Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3139332e32342e3233352e302f32342d3234203d3e20383334.roa
File:                     3139332e32342e3233352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          zxnP8zsGGQUlVguvOXyhQWG+mkPFttYWWV8GjmVZt7w=
Subject key identifier:   D4:28:FE:CD:D3:EA:B7:38:2D:67:2B:D7:56:CB:EA:4E:AA:B3:EC:F6
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       26DF68489B9024B17781EFE6D6104B084818508F
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3139332e32342e3233352e302f32342d3234203d3e20383334.roa
Signing time:             Wed 30 Oct 2024 06:31:33 +0000
ROA not before:           Wed 30 Oct 2024 06:26:33 +0000
ROA not after:            Wed 29 Oct 2025 06:31:33 +0000
asID:                     834
IP address blocks:        193.24.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 07:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:df:68:48:9b:90:24:b1:77:81:ef:e6:d6:10:4b:08:48:18:50:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Oct 30 06:26:33 2024 GMT
            Not After : Oct 29 06:31:33 2025 GMT
        Subject: CN=D428FECDD3EAB7382D672BD756CBEA4EAAB3ECF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3b:d4:32:24:7b:e0:50:11:97:6a:17:18:c4:
                    8c:6b:1f:ff:1f:0b:30:68:98:c8:8f:68:c9:09:50:
                    9a:a8:89:f2:fb:a2:43:57:8d:7e:8b:c3:88:f9:07:
                    6d:68:1e:d8:cf:59:45:41:dc:0a:49:3e:98:98:49:
                    a1:68:fa:e5:dd:b2:53:1f:dc:f0:d7:75:51:63:f5:
                    ca:40:85:d2:eb:06:e0:08:eb:12:45:c0:5c:e8:86:
                    43:f6:b6:9b:03:79:d4:af:8f:65:36:ae:f0:cf:38:
                    1c:3c:7f:7d:3a:48:1a:fc:c3:c2:e1:de:ec:f3:b8:
                    43:6b:0f:08:ba:98:06:02:5b:0e:98:06:1b:ec:3f:
                    3a:2b:6a:60:fa:be:a3:d4:8f:98:a8:09:15:19:a3:
                    1b:78:77:6d:05:ad:94:bb:a4:fc:f2:c3:46:3d:f1:
                    87:ce:78:df:d1:69:c6:74:03:bb:38:b4:7f:f6:d8:
                    a6:28:2b:4b:49:b3:5d:0c:3b:75:1a:16:e7:02:ba:
                    5a:11:82:8b:a7:fd:ae:f9:d7:a4:bf:45:b6:a0:b1:
                    a7:18:92:3f:5b:cd:41:f7:e5:27:73:ab:2f:c4:c4:
                    c1:06:ed:f8:23:0a:42:f8:1b:e6:8c:4f:22:3c:5b:
                    f2:da:85:12:ca:e8:b2:3c:b6:89:d6:32:b3:ee:a5:
                    69:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:28:FE:CD:D3:EA:B7:38:2D:67:2B:D7:56:CB:EA:4E:AA:B3:EC:F6
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3139332e32342e3233352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:5b:64:77:bd:31:67:c0:fd:7e:3a:1f:4b:b0:f1:95:6e:95:
         16:f6:6e:0f:18:32:66:df:9e:de:23:83:d2:75:67:2b:ed:05:
         12:3f:e9:6f:c6:8d:01:36:05:2e:16:b6:2a:b7:8b:c1:e8:8e:
         f1:43:07:96:31:4c:85:0f:5a:83:f2:04:5d:06:71:8a:8e:fe:
         0e:aa:98:9b:4f:55:e3:61:ee:eb:10:9d:d7:0f:c0:d5:44:a4:
         fb:49:15:0a:82:21:3c:e2:2a:27:7b:db:04:a3:29:4e:96:9a:
         b2:7b:60:d3:b8:99:17:0c:fb:f5:07:50:ab:09:57:1d:15:40:
         cb:5d:d7:93:77:5f:66:97:54:f3:28:ec:5a:5e:29:9e:03:7c:
         ae:d8:9e:be:e6:3c:ff:bf:ec:2e:00:99:a2:5a:5b:25:be:39:
         6e:66:15:df:6f:88:ff:29:77:79:f9:43:a1:bf:5e:8d:e1:8d:
         c9:f1:da:46:36:6a:ed:58:fd:af:7a:7e:98:f5:84:18:f1:2a:
         ec:59:f2:59:82:18:8f:32:35:e1:07:c7:dc:3d:68:c9:55:72:
         47:f0:90:67:b9:5d:c4:c1:a3:39:46:a9:c5:04:ce:b1:f7:79:
         af:55:5e:49:04:cb:cc:b3:31:a6:2b:49:66:6f:fc:00:eb:09:
         23:b4:4d:9f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJt9oSJuQJLF3ge/m1hBLCEgYUI8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDEwMzAwNjI2MzNaFw0yNTEwMjkwNjMxMzNaMDMxMTAvBgNV
BAMTKEQ0MjhGRUNERDNFQUI3MzgyRDY3MkJENzU2Q0JFQTRFQUFCM0VDRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAO9QyJHvgUBGXahcYxIxrH/8f
CzBomMiPaMkJUJqoifL7okNXjX6Lw4j5B21oHtjPWUVB3ApJPpiYSaFo+uXdslMf
3PDXdVFj9cpAhdLrBuAI6xJFwFzohkP2tpsDedSvj2U2rvDPOBw8f306SBr8w8Lh
3uzzuENrDwi6mAYCWw6YBhvsPzoramD6vqPUj5ioCRUZoxt4d20FrZS7pPzyw0Y9
8YfOeN/RacZ0A7s4tH/22KYoK0tJs10MO3UaFucCuloRgoun/a7516S/RbagsacY
kj9bzUH35Sdzqy/ExMEG7fgjCkL4G+aMTyI8W/LahRLK6LI8tonWMrPupWmJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1Cj+zdPqtzgtZyvXVsvqTqqz7PYwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzEzOTMzMmUzMjM0MmUzMjMz
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBGOsw
DQYJKoZIhvcNAQELBQADggEBAAJbZHe9MWfA/X46H0uw8ZVulRb2bg8YMmbfnt4j
g9J1ZyvtBRI/6W/GjQE2BS4Wtiq3i8HojvFDB5YxTIUPWoPyBF0GcYqO/g6qmJtP
VeNh7usQndcPwNVEpPtJFQqCITziKid72wSjKU6WmrJ7YNO4mRcM+/UHUKsJVx0V
QMtd15N3X2aXVPMo7FpeKZ4DfK7Ynr7mPP+/7C4AmaJaWyW+OW5mFd9viP8pd3n5
Q6G/Xo3hjcnx2kY2au1Y/a96fpj1hBjxKuxZ8lmCGI8yNeEHx9w9aMlVckfwkGe5
XcTBozlGqcUEzrH3ea9VXkkEy8yzMaYrSWZv/ADrCSO0TZ8=
-----END CERTIFICATE-----