Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/clonoth/1/326131333a376134303a3a2f32392d3438203d3e203537313936.roa
File:                     326131333a376134303a3a2f32392d3438203d3e203537313936.roa (raw, json)
Hash identifier:          XL6US0An98xPzqDkSmmsQ/A2pY3jEWx/noy7TrW/Uto=
Subject key identifier:   B5:BC:2C:4D:A8:40:7F:59:5A:4D:2D:8C:84:75:82:E1:7E:8F:65:DA
Certificate issuer:       /CN=c23a7169f6499dd2815c9178a890bc4c0514ddf9
Certificate serial:       760C97DE88B4B93C484269973F3CB95556991783
Authority key identifier: C2:3A:71:69:F6:49:9D:D2:81:5C:91:78:A8:90:BC:4C:05:14:DD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer
Subject info access:      rsync://rsync.rp.ki/repo/clonoth/1/326131333a376134303a3a2f32392d3438203d3e203537313936.roa
Signing time:             Sun 03 Nov 2024 22:30:18 +0000
ROA not before:           Sun 03 Nov 2024 22:25:18 +0000
ROA not after:            Sun 02 Nov 2025 22:30:18 +0000
asID:                     57196
IP address blocks:        2a13:7a40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.crl
                          rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:0c:97:de:88:b4:b9:3c:48:42:69:97:3f:3c:b9:55:56:99:17:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c23a7169f6499dd2815c9178a890bc4c0514ddf9
        Validity
            Not Before: Nov  3 22:25:18 2024 GMT
            Not After : Nov  2 22:30:18 2025 GMT
        Subject: CN=B5BC2C4DA8407F595A4D2D8C847582E17E8F65DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:16:28:49:a3:31:ad:48:1b:a2:1b:ea:5c:68:
                    f4:31:10:b7:35:21:f9:ea:8a:d9:bf:6e:21:52:c3:
                    72:29:37:15:d3:5a:dd:21:ec:7e:70:a6:69:f6:d2:
                    6d:00:76:d2:10:94:36:d9:fa:4d:36:62:fc:26:a2:
                    cd:48:4b:23:82:be:40:3d:be:fd:19:2b:25:c1:ac:
                    bc:0d:5c:06:02:d5:ea:c0:10:5c:9c:5f:f5:cd:46:
                    61:48:c4:81:fe:1f:4d:fe:4b:70:3d:1d:90:c7:f6:
                    3e:bf:99:3b:8c:65:7f:72:4d:0e:b8:ae:6b:8e:9b:
                    04:e1:1c:e7:9c:03:60:b3:e0:b1:83:83:ca:d4:e3:
                    38:24:7f:2a:f5:31:5b:34:f1:19:a0:95:6b:e6:e5:
                    46:77:03:c4:84:65:95:cb:a6:3d:39:15:71:b2:64:
                    f0:45:95:0d:23:dd:ac:7d:71:d1:e0:6e:a5:97:03:
                    2c:9b:43:cf:cc:34:a8:11:b6:43:e3:47:24:09:73:
                    9f:b5:36:2d:12:bf:2d:ff:7e:15:45:09:d8:7b:a8:
                    bf:98:de:7c:b2:db:11:e1:0a:15:40:94:b5:58:29:
                    12:56:b2:d0:20:4e:69:dd:57:f3:fe:2d:55:b6:be:
                    e5:d2:28:6d:d7:c9:3e:52:55:ed:96:81:6c:4d:16:
                    e3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:BC:2C:4D:A8:40:7F:59:5A:4D:2D:8C:84:75:82:E1:7E:8F:65:DA
            X509v3 Authority Key Identifier:
