Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa
File:                     326131313a353730303a3a2f33322d3332203d3e203438303730.roa (raw, json)
Hash identifier:          Fqs+xGh2wCPoRebx3WWGGz8gG+3wDYrzV+eGaABVra0=
Subject key identifier:   8B:C8:8A:AC:DF:24:D7:85:B9:9C:55:9F:F9:07:6F:9B:E1:0B:DA:73
Certificate issuer:       /CN=98a87cad5b710890a9528f166f4202393824e6b8
Certificate serial:       0E9D8DC32615097BA84E8EA005EDC9A76E248CF6
Authority key identifier: 98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa
Signing time:             Tue 27 May 2025 15:50:37 +0000
ROA not before:           Tue 27 May 2025 15:45:37 +0000
ROA not after:            Tue 26 May 2026 15:50:37 +0000
asID:                     48070
IP address blocks:        2a11:5700::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 17:28:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:9d:8d:c3:26:15:09:7b:a8:4e:8e:a0:05:ed:c9:a7:6e:24:8c:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a87cad5b710890a9528f166f4202393824e6b8
        Validity
            Not Before: May 27 15:45:37 2025 GMT
            Not After : May 26 15:50:37 2026 GMT
        Subject: CN=8BC88AACDF24D785B99C559FF9076F9BE10BDA73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:91:8e:54:e4:4b:56:b6:30:d6:e7:df:27:f3:
                    7c:2c:5a:ba:61:3d:b8:af:2a:a1:d6:f3:5a:08:1c:
                    a2:1c:b7:5c:1b:3f:72:82:c4:11:dc:a1:3a:34:f2:
                    5c:91:67:5e:1c:dc:14:f7:c5:62:57:02:e8:61:b9:
                    5c:37:ad:f3:66:53:29:91:f0:77:01:4b:b9:7f:35:
                    6b:ec:da:f1:60:f4:34:1d:61:97:1d:fd:30:e1:7b:
                    d4:f5:c7:a9:8e:57:bc:15:cf:5c:15:bc:06:36:2f:
                    c7:b8:1d:a0:ae:37:87:44:01:1b:43:47:1a:e9:d8:
                    f6:ac:f8:a4:d7:bb:19:a6:bf:12:be:64:c1:b0:66:
                    45:67:5b:f4:5f:7a:f2:3b:b6:74:d9:8a:f3:55:45:
                    85:88:72:db:86:2f:85:cf:f7:95:9f:68:4c:30:6b:
                    8e:bf:07:72:af:aa:f6:e4:a6:c6:9f:15:c5:ee:4f:
                    de:6f:1b:37:e6:20:31:64:3b:6c:37:43:0c:94:79:
                    e3:a5:d2:38:37:4d:2e:05:cc:88:96:5c:ab:28:64:
                    67:11:fe:27:c1:06:76:0e:8a:b6:0d:9e:3a:02:f2:
                    e9:d6:0d:26:d2:fb:8f:c0:d5:48:31:4c:f7:b8:6c:
                    91:35:76:11:b3:d5:c7:f4:fe:bc:ff:5e:fa:87:d7:
                    1b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C8:8A:AC:DF:24:D7:85:B9:9C:55:9F:F9:07:6F:9B:E1:0B:DA:73
            X509v3 Authority Key Identifier:
                keyid:98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5700::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:48:0a:b9:fc:ac:cb:0a:5c:26:f0:84:29:d8:01:48:f8:c6:
