Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a62303a3a2f34342d3438203d3e20343031313037.roa
File:                     323630323a663939323a62303a3a2f34342d3438203d3e20343031313037.roa (raw, json)
Hash identifier:          SiWdeUj1yt/7Q4RBuqGK4iNuRKLliM1mjLbbsYskBGw=
Subject key identifier:   4C:87:6B:43:FE:CF:4F:64:70:47:8F:C1:16:91:31:02:82:4D:3D:C4
Certificate issuer:       /CN=a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355
Certificate serial:       26189586E566E139F1FC9F05C0C13D9A978D8BAD
Authority key identifier: 2F:0F:1B:C6:7D:D2:B9:A7:E2:54:56:38:C1:73:D5:EC:06:0C:27:D0
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a62303a3a2f34342d3438203d3e20343031313037.roa
Signing time:             Thu 01 May 2025 04:56:43 +0000
ROA not before:           Thu 01 May 2025 04:51:43 +0000
ROA not after:            Thu 30 Apr 2026 04:56:43 +0000
asID:                     401107
IP address blocks:        2602:f992:b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/2F0F1BC67DD2B9A7E2545638C173D5EC060C27D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/2F0F1BC67DD2B9A7E2545638C173D5EC060C27D0.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/b915810d-b97a-4696-955d-495d5d12c3b5.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/b915810d-b97a-4696-955d-495d5d12c3b5.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 07 May 2025 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:18:95:86:e5:66:e1:39:f1:fc:9f:05:c0:c1:3d:9a:97:8d:8b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355
        Validity
            Not Before: May  1 04:51:43 2025 GMT
            Not After : Apr 30 04:56:43 2026 GMT
        Subject: CN=4C876B43FECF4F6470478FC116913102824D3DC4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:63:f1:6e:1d:ae:e0:cd:a5:b2:65:03:02:48:
                    6a:73:c1:bd:55:4d:2d:a7:80:9f:d3:55:8e:fb:d5:
                    31:55:dc:74:65:f3:67:8d:27:aa:88:59:8b:69:6e:
                    3f:d2:26:c1:ae:95:ba:20:a5:d4:62:06:83:e2:ab:
                    69:ef:38:2c:9e:b5:8f:c2:5c:ea:12:44:76:bc:e3:
                    b9:28:58:06:0e:f8:12:e3:30:73:ca:c2:c4:e6:03:
                    da:93:2b:62:ca:15:57:01:a3:62:16:36:01:b0:d9:
                    f3:98:06:ce:29:56:28:69:e3:5b:51:23:99:cd:18:
                    2d:0a:2e:c3:be:3a:90:5e:15:dc:a1:9c:0f:f2:16:
                    e7:d8:4b:e4:42:f5:53:81:55:c4:7f:c6:de:60:1d:
                    fe:00:50:20:04:2c:cd:3b:1f:8b:59:f7:17:fa:8c:
                    1b:27:04:48:f0:19:c1:36:37:38:ac:09:4a:b1:9f:
                    c0:b9:4e:e5:72:71:5d:8a:5c:d3:35:82:02:0e:1c:
                    15:01:9f:51:0a:d5:c6:42:f1:40:86:d3:65:43:07:
                    6a:0b:ac:10:3b:68:3f:dd:35:da:64:4c:e6:b2:32:
                    80:eb:bd:b3:aa:54:e0:cb:9e:de:50:47:41:60:21:
                    2a:6c:39:93:85:11:e1:d5:cb:2f:d9:37:f5:c3:4e:
                    49:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:87:6B:43:FE:CF:4F:64:70:47:8F:C1:16:91:31:02:82:4D:3D:C4
            X509v3 Authority Key Identifier:
