Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/clonoth/1/326131333a376134303a3a2f32392d3438203d3e203537313936.roa
File:                     326131333a376134303a3a2f32392d3438203d3e203537313936.roa (raw, json)
Hash identifier:          5/xue1t7Vp0t9BDsTl1B+IiUGePh3wUDZ/Dncr6ArKI=
Subject key identifier:   12:C0:81:6F:66:19:F9:C4:06:A4:9E:83:2C:A3:6C:EA:8D:E9:AE:26
Certificate issuer:       /CN=c23a7169f6499dd2815c9178a890bc4c0514ddf9
Certificate serial:       4C2E6A3D812C9CF716A3FF02F54E0D8A5991DA88
Authority key identifier: C2:3A:71:69:F6:49:9D:D2:81:5C:91:78:A8:90:BC:4C:05:14:DD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer
Subject info access:      rsync://rsync.rp.ki/repo/clonoth/1/326131333a376134303a3a2f32392d3438203d3e203537313936.roa
Signing time:             Sun 03 Dec 2023 21:38:44 +0000
ROA not before:           Sun 03 Dec 2023 21:33:44 +0000
ROA not after:            Sun 01 Dec 2024 21:38:44 +0000
asID:                     57196
IP address blocks:        2a13:7a40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.crl
                          rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:2e:6a:3d:81:2c:9c:f7:16:a3:ff:02:f5:4e:0d:8a:59:91:da:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c23a7169f6499dd2815c9178a890bc4c0514ddf9
        Validity
            Not Before: Dec  3 21:33:44 2023 GMT
            Not After : Dec  1 21:38:44 2024 GMT
        Subject: CN=12C0816F6619F9C406A49E832CA36CEA8DE9AE26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:74:f5:f2:7d:10:31:83:ca:a6:c9:04:5c:b8:
                    1e:dd:a3:b9:51:1c:9e:20:e6:e1:35:70:57:2a:aa:
                    ab:f5:6c:bd:fa:e9:1e:5a:1a:6f:6e:ef:be:ba:6b:
                    20:3e:87:01:20:3d:c0:aa:b2:f8:84:33:71:41:d5:
                    07:62:6c:c2:75:4f:3d:5a:10:33:cd:3a:1b:ab:0a:
                    31:b5:fd:02:34:c2:cf:65:fc:1e:6a:a5:e7:75:b8:
                    58:2b:47:2b:c9:14:4d:50:33:64:72:5e:da:48:b3:
                    8c:4f:82:1c:02:41:16:ec:18:c1:7c:2f:2b:12:17:
                    3c:a4:3c:b7:57:91:dd:b7:df:0f:45:a7:05:1b:80:
                    ec:f3:52:31:af:1a:bc:c6:5e:92:09:d3:e7:7e:f2:
                    1d:0f:ab:b7:38:b6:a1:0e:6d:b8:7d:03:ed:5c:0c:
                    71:03:69:69:2d:d1:ef:52:ae:42:ae:30:5e:b3:2b:
                    5c:d8:fc:af:2b:1f:3b:23:ef:a9:50:e1:9b:4e:08:
                    56:7e:4b:60:9e:ec:71:fb:c2:26:80:e4:e4:78:97:
                    4b:28:60:90:9d:51:10:ec:9a:f5:c5:dc:38:2f:2c:
                    8f:67:05:8f:b7:8c:10:59:13:44:3c:3a:18:fa:20:
                    fe:ef:e8:30:5f:93:f5:a6:3e:f4:08:39:cb:29:51:
                    62:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C0:81:6F:66:19:F9:C4:06:A4:9E:83:2C:A3:6C:EA:8D:E9:AE:26
            X509v3 Authority Key Identifier:
