Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/326131343a623430303a3a2f32392d3438203d3e2030.roa
File:                     326131343a623430303a3a2f32392d3438203d3e2030.roa (raw, json)
Hash identifier:          NhcbptlixcA3mbsPTqMiibAOrNSU1BYwO66fMNiKSfA=
Subject key identifier:   36:71:5B:E5:46:B2:43:E8:43:5A:8B:B7:67:17:84:BF:11:BD:C7:45
Certificate issuer:       /CN=2c12f0a080f021f2ba25bc0c6ea7e06b67aad05e
Certificate serial:       584F1D87FC1D34BC0FE16D0BE13DBFEA618529CB
Authority key identifier: 2C:12:F0:A0:80:F0:21:F2:BA:25:BC:0C:6E:A7:E0:6B:67:AA:D0:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LBLwoIDwIfK6JbwMbqfga2eq0F4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/326131343a623430303a3a2f32392d3438203d3e2030.roa
Signing time:             Sat 17 May 2025 09:13:37 +0000
ROA not before:           Sat 17 May 2025 09:08:37 +0000
ROA not after:            Sat 16 May 2026 09:13:37 +0000
asID:                     0
IP address blocks:        2a14:b400::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/2C12F0A080F021F2BA25BC0C6EA7E06B67AAD05E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/2C12F0A080F021F2BA25BC0C6EA7E06B67AAD05E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LBLwoIDwIfK6JbwMbqfga2eq0F4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:4f:1d:87:fc:1d:34:bc:0f:e1:6d:0b:e1:3d:bf:ea:61:85:29:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c12f0a080f021f2ba25bc0c6ea7e06b67aad05e
        Validity
            Not Before: May 17 09:08:37 2025 GMT
            Not After : May 16 09:13:37 2026 GMT
        Subject: CN=36715BE546B243E8435A8BB7671784BF11BDC745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4d:db:61:7d:2d:ba:fe:e5:63:f7:1f:32:cc:
                    3c:d5:e3:fe:3c:44:8f:4d:a5:73:28:09:ff:a6:29:
                    62:ca:b1:29:10:37:a1:96:e9:c7:a4:4a:50:ac:d4:
                    b5:ca:6e:cf:39:f2:45:0b:5c:8d:09:df:56:4d:3c:
                    2e:f4:0d:27:fe:92:fc:67:09:7b:c0:07:9a:8d:ab:
                    d7:3e:71:c6:c9:4a:3e:03:6a:f0:1a:0c:ac:8a:14:
                    c8:63:59:f1:30:c2:56:95:62:3c:33:0e:11:72:9e:
                    ae:6d:37:b0:b7:f6:73:6e:42:38:d3:1d:03:a4:58:
                    04:00:b7:3a:7c:2a:0e:99:19:21:78:ba:97:14:87:
                    6c:b3:70:1b:c9:70:f8:9d:5f:66:64:dd:30:b7:fd:
                    d6:01:b5:e4:09:dd:43:29:fc:7a:17:f4:1e:20:26:
                    98:8c:b1:b7:9c:2d:b1:57:cf:41:22:71:7d:33:b5:
                    db:44:17:43:43:11:7e:8d:1c:22:26:51:be:9c:4c:
                    06:3c:ce:92:a9:bd:06:e1:a4:23:a2:91:35:54:c7:
                    64:b6:c9:ad:7c:93:59:96:55:f1:d3:d8:40:e1:31:
                    73:39:27:c2:e6:df:7f:78:a9:73:c7:1e:5a:d6:3d:
                    b4:b0:21:c1:ab:e8:78:15:ed:95:07:c3:63:47:47:
                    9a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:71:5B:E5:46:B2:43:E8:43:5A:8B:B7:67:17:84:BF:11:BD:C7:45
            X509v3 Authority Key Identifier:
