Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS32024.roa
File:                     AS32024.roa (raw, json)
Hash identifier:          KdFzxueT9CRv58E+3CX7vrJUKd4TXf//9gUba3gJoR0=
Subject key identifier:   90:B5:2E:FD:33:97:EF:D9:4D:8C:F8:50:55:A0:37:73:B0:22:C3:A5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5963939FF5FC77B075B345EBEB989F62A41329B0
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS32024.roa
Signing time:             Mon 31 Mar 2025 10:53:24 +0000
ROA not before:           Mon 31 Mar 2025 10:48:24 +0000
ROA not after:            Mon 30 Mar 2026 10:53:24 +0000
asID:                     32024
IP address blocks:        2a13:9500:37::/48 maxlen: 48
                          2a13:9500:38::/48 maxlen: 48
                          2a13:9500:39::/48 maxlen: 48
                          2a13:9500:3a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:63:93:9f:f5:fc:77:b0:75:b3:45:eb:eb:98:9f:62:a4:13:29:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 31 10:48:24 2025 GMT
            Not After : Mar 30 10:53:24 2026 GMT
        Subject: CN=90B52EFD3397EFD94D8CF85055A03773B022C3A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:2d:af:b7:e3:3f:a0:fa:af:1f:52:ff:07:b0:
                    0e:ac:5d:5f:cc:34:22:51:2c:d1:2e:84:f0:2a:19:
                    08:b7:66:5a:1b:70:d3:eb:b8:27:11:da:22:a4:0e:
                    9c:45:9e:58:7a:c5:14:60:c8:ac:f5:c3:5b:63:09:
                    66:c5:cb:81:8f:07:d8:4a:e0:20:82:89:7a:4b:d1:
                    4b:66:33:48:90:da:08:0a:e7:f7:4b:98:6d:8e:4b:
                    90:47:43:bc:55:75:ab:a4:16:7b:b9:9d:51:91:31:
                    c0:88:16:c0:9e:4b:0b:cf:48:00:42:8d:7b:99:c7:
                    c2:74:85:ef:7b:95:15:e3:3c:49:ad:49:92:95:16:
                    ce:84:71:cb:09:86:e4:68:16:bf:63:8c:9c:21:ca:
                    f7:4d:3b:35:32:70:24:fc:28:9d:c8:43:5e:25:0c:
                    74:01:20:10:6b:e7:9d:59:76:9d:27:38:a1:40:b3:
                    2a:4b:7c:5d:24:15:03:7e:4e:31:3f:ac:ee:e2:2f:
                    a0:16:8f:32:70:46:80:4e:7a:fe:bf:17:85:a9:2f:
                    df:ed:31:f8:92:78:be:ba:eb:4d:f4:cd:40:c8:ed:
                    8c:47:28:9c:12:ed:7c:bb:b9:83:3d:db:87:89:01:
                    74:e6:1d:20:4d:5e:9d:8a:b0:16:98:c6:08:8e:63:
                    7c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B5:2E:FD:33:97:EF:D9:4D:8C:F8:50:55:A0:37:73:B0:22:C3:A5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS32024.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:37::-2a13:9500:3a:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         77:48:c0:03:e6:2c:9f:75:b6:de:cb:57:79:d3:df:1e:95:38:
         a2:a1:a4:e1:37:9b:c4:e7:17:77:c5:7f:09:98:e6:86:35:f6:
         17:32:a1:67:d7:1e:ed:4a:26:b2:4b:19:cb:5a:57:33:ba:79:
         4a:c7:b3:04:bf:9e:03:b7:28:22:b2:c3:41:03:4f:24:05:ec:
         ef:97:79:86:bf:45:55:75:25:bc:f8:27:49:bc:7f:b8:64:6d:
         cc:5b:f2:f9:f2:f8:18:bb:27:88:5a:b9:16:f5:3e:d4:74:95:
         e1:35:07:0b:83:e8:f0:57:4c:cf:41:05:d4:8f:52:9e:4e:77:
         2e:1e:07:cb:44:1d:4f:8e:9a:1e:fa:bc:7d:be:97:46:55:9e:
         10:2b:56:5b:55:de:22:c1:32:bb:38:05:54:76:aa:90:eb:cd:
         80:b6:53:a7:b9:20:36:57:de:58:32:8e:ae:6e:65:58:87:a0:
         1d:68:c8:e0:72:b8:49:14:8d:2c:f2:9b:62:9b:4a:2b:71:78:
         77:64:2a:e3:dd:01:cd:97:14:ea:04:2b:f6:9e:a5:95:b9:c5:
         99:47:77:27:05:8c:06:8f:f4:9e:39:26:1a:9a:24:f0:19:86:
         cc:e2:15:59:88:e0:de:9a:85:ba:94:b2:63:2a:14:b8:f5:9c:
         03:50:51:61
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIUWWOTn/X8d7B1s0Xr65ifYqQTKbAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAzMzExMDQ4MjRaFw0yNjAzMzAxMDUzMjRaMDMxMTAvBgNV
BAMTKDkwQjUyRUZEMzM5N0VGRDk0RDhDRjg1MDU1QTAzNzczQjAyMkMzQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeLa+34z+g+q8fUv8HsA6sXV/M
NCJRLNEuhPAqGQi3ZlobcNPruCcR2iKkDpxFnlh6xRRgyKz1w1tjCWbFy4GPB9hK
4CCCiXpL0UtmM0iQ2ggK5/dLmG2OS5BHQ7xVdaukFnu5nVGRMcCIFsCeSwvPSABC
jXuZx8J0he97lRXjPEmtSZKVFs6EccsJhuRoFr9jjJwhyvdNOzUycCT8KJ3IQ14l
DHQBIBBr551Zdp0nOKFAsypLfF0kFQN+TjE/rO7iL6AWjzJwRoBOev6/F4WpL9/t
MfiSeL666030zUDI7YxHKJwS7Xy7uYM924eJAXTmHSBNXp2KsBaYxgiOY3x3AgMB
AAGjggIXMIICEzAdBgNVHQ4EFgQUkLUu/TOX79lNjPhQVaA3c7Aiw6UwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzIwMjQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcBAf8EHjAcMBoEAgACMBQwEgMHACoT
lQAANwMHACoTlQAAOjANBgkqhkiG9w0BAQsFAAOCAQEAd0jAA+Ysn3W23stXedPf
HpU4oqGk4TebxOcXd8V/CZjmhjX2FzKhZ9ce7UomsksZy1pXM7p5SsezBL+eA7co
IrLDQQNPJAXs75d5hr9FVXUlvPgnSbx/uGRtzFvy+fL4GLsniFq5FvU+1HSV4TUH
C4Po8FdMz0EF1I9Snk53Lh4Hy0QdT46aHvq8fb6XRlWeECtWW1XeIsEyuzgFVHaq
kOvNgLZTp7kgNlfeWDKOrm5lWIegHWjI4HK4SRSNLPKbYptKK3F4d2Qq490BzZcU
6gQr9p6llbnFmUd3JwWMBo/0njkmGpok8BmGzOIVWYjg3pqFupSyYyoUuPWcA1BR
YQ==
-----END CERTIFICATE-----