                keyid:C2:3A:71:69:F6:49:9D:D2:81:5C:91:78:A8:90:BC:4C:05:14:DD:F9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/clonoth/1/326131333a376134303a3a2f32392d3438203d3e203537313936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:fc:d5:b5:ff:4c:d5:99:81:36:27:65:c0:7b:c1:74:b0:dd:
         d3:10:7e:7c:4f:e1:73:a9:1b:eb:91:20:d6:66:5f:66:7e:94:
         c5:fa:1d:1b:db:0e:83:46:b0:1a:9f:a5:86:c8:26:57:86:39:
         c3:b7:4e:5f:9a:a8:76:bf:c1:02:00:19:12:f4:87:8b:fe:30:
         72:f4:b9:b5:2f:6e:31:b8:7a:c4:e6:e0:38:8d:e4:9a:66:63:
         b7:6a:be:c3:c9:e6:21:3b:e2:d5:de:62:73:9f:2f:0d:59:52:
         31:fb:24:5f:81:37:f5:8d:ca:dd:9a:a2:c4:67:e7:74:03:a9:
         e4:74:06:63:f6:ad:61:55:a9:98:25:8c:79:4a:3c:e9:86:9a:
         5f:db:41:0f:43:1a:d0:8a:36:c3:ac:23:8a:21:22:51:0f:df:
         09:01:00:a6:03:7a:20:28:73:6b:a8:83:3c:e5:fd:f1:98:ff:
         d9:64:d0:d9:b0:77:3d:5b:dc:94:09:8c:6a:12:65:a1:a5:aa:
         69:0c:4e:8a:59:41:77:4f:c7:f4:72:e6:f7:eb:93:83:3d:15:
         ff:46:4a:1a:b5:d8:b0:db:b1:71:90:d8:04:34:c0:eb:40:89:
         41:46:99:93:d7:7f:98:e7:e4:5d:26:b2:48:e3:f6:8f:61:7c:
         71:32:f6:d4
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUdgyX3oi0uTxIQmmXPzy5VVaZF4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzYTcxNjlmNjQ5OWRkMjgxNWM5MTc4YTg5MGJjNGMw
NTE0ZGRmOTAeFw0yNDExMDMyMjI1MThaFw0yNTExMDIyMjMwMThaMDMxMTAvBgNV
BAMTKEI1QkMyQzREQTg0MDdGNTk1QTREMkQ4Qzg0NzU4MkUxN0U4RjY1REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKFihJozGtSBuiG+pcaPQxELc1
Ifnqitm/biFSw3IpNxXTWt0h7H5wpmn20m0AdtIQlDbZ+k02Yvwmos1ISyOCvkA9
vv0ZKyXBrLwNXAYC1erAEFycX/XNRmFIxIH+H03+S3A9HZDH9j6/mTuMZX9yTQ64
rmuOmwThHOecA2Cz4LGDg8rU4zgkfyr1MVs08RmglWvm5UZ3A8SEZZXLpj05FXGy
ZPBFlQ0j3ax9cdHgbqWXAyybQ8/MNKgRtkPjRyQJc5+1Ni0Svy3/fhVFCdh7qL+Y
3nyy2xHhChVAlLVYKRJWstAgTmndV/P+LVW2vuXSKG3XyT5SVe2WgWxNFuM7AgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUtbwsTahAf1laTS2MhHWC4X6PZdowHwYDVR0j
BBgwFoAUwjpxafZJndKBXJF4qJC8TAUU3fkwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnN5bmMucnAua2kvcmVwby9jbG9ub3RoLzEv
QzIzQTcxNjlGNjQ5OUREMjgxNUM5MTc4QTg5MEJDNEMwNTE0RERGOS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL3dqcHhhZlpKbmRLQlhKRjRxSkM4VEFVVTNmay5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3JzeW5jLnJw
LmtpL3JlcG8vY2xvbm90aC8xLzMyNjEzMTMzM2EzNzYxMzQzMDNhM2EyZjMyMzky
ZDM0MzgyMDNkM2UyMDM1MzczMTM5MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqE3pAMA0GCSqGSIb3
DQEBCwUAA4IBAQAZ/NW1/0zVmYE2J2XAe8F0sN3TEH58T+FzqRvrkSDWZl9mfpTF
+h0b2w6DRrAan6WGyCZXhjnDt05fmqh2v8ECABkS9IeL/jBy9Lm1L24xuHrE5uA4
jeSaZmO3ar7DyeYhO+LV3mJzny8NWVIx+yRfgTf1jcrdmqLEZ+d0A6nkdAZj9q1h
VamYJYx5Sjzphppf20EPQxrQijbDrCOKISJRD98JAQCmA3ogKHNrqIM85f3xmP/Z
ZNDZsHc9W9yUCYxqEmWhpappDE6KWUF3T8f0cub365ODPRX/Rkoatdiw27FxkNgE
NMDrQIlBRpmT13+Y5+RdJrJI4/aPYXxxMvbU
-----END CERTIFICATE-----