                keyid:C2:3A:71:69:F6:49:9D:D2:81:5C:91:78:A8:90:BC:4C:05:14:DD:F9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/clonoth/1/C23A7169F6499DD2815C9178A890BC4C0514DDF9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjpxafZJndKBXJF4qJC8TAUU3fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/clonoth/1/326131333a376134303a3a2f32392d3438203d3e203537313936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:3a:86:dd:13:fb:5c:8b:bc:03:e4:f7:e6:74:57:e2:43:46:
         62:8a:3e:be:10:73:e7:72:24:fd:4b:24:d0:38:d1:58:f1:8f:
         43:d4:b0:68:9d:c2:a7:9e:9d:34:bf:92:77:04:b7:6d:11:9f:
         b6:26:47:f6:0c:43:a1:88:a8:c4:e4:da:ac:ed:72:b9:8e:40:
         d9:e6:67:55:75:d0:7d:36:0e:fa:62:47:1f:8d:b1:1a:e6:66:
         b8:e3:84:23:31:2e:9d:a1:42:47:f0:83:e4:d7:f8:c8:d2:b8:
         bd:9e:06:4b:d4:39:8e:df:4a:02:6f:05:0b:8d:98:6d:82:b1:
         66:4f:1a:a0:f6:49:95:33:66:da:3e:0e:f5:c9:17:1a:f2:48:
         ee:b7:2d:d4:a4:95:8d:81:50:b7:07:e1:10:8a:03:28:86:b3:
         c0:05:ba:ee:ee:17:7f:0f:29:59:03:70:23:86:02:7a:bd:c0:
         d3:ef:8d:48:55:bf:cd:b7:7a:b4:91:d4:05:36:0e:0d:14:f9:
         5a:5c:3e:e7:17:c9:77:b8:56:77:ae:43:e2:49:ea:12:1b:4f:
         9d:c9:4b:a5:59:9e:12:c9:8d:90:04:28:7f:db:8d:cc:b0:9d:
         d1:e8:fc:46:23:85:7d:a7:52:48:88:4c:fc:24:d3:c2:0c:1f:
         d8:53:8d:60
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUTC5qPYEsnPcWo/8C9U4NilmR2ogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzYTcxNjlmNjQ5OWRkMjgxNWM5MTc4YTg5MGJjNGMw
NTE0ZGRmOTAeFw0yMzEyMDMyMTMzNDRaFw0yNDEyMDEyMTM4NDRaMDMxMTAvBgNV
BAMTKDEyQzA4MTZGNjYxOUY5QzQwNkE0OUU4MzJDQTM2Q0VBOERFOUFFMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzdPXyfRAxg8qmyQRcuB7do7lR
HJ4g5uE1cFcqqqv1bL366R5aGm9u7766ayA+hwEgPcCqsviEM3FB1QdibMJ1Tz1a
EDPNOhurCjG1/QI0ws9l/B5qped1uFgrRyvJFE1QM2RyXtpIs4xPghwCQRbsGMF8
LysSFzykPLdXkd233w9FpwUbgOzzUjGvGrzGXpIJ0+d+8h0Pq7c4tqEObbh9A+1c
DHEDaWkt0e9SrkKuMF6zK1zY/K8rHzsj76lQ4ZtOCFZ+S2Ce7HH7wiaA5OR4l0so
YJCdURDsmvXF3DgvLI9nBY+3jBBZE0Q8Ohj6IP7v6DBfk/WmPvQIOcspUWKRAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUEsCBb2YZ+cQGpJ6DLKNs6o3priYwHwYDVR0j
BBgwFoAUwjpxafZJndKBXJF4qJC8TAUU3fkwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnN5bmMucnAua2kvcmVwby9jbG9ub3RoLzEv
QzIzQTcxNjlGNjQ5OUREMjgxNUM5MTc4QTg5MEJDNEMwNTE0RERGOS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL3dqcHhhZlpKbmRLQlhKRjRxSkM4VEFVVTNmay5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3JzeW5jLnJw
LmtpL3JlcG8vY2xvbm90aC8xLzMyNjEzMTMzM2EzNzYxMzQzMDNhM2EyZjMyMzky
ZDM0MzgyMDNkM2UyMDM1MzczMTM5MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqE3pAMA0GCSqGSIb3
DQEBCwUAA4IBAQCOOobdE/tci7wD5PfmdFfiQ0Ziij6+EHPnciT9SyTQONFY8Y9D
1LBoncKnnp00v5J3BLdtEZ+2Jkf2DEOhiKjE5Nqs7XK5jkDZ5mdVddB9Ng76Ykcf
jbEa5ma444QjMS6doUJH8IPk1/jI0ri9ngZL1DmO30oCbwULjZhtgrFmTxqg9kmV
M2baPg71yRca8kjuty3UpJWNgVC3B+EQigMohrPABbru7hd/DylZA3AjhgJ6vcDT
741IVb/Nt3q0kdQFNg4NFPlaXD7nF8l3uFZ3rkPiSeoSG0+dyUulWZ4SyY2QBCh/
243MsJ3R6PxGI4V9p1JIiEz8JNPCDB/YU41g
-----END CERTIFICATE-----