Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa
File:                     323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          0e+W4I6S4YHzwIEKPSVHpa7X+PeCXjdmuYr+EKDU8hY=
Subject key identifier:   79:B5:26:32:7B:12:0D:04:68:E3:26:A1:36:41:BB:FB:0B:73:55:B0
Certificate issuer:       /CN=6019c116c8ae318afd4b822e9f4eeea0c34baaca
Certificate serial:       58DF199940A3D8F7250680E087CB03883820216C
Authority key identifier: 60:19:C1:16:C8:AE:31:8A:FD:4B:82:2E:9F:4E:EE:A0:C3:4B:AA:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa
Signing time:             Sun 17 Aug 2025 15:32:15 +0000
ROA not before:           Sun 17 Aug 2025 15:27:15 +0000
ROA not after:            Sun 16 Aug 2026 15:32:15 +0000
asID:                     0
IP address blocks:        2001:7f8:157::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:df:19:99:40:a3:d8:f7:25:06:80:e0:87:cb:03:88:38:20:21:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6019c116c8ae318afd4b822e9f4eeea0c34baaca
        Validity
            Not Before: Aug 17 15:27:15 2025 GMT
            Not After : Aug 16 15:32:15 2026 GMT
        Subject: CN=79B526327B120D0468E326A13641BBFB0B7355B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5a:50:84:96:90:c2:57:5e:4f:7c:af:38:18:
                    8b:4b:58:d8:61:ee:ce:57:7f:a8:aa:73:67:e1:61:
                    ae:76:fe:1d:be:07:17:4b:00:54:b4:57:27:85:98:
                    64:a7:8f:71:9b:e5:e3:04:45:bd:69:c7:75:a7:a9:
                    80:4d:b3:71:29:3e:65:99:a0:76:2d:43:b9:fb:b7:
                    fa:ab:38:ed:5a:bc:d0:8a:6a:c1:b5:2e:65:fa:0c:
                    3b:b5:9b:23:76:c0:de:f4:f7:13:60:59:5c:fa:bd:
                    46:b2:80:b4:78:b9:fd:6c:fa:c6:55:2a:b1:08:7d:
                    3c:75:94:9b:4c:a7:1e:80:0e:37:d5:a9:7f:0d:b6:
                    f9:62:59:f0:1a:3d:30:b4:a9:0d:5b:1c:75:80:7b:
                    19:9b:87:59:35:8f:30:1a:2e:b5:e5:84:f3:29:5d:
                    dd:68:15:a6:e4:2c:03:b5:27:81:dd:98:ca:7b:cb:
                    06:a0:ff:da:22:fd:b7:f8:22:62:12:7e:9b:86:03:
                    6f:0c:80:ae:ff:76:a4:a3:93:72:1f:e6:2c:fc:a4:
                    4a:ba:7f:af:7a:d8:17:d0:49:48:ce:e2:bf:fa:e6:
                    d1:ad:d2:83:fd:2f:8e:eb:52:de:c8:c3:8e:b6:0c:
                    9d:9a:40:b8:da:65:eb:cd:e4:ca:4b:12:d0:30:70:
                    bf:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B5:26:32:7B:12:0D:04:68:E3:26:A1:36:41:BB:FB:0B:73:55:B0
            X509v3 Authority Key Identifier:
                keyid:60:19:C1:16:C8:AE:31:8A:FD:4B:82:2E:9F:4E:EE:A0:C3:4B:AA:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/323030313a3766383a3135373a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:157::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:da:41:7d:75:70:54:a3:99:ba:b4:54:6f:b6:48:33:34:db:
