Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730373a3a2f33322d3332203d3e203438303730.roa
File:                     326131313a353730373a3a2f33322d3332203d3e203438303730.roa (raw, json)
Hash identifier:          242POLRepYH713AUptOGvBkM/JpRNVCsIm5BodQGTyY=
Subject key identifier:   4E:42:71:04:BE:27:B8:C6:59:08:4E:4B:F3:AC:E5:AC:56:AA:61:F1
Certificate issuer:       /CN=98a87cad5b710890a9528f166f4202393824e6b8
Certificate serial:       28665101B6BF56BAD4DBBF3E79712A8C5B9A3616
Authority key identifier: 98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730373a3a2f33322d3332203d3e203438303730.roa
Signing time:             Tue 27 May 2025 15:50:36 +0000
ROA not before:           Tue 27 May 2025 15:45:36 +0000
ROA not after:            Tue 26 May 2026 15:50:36 +0000
asID:                     48070
IP address blocks:        2a11:5707::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 17:28:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:66:51:01:b6:bf:56:ba:d4:db:bf:3e:79:71:2a:8c:5b:9a:36:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a87cad5b710890a9528f166f4202393824e6b8
        Validity
            Not Before: May 27 15:45:36 2025 GMT
            Not After : May 26 15:50:36 2026 GMT
        Subject: CN=4E427104BE27B8C659084E4BF3ACE5AC56AA61F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:fe:8b:16:54:04:c9:26:0e:01:31:16:c4:66:
                    25:0d:0d:cb:5f:98:fb:14:a4:39:63:e7:ef:5e:44:
                    ac:b6:e1:5b:de:f6:11:e4:a9:27:70:34:10:78:c1:
                    37:d5:c3:c3:1f:3d:0e:f0:9b:cd:d1:87:77:c8:85:
                    32:92:23:09:e5:82:b8:8c:a0:64:f1:93:cf:5b:be:
                    6e:aa:90:da:38:ca:93:69:0f:3b:f5:2f:05:cc:2f:
                    5f:4f:d1:a1:71:4b:4c:ae:dc:c3:fb:0d:01:ee:2e:
                    bb:a8:22:8b:1d:5e:1d:e6:8a:c8:b9:71:3b:07:f4:
                    91:83:10:43:bf:52:9c:df:73:f3:72:0d:03:60:a6:
                    61:f5:db:d0:d9:36:03:f0:43:87:ca:05:6a:21:51:
                    2e:0c:1a:d5:28:5f:68:6d:8a:b1:0a:8a:60:d0:e1:
                    40:1d:1a:46:37:2a:c1:1f:03:63:b7:d3:29:4f:a6:
                    50:0d:0c:a1:56:f9:d2:73:9a:df:cc:68:11:1d:ab:
                    a9:58:08:7c:74:19:43:ef:87:29:90:53:30:8a:cc:
                    ac:24:34:12:2a:9a:aa:45:77:34:89:0d:19:75:3a:
                    a5:75:57:d0:80:8c:57:ba:6c:88:b0:13:9e:73:88:
                    67:f5:18:27:66:b2:22:95:21:67:89:42:b5:42:20:
                    5d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:42:71:04:BE:27:B8:C6:59:08:4E:4B:F3:AC:E5:AC:56:AA:61:F1
            X509v3 Authority Key Identifier:
                keyid:98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730373a3a2f33322d3332203d3e203438303730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5707::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:bb:56:d5:c6:4b:fd:d0:c2:56:52:9b:62:ae:ac:c9:9a:45:
         dd:95:1b:ad:d6:a2:0d:0b:70:4b:00:97:39:b0:88:b5:30:21:
         28:98:7a:a8:2e:fa:f0:87:0f:db:7f:f0:79:94:b7:71:82:c1:
         cf:1e:e4:80:2c:35:4b:91:89:c7:73:10:38:0e:89:13:14:db:
         71:41:86:38:2b:44:29:2c:65:90:99:82:ac:e8:f0:5b:01:94:
         b4:c8:00:cc:c6:34:31:5a:8a:cd:da:bc:f4:bd:b4:09:ed:b0:
         b2:70:cf:be:88:37:62:45:11:75:b8:96:0e:79:27:6c:b3:1b:
         e5:0c:80:76:f4:ee:02:24:9c:9e:3a:f0:b6:07:ba:9a:6a:53:
         23:2a:c9:98:17:ad:06:15:70:03:57:c1:cb:25:f5:62:e2:63:
         d5:c4:de:2b:e2:e4:9a:d5:3e:dd:1d:da:56:b3:89:cc:b5:46:
         c0:f5:68:24:85:f9:3b:97:56:3e:80:5a:bf:58:96:6d:54:b7:
         1b:4b:1f:32:b5:9f:4f:71:5f:98:ce:19:00:47:e9:ca:b5:c6:
         bd:b6:80:ad:0d:0d:5c:fd:07:1b:30:ac:1f:c1:af:8f:c3:0e:
         e7:11:41:e1:66:94:99:3f:b7:93:d7:09:a1:78:4a:1b:e6:8f:
         0d:7d:2a:10
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUKGZRAba/VrrU278+eXEqjFuaNhYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOThhODdjYWQ1YjcxMDg5MGE5NTI4ZjE2NmY0MjAyMzkz
ODI0ZTZiODAeFw0yNTA1MjcxNTQ1MzZaFw0yNjA1MjYxNTUwMzZaMDMxMTAvBgNV
BAMTKDRFNDI3MTA0QkUyN0I4QzY1OTA4NEU0QkYzQUNFNUFDNTZBQTYxRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd/osWVATJJg4BMRbEZiUNDctf
mPsUpDlj5+9eRKy24Vve9hHkqSdwNBB4wTfVw8MfPQ7wm83Rh3fIhTKSIwnlgriM
oGTxk89bvm6qkNo4ypNpDzv1LwXML19P0aFxS0yu3MP7DQHuLruoIosdXh3misi5
cTsH9JGDEEO/Upzfc/NyDQNgpmH129DZNgPwQ4fKBWohUS4MGtUoX2htirEKimDQ
4UAdGkY3KsEfA2O30ylPplANDKFW+dJzmt/MaBEdq6lYCHx0GUPvhymQUzCKzKwk
NBIqmqpFdzSJDRl1OqV1V9CAjFe6bIiwE55ziGf1GCdmsiKVIWeJQrVCIF03AgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUTkJxBL4nuMZZCE5L86zlrFaqYfEwHwYDVR0j
BBgwFoAUmKh8rVtxCJCpUo8Wb0ICOTgk5rgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUtNGIxYS00NmVhLTljOTUtNGFmMTI5NjRh
NDlkLzAvOThBODdDQUQ1QjcxMDg5MEE5NTI4RjE2NkY0MjAyMzkzODI0RTZCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL21LaDhyVnR4Q0pDcFVvOFdiMElDT1Rn
azVyZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUt
NGIxYS00NmVhLTljOTUtNGFmMTI5NjRhNDlkLzAvMzI2MTMxMzEzYTM1MzczMDM3
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzQzODMwMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoR
VwcwDQYJKoZIhvcNAQELBQADggEBALO7VtXGS/3QwlZSm2KurMmaRd2VG63Wog0L
cEsAlzmwiLUwISiYeqgu+vCHD9t/8HmUt3GCwc8e5IAsNUuRicdzEDgOiRMU23FB
hjgrRCksZZCZgqzo8FsBlLTIAMzGNDFais3avPS9tAntsLJwz76IN2JFEXW4lg55
J2yzG+UMgHb07gIknJ468LYHuppqUyMqyZgXrQYVcANXwcsl9WLiY9XE3ivi5JrV
Pt0d2lazicy1RsD1aCSF+TuXVj6AWr9Ylm1UtxtLHzK1n09xX5jOGQBH6cq1xr22
gK0NDVz9BxswrB/Br4/DDucRQeFmlJk/t5PXCaF4Shvmjw19KhA=
-----END CERTIFICATE-----