reL2ITLtv/e3jKGr0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzI2MTMwMzEzYTM2NjYzMDNh
M2EyZjM0MzAyZDM0MzAyMDNkM2UyMDM0MzIzMzM2MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqAQbw
ADANBgkqhkiG9w0BAQsFAAOCAQEAd4ra9WaS+s1HMKZrJ2nmNKZDfbd2Bmhf52a3
CfEfESEBL7C/tP936RTHWjMNWouR5SUksHovr3mIQk/KKfImVBhYWXZMWF8hokbX
O0rPy2gp4TyCs2xovovnvNU2Des0WZE5BgqssjiokkxxBkxN+MvzXW74r550HGNW
g2umAU+qR+rIZyWvLKlrfrtNT6Z1f770dZf1WYUxDEMmKZ4r+3uEHPlAXwrFa9/R
5+JoaZ+uo6JIc1ElqSL3mfhs5OpllurtLe0WMWUMAufbMJcptb/qUfoSyqlCFRne
h8CmrqKMo/fTmmmzkzkeUMZSQuuJw8FTSg6Rj+jq/FvwcRgi6A==
-----END CERTIFICATE-----