         68:1b:9a:f3:ab:0f:2c:b9:37:07:c7:97:2b:22:d0:52:14:7a:
         1b:38:e7:f1:63:f2:fe:30:f6:7e:d4:3c:73:c5:41:67:76:a0:
         91:8c:41:e4:c6:a4:97:a3:49:6f:88:5d:c1:30:82:e3:3f:3e:
         0a:af:a3:ff:ed:d5:28:79:37:b4:2e:bb:fe:f3:da:71:f4:55:
         4d:c3:45:5b:a8:86:2e:41:fa:5c:26:ee:31:a7:5b:09:83:0d:
         cc:bf:94:d5:80:b2:e5:d5:95:63:0d:d9:9d:56:06:6a:c2:2b:
         8c:44:a6:95:60:7e:2c:8f:5a:1b:27:fc:07:ed:22:c5:1a:fc:
         65:c2:05:c7:5f:fb:be:c5:8e:45:89:48:48:4d:b1:8b:f6:81:
         30:c3:f2:c8:f4:9c:de:ac:4f:d5:8a:f8:33:b5:69:41:3b:87:
         8c:1c:c4:0f:91:9c:ae:cf:e2:e6:a8:a0:0d:d3:c0:a8:a1:91:
         78:21:fc:ad:c6:a9:89:65:3e:84:73:2b:0d:4b:a7:8e:2b:55:
         45:71:b3:fd:14:f3:a0:f6:e7:b2:af:9d:f3:fc:eb:9c:2a:4a:
         14:fc:0a:b6:ce:49:1e:7b:99:de:df:7f:fb:ec:81:7b:3b:f1:
         5a:38:30:db
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUWN8ZmUCj2PclBoDgh8sDiDggIWwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxOWMxMTZjOGFlMzE4YWZkNGI4MjJlOWY0ZWVlYTBj
MzRiYWFjYTAeFw0yNTA4MTcxNTI3MTVaFw0yNjA4MTYxNTMyMTVaMDMxMTAvBgNV
BAMTKDc5QjUyNjMyN0IxMjBEMDQ2OEUzMjZBMTM2NDFCQkZCMEI3MzU1QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTWlCElpDCV15PfK84GItLWNhh
7s5Xf6iqc2fhYa52/h2+BxdLAFS0VyeFmGSnj3Gb5eMERb1px3WnqYBNs3EpPmWZ
oHYtQ7n7t/qrOO1avNCKasG1LmX6DDu1myN2wN709xNgWVz6vUaygLR4uf1s+sZV
KrEIfTx1lJtMpx6ADjfVqX8NtvliWfAaPTC0qQ1bHHWAexmbh1k1jzAaLrXlhPMp
Xd1oFabkLAO1J4HdmMp7ywag/9oi/bf4ImISfpuGA28MgK7/dqSjk3If5iz8pEq6
f6962BfQSUjO4r/65tGt0oP9L47rUt7Iw462DJ2aQLjaZevN5MpLEtAwcL9xAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUebUmMnsSDQRo4yahNkG7+wtzVbAwHwYDVR0j
BBgwFoAUYBnBFsiuMYr9S4Iun07uoMNLqsowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMtMjA1OC00M2JiLTlhYzYtNWFiNDJkZmJm
NDA5LzMvNjAxOUMxMTZDOEFFMzE4QUZENEI4MjJFOUY0RUVFQTBDMzRCQUFDQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1lCbkJGc2l1TVlyOVM0SXVuMDd1b01O
THFzby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMt
MjA1OC00M2JiLTlhYzYtNWFiNDJkZmJmNDA5LzMvMzIzMDMwMzEzYTM3NjYzODNh
MzEzNTM3M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQf4
AVcwDQYJKoZIhvcNAQELBQADggEBACvaQX11cFSjmbq0VG+2SDM022gbmvOrDyy5
NwfHlysi0FIUehs45/Fj8v4w9n7UPHPFQWd2oJGMQeTGpJejSW+IXcEwguM/Pgqv
o//t1Sh5N7Quu/7z2nH0VU3DRVuohi5B+lwm7jGnWwmDDcy/lNWAsuXVlWMN2Z1W
BmrCK4xEppVgfiyPWhsn/AftIsUa/GXCBcdf+77FjkWJSEhNsYv2gTDD8sj0nN6s
T9WK+DO1aUE7h4wcxA+RnK7P4uaooA3TwKihkXgh/K3GqYllPoRzKw1Lp44rVUVx
s/0U86D257KvnfP865wqShT8CrbOSR57md7ff/vsgXs78Vo4MNs=
-----END CERTIFICATE-----