Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212384.roa
File:                     AS212384.roa (raw, json)
Hash identifier:          aDecwlUuYx5grJ2hhq2u+MCkOV/3bfZzM0uR/ru+MSs=
Subject key identifier:   9D:94:22:10:91:6B:63:EA:EC:97:FD:14:BA:4A:8B:00:D6:9A:CE:6D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       75ADEAEAB33DC9C2607F6B9326F657DEEA052718
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212384.roa
Signing time:             Sun 02 Feb 2025 20:02:07 +0000
ROA not before:           Sun 02 Feb 2025 19:57:07 +0000
ROA not after:            Sun 01 Feb 2026 20:02:07 +0000
asID:                     212384
IP address blocks:        96.62.176.0/24 maxlen: 24
                          96.62.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:35:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:ad:ea:ea:b3:3d:c9:c2:60:7f:6b:93:26:f6:57:de:ea:05:27:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  2 19:57:07 2025 GMT
            Not After : Feb  1 20:02:07 2026 GMT
        Subject: CN=9D942210916B63EAEC97FD14BA4A8B00D69ACE6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:09:5f:96:26:8f:bc:61:85:f4:7b:1e:39:2a:
                    0b:f1:7f:8a:5b:f8:31:ec:a9:d0:ee:43:22:7d:14:
                    8b:36:d6:29:41:39:25:89:da:ab:fb:7b:a7:3d:7f:
                    0e:0e:96:0f:42:c4:bd:8c:e3:b8:f4:98:a5:16:9e:
                    de:89:85:2d:19:83:1b:0c:55:07:e3:43:0b:d3:18:
                    f8:0c:05:18:a6:bc:ae:c9:98:31:51:db:97:72:03:
                    c0:08:b2:8a:1e:f7:d2:d7:37:34:6f:4e:c4:00:7f:
                    c1:a3:21:71:b0:12:51:8f:96:bd:4f:20:8b:87:f8:
                    4c:aa:c3:a3:dd:0b:bc:b7:b2:00:69:ac:b7:94:2d:
                    bd:85:c4:95:bd:01:ca:c2:85:52:4e:34:37:d0:75:
                    f2:2a:c3:8d:b1:6b:08:aa:79:f5:23:05:bf:b4:09:
                    02:9c:a2:da:63:eb:e0:6d:ea:a3:11:14:10:18:68:
                    d0:fa:73:ea:29:3b:88:bd:43:32:76:ff:6a:d7:cb:
                    2c:4b:80:6f:58:62:e7:f6:3f:60:7f:ac:2d:46:97:
                    19:7d:7d:ec:31:bb:2f:33:27:3c:73:eb:67:6c:6b:
                    13:7a:14:f5:86:cf:d0:20:79:1e:37:0c:80:9b:0a:
                    50:ef:7c:36:d1:fe:36:39:93:d4:1d:4a:dd:be:c9:
                    da:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:94:22:10:91:6B:63:EA:EC:97:FD:14:BA:4A:8B:00:D6:9A:CE:6D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.176.0/24
                  96.62.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:44:31:40:4f:54:e7:b3:cc:64:30:39:47:b7:e4:d6:d5:43:
         d2:bc:99:eb:ef:3a:87:27:8f:db:48:61:ef:ea:30:e3:88:87:
         54:83:de:b8:fd:73:7c:03:f9:c7:29:d3:cc:ff:81:65:7d:63:
         63:85:64:83:79:ce:de:09:d5:0d:22:32:b6:d9:04:39:bf:de:
         66:4c:e4:ee:62:89:a4:68:35:a1:a9:9f:5c:4f:11:36:d0:11:
         c7:70:d2:7a:1f:4d:90:a1:11:79:40:15:06:4a:c7:3c:e4:59:
         1b:27:94:e3:d1:ca:af:62:e1:27:4c:20:62:63:34:55:d9:56:
         14:c0:4d:5f:eb:06:77:b7:e5:7b:75:49:84:c1:5a:d2:86:a7:
         f7:3d:5d:07:fd:ea:bc:31:53:bb:71:ed:ab:7c:c7:e8:a7:24:
         5f:67:85:16:5d:d3:41:1d:41:e8:17:49:b7:9e:f3:98:2d:e4:
         35:5a:12:18:0e:71:d1:5c:e5:0d:e1:47:fa:0e:26:fa:29:71:
         f1:db:b3:a1:8e:b4:6f:80:55:c3:20:8d:d7:7f:d3:90:37:69:
         a5:6e:d0:1a:5b:d6:03:c0:77:e3:c9:33:58:6e:23:e8:06:94:
         62:76:c1:75:35:f5:39:b6:d8:83:ca:09:8d:74:cf:af:b8:33:
         41:49:68:6b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUda3q6rM9ycJgf2uTJvZX3uoFJxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAyMDIxOTU3MDdaFw0yNjAyMDEyMDAyMDdaMDMxMTAvBgNV
BAMTKDlEOTQyMjEwOTE2QjYzRUFFQzk3RkQxNEJBNEE4QjAwRDY5QUNFNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/CV+WJo+8YYX0ex45Kgvxf4pb
+DHsqdDuQyJ9FIs21ilBOSWJ2qv7e6c9fw4Olg9CxL2M47j0mKUWnt6JhS0ZgxsM
VQfjQwvTGPgMBRimvK7JmDFR25dyA8AIsooe99LXNzRvTsQAf8GjIXGwElGPlr1P
IIuH+Eyqw6PdC7y3sgBprLeULb2FxJW9AcrChVJONDfQdfIqw42xawiqefUjBb+0
CQKcotpj6+Bt6qMRFBAYaND6c+opO4i9QzJ2/2rXyyxLgG9YYuf2P2B/rC1Glxl9
fewxuy8zJzxz62dsaxN6FPWGz9AgeR43DICbClDvfDbR/jY5k9QdSt2+ydqjAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUnZQiEJFrY+rsl/0UukqLANaazm0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEyMzg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAYD6w
AwQAYD7FMA0GCSqGSIb3DQEBCwUAA4IBAQBtRDFAT1Tns8xkMDlHt+TW1UPSvJnr
7zqHJ4/bSGHv6jDjiIdUg964/XN8A/nHKdPM/4FlfWNjhWSDec7eCdUNIjK22QQ5
v95mTOTuYomkaDWhqZ9cTxE20BHHcNJ6H02QoRF5QBUGSsc85FkbJ5Tj0cqvYuEn
TCBiYzRV2VYUwE1f6wZ3t+V7dUmEwVrShqf3PV0H/eq8MVO7ce2rfMfopyRfZ4UW
XdNBHUHoF0m3nvOYLeQ1WhIYDnHRXOUN4Uf6Dib6KXHx27OhjrRvgFXDII3Xf9OQ
N2mlbtAaW9YDwHfjyTNYbiPoBpRidsF1NfU5ttiDygmNdM+vuDNBSWhr
-----END CERTIFICATE-----