                keyid:2F:0F:1B:C6:7D:D2:B9:A7:E2:54:56:38:C1:73:D5:EC:06:0C:27:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/2F0F1BC67DD2B9A7E2545638C173D5EC060C27D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a62303a3a2f34342d3438203d3e20343031313037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f992:b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:62:e7:19:04:78:d9:fa:fa:a1:41:3b:f4:24:f2:0f:99:5f:
         f7:2f:81:6a:ab:c5:30:3b:e4:e4:d8:b3:55:7c:0b:a2:c7:30:
         c5:52:d3:99:0d:55:b4:41:d0:e6:ad:00:a9:e7:0f:67:4e:4b:
         bc:b5:b7:db:96:24:73:b8:72:bf:3b:cf:55:3f:80:10:57:bb:
         b8:e0:6f:b4:36:99:55:61:13:3d:c5:f0:59:af:41:b7:e6:71:
         cd:bf:4c:83:bd:e5:1e:71:ec:89:76:53:db:b7:ad:41:ef:b7:
         62:e5:5f:12:4b:9b:ec:bb:fe:aa:d9:ed:8c:c4:35:80:6f:c1:
         98:90:f8:83:b6:5c:52:e9:b9:2c:a2:75:d8:f1:8f:73:62:1d:
         dd:35:83:c9:ce:27:e9:42:1c:39:fa:b3:48:01:4f:8f:1e:6f:
         2f:f9:2a:0d:34:20:a9:31:b3:8d:e8:16:9a:23:ce:7c:e8:4e:
         c5:c5:e1:90:3e:1b:5a:55:4d:6b:ca:46:8f:20:3c:53:01:3c:
         35:9d:b6:3c:6c:2a:1a:c2:db:2b:ac:b9:6e:c0:3c:13:58:87:
         87:5d:51:c8:87:80:19:1b:79:96:36:62:84:d4:5e:f8:8f:46:
         cf:bc:11:2b:94:1d:da:b0:31:23:ce:69:83:1f:9f:07:24:df:
         8e:08:83:5f
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgIUJhiVhuVm4Tnx/J8FwME9mpeNi60wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYTFiYTEwOTNiYmYzNDk5MWJmNTlhMzViMmJjYWY0OWFi
ODI4MTc2ZmE0MzEwYjYzNTUwHhcNMjUwNTAxMDQ1MTQzWhcNMjYwNDMwMDQ1NjQz
WjAzMTEwLwYDVQQDEyg0Qzg3NkI0M0ZFQ0Y0RjY0NzA0NzhGQzExNjkxMzEwMjgy
NEQzREM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGPxbh2u4M2l
smUDAkhqc8G9VU0tp4Cf01WO+9UxVdx0ZfNnjSeqiFmLaW4/0ibBrpW6IKXUYgaD
4qtp7zgsnrWPwlzqEkR2vOO5KFgGDvgS4zBzysLE5gPakytiyhVXAaNiFjYBsNnz
mAbOKVYoaeNbUSOZzRgtCi7DvjqQXhXcoZwP8hbn2EvkQvVTgVXEf8beYB3+AFAg
BCzNOx+LWfcX+owbJwRI8BnBNjc4rAlKsZ/AuU7lcnFdilzTNYICDhwVAZ9RCtXG
QvFAhtNlQwdqC6wQO2g/3TXaZEzmsjKA672zqlTgy57eUEdBYCEqbDmThRHh1csv
2Tf1w05JGQIDAQABo4IC1jCCAtIwHQYDVR0OBBYEFEyHa0P+z09kcEePwRaRMQKC
TT3EMB8GA1UdIwQYMBaAFC8PG8Z90rmn4lRWOMFz1ewGDCfQMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUtNDI5OS1iMDc5
LTMwOWVkOTdmMzgyNC8xLzJGMEYxQkM2N0REMkI5QTdFMjU0NTYzOEMxNzNENUVD
MDYwQzI3RDAuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC9iOTE1ODEwZC1iOTdhLTQ2OTYtOTU1ZC00
OTVkNWQxMmMzYjUvYTFiYTEwOTNiYmYzNDk5MWJmNTlhMzViMmJjYWY0OWFiODI4
MTc2ZmE0MzEwYjYzNTUuY2VyMIGzBggrBgEFBQcBCwSBpjCBozCBoAYIKwYBBQUH
MAuGgZNyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
Lzg5MjcwZjZjLWEzZmUtNDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8xLzMyMzYzMDMy
M2E2NjM5MzkzMjNhNjIzMDNhM2EyZjM0MzQyZDM0MzgyMDNkM2UyMDM0MzAzMTMx
MzAzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB
/wQTMBEwDwQCAAIwCQMHBCYC+ZIAsDANBgkqhkiG9w0BAQsFAAOCAQEAF2LnGQR4
2fr6oUE79CTyD5lf9y+BaqvFMDvk5NizVXwLoscwxVLTmQ1VtEHQ5q0AqecPZ05L
vLW325Ykc7hyvzvPVT+AEFe7uOBvtDaZVWETPcXwWa9Bt+Zxzb9Mg73lHnHsiXZT
27etQe+3YuVfEkub7Lv+qtntjMQ1gG/BmJD4g7ZcUum5LKJ12PGPc2Id3TWDyc4n
6UIcOfqzSAFPjx5vL/kqDTQgqTGzjegWmiPOfOhOxcXhkD4bWlVNa8pGjyA8UwE8
NZ22PGwqGsLbK6y5bsA8E1iHh11RyIeAGRt5ljZihNRe+I9Gz7wRK5Qd2rAxI85p
gx+fByTfjgiDXw==
-----END CERTIFICATE-----