                keyid:2C:12:F0:A0:80:F0:21:F2:BA:25:BC:0C:6E:A7:E0:6B:67:AA:D0:5E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/2C12F0A080F021F2BA25BC0C6EA7E06B67AAD05E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LBLwoIDwIfK6JbwMbqfga2eq0F4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8070615f-d26d-42e3-a145-5c7b67b2b64e/0/326131343a623430303a3a2f32392d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:b400::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:0b:0d:80:2d:5b:53:89:cd:d2:b5:c7:cd:52:a5:65:bb:f7:
         dd:b5:99:8c:c2:7b:19:e0:75:9d:b5:7f:38:6b:1a:54:9a:35:
         a8:1c:40:8d:5b:ca:58:ef:76:aa:35:cb:cc:cd:df:ad:b9:0d:
         09:a7:86:72:f1:aa:09:40:8f:62:06:10:be:c6:af:19:d8:8f:
         5c:d5:18:01:37:68:5b:03:7e:d0:7f:41:26:9b:27:22:6b:8d:
         53:34:14:cb:fb:8d:6a:da:65:43:25:88:04:cb:89:96:b1:db:
         81:aa:d1:59:f0:64:3e:27:75:6a:97:81:f1:d5:c9:3c:76:63:
         29:6e:0e:a8:76:ef:d9:9b:7a:8a:16:f8:d4:cf:aa:23:0f:38:
         59:92:cd:9b:36:0b:c7:bd:14:bb:25:d7:23:bf:6e:dd:cd:43:
         fc:82:24:4b:35:53:92:5a:d6:8b:0d:31:30:2b:b8:80:c0:f6:
         91:95:24:4d:a5:73:7f:79:87:c4:da:48:c0:03:d4:1d:aa:61:
         ca:de:3c:dc:a7:8a:96:53:20:db:8c:54:b3:55:3b:2d:4d:5e:
         94:77:f1:1b:2a:d5:f3:3b:44:7b:a9:7f:98:54:ba:02:40:e7:
         b6:1e:57:40:0b:eb:49:ce:bb:f3:e0:48:51:77:8a:14:eb:06:
         23:91:0a:da
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUWE8dh/wdNLwP4W0L4T2/6mGFKcswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmMxMmYwYTA4MGYwMjFmMmJhMjViYzBjNmVhN2UwNmI2
N2FhZDA1ZTAeFw0yNTA1MTcwOTA4MzdaFw0yNjA1MTYwOTEzMzdaMDMxMTAvBgNV
BAMTKDM2NzE1QkU1NDZCMjQzRTg0MzVBOEJCNzY3MTc4NEJGMTFCREM3NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDETdthfS26/uVj9x8yzDzV4/48
RI9NpXMoCf+mKWLKsSkQN6GW6cekSlCs1LXKbs858kULXI0J31ZNPC70DSf+kvxn
CXvAB5qNq9c+ccbJSj4DavAaDKyKFMhjWfEwwlaVYjwzDhFynq5tN7C39nNuQjjT
HQOkWAQAtzp8Kg6ZGSF4upcUh2yzcBvJcPidX2Zk3TC3/dYBteQJ3UMp/HoX9B4g
JpiMsbecLbFXz0EicX0ztdtEF0NDEX6NHCImUb6cTAY8zpKpvQbhpCOikTVUx2S2
ya18k1mWVfHT2EDhMXM5J8Lm3394qXPHHlrWPbSwIcGr6HgV7ZUHw2NHR5pBAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUNnFb5UayQ+hDWou3ZxeEvxG9x0UwHwYDVR0j
BBgwFoAULBLwoIDwIfK6JbwMbqfga2eq0F4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODA3MDYxNWYtZDI2ZC00MmUzLWExNDUtNWM3YjY3YjJi
NjRlLzAvMkMxMkYwQTA4MEYwMjFGMkJBMjVCQzBDNkVBN0UwNkI2N0FBRDA1RS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xCTHdvSUR3SWZLNkpid01icWZnYTJl
cTBGNC5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODA3MDYxNWYt
ZDI2ZC00MmUzLWExNDUtNWM3YjY3YjJiNjRlLzAvMzI2MTMxMzQzYTYyMzQzMDMw
M2EzYTJmMzIzOTJkMzQzODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqFLQAMA0GCSqG
SIb3DQEBCwUAA4IBAQBOCw2ALVtTic3StcfNUqVlu/fdtZmMwnsZ4HWdtX84axpU
mjWoHECNW8pY73aqNcvMzd+tuQ0Jp4Zy8aoJQI9iBhC+xq8Z2I9c1RgBN2hbA37Q
f0Emmycia41TNBTL+41q2mVDJYgEy4mWsduBqtFZ8GQ+J3Vql4Hx1ck8dmMpbg6o
du/Zm3qKFvjUz6ojDzhZks2bNgvHvRS7Jdcjv27dzUP8giRLNVOSWtaLDTEwK7iA
wPaRlSRNpXN/eYfE2kjAA9QdqmHK3jzcp4qWUyDbjFSzVTstTV6Ud/EbKtXzO0R7
qX+YVLoCQOe2HldAC+tJzrvz4EhRd4oU6wYjkQra
-----END CERTIFICATE-----