         58:04:1c:cd:10:97:fe:8d:2c:85:0f:d9:6f:82:18:3c:0f:60:
         d1:54:76:8d:91:e2:6e:05:02:21:7d:8a:47:47:ea:98:04:76:
         c6:77:7c:d3:68:4f:6c:a2:2b:c1:c4:4e:61:3f:71:c1:80:71:
         a2:6e:a8:73:2a:de:bb:c0:52:0d:a9:8c:fe:a0:66:b0:4c:6d:
         1e:26:b1:54:2d:58:a8:a1:34:c1:b6:0d:ae:fd:8d:ee:a3:fc:
         e7:68:ac:95:14:f7:d2:0d:d7:70:d5:db:7c:59:03:fc:66:42:
         c7:0a:4c:b2:88:0d:4a:11:5b:c0:21:4d:02:b5:b9:06:29:70:
         31:21:81:7f:ac:79:51:12:f5:d3:64:74:16:79:02:b5:a5:c5:
         0d:6a:92:6e:fa:bd:3c:f3:11:a9:53:bf:99:c8:79:d7:24:26:
         5b:c4:91:52:7e:e9:e4:4d:c4:59:70:4a:68:c4:10:6c:d9:ae:
         58:eb:76:d9:7e:6b:b1:1b:13:50:36:cc:de:e3:ce:be:10:3c:
         4e:e0:fb:42:6d:62:e8:fd:f7:e8:23:ca:d7:18:3f:7c:76:93:
         7f:df:d5:f5:c9:c7:56:4c:31:0a:39:a1:44:70:1d:60:2b:12:
         7e:4b:38:ed
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUDp2NwyYVCXuoTo6gBe3Jp24kjPYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOThhODdjYWQ1YjcxMDg5MGE5NTI4ZjE2NmY0MjAyMzkz
ODI0ZTZiODAeFw0yNTA1MjcxNTQ1MzdaFw0yNjA1MjYxNTUwMzdaMDMxMTAvBgNV
BAMTKDhCQzg4QUFDREYyNEQ3ODVCOTlDNTU5RkY5MDc2RjlCRTEwQkRBNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjkY5U5EtWtjDW598n83wsWrph
PbivKqHW81oIHKIct1wbP3KCxBHcoTo08lyRZ14c3BT3xWJXAuhhuVw3rfNmUymR
8HcBS7l/NWvs2vFg9DQdYZcd/TDhe9T1x6mOV7wVz1wVvAY2L8e4HaCuN4dEARtD
Rxrp2Pas+KTXuxmmvxK+ZMGwZkVnW/RfevI7tnTZivNVRYWIctuGL4XP95WfaEww
a46/B3KvqvbkpsafFcXuT95vGzfmIDFkO2w3QwyUeeOl0jg3TS4FzIiWXKsoZGcR
/ifBBnYOirYNnjoC8unWDSbS+4/A1UgxTPe4bJE1dhGz1cf0/rz/XvqH1xvdAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUi8iKrN8k14W5nFWf+Qdvm+EL2nMwHwYDVR0j
BBgwFoAUmKh8rVtxCJCpUo8Wb0ICOTgk5rgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUtNGIxYS00NmVhLTljOTUtNGFmMTI5NjRh
NDlkLzAvOThBODdDQUQ1QjcxMDg5MEE5NTI4RjE2NkY0MjAyMzkzODI0RTZCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL21LaDhyVnR4Q0pDcFVvOFdiMElDT1Rn
azVyZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUt
NGIxYS00NmVhLTljOTUtNGFmMTI5NjRhNDlkLzAvMzI2MTMxMzEzYTM1MzczMDMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzQzODMwMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoR
VwAwDQYJKoZIhvcNAQELBQADggEBAJtICrn8rMsKXCbwhCnYAUj4xlgEHM0Ql/6N
LIUP2W+CGDwPYNFUdo2R4m4FAiF9ikdH6pgEdsZ3fNNoT2yiK8HETmE/ccGAcaJu
qHMq3rvAUg2pjP6gZrBMbR4msVQtWKihNMG2Da79je6j/OdorJUU99IN13DV23xZ
A/xmQscKTLKIDUoRW8AhTQK1uQYpcDEhgX+seVES9dNkdBZ5ArWlxQ1qkm76vTzz
EalTv5nIedckJlvEkVJ+6eRNxFlwSmjEEGzZrljrdtl+a7EbE1A2zN7jzr4QPE7g
+0JtYuj99+gjytcYP3x2k3/f1fXJx1ZMMQo5oURwHWArEn5LOO0=
-----END CERTIFICATE-----