Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34342e302f32342d3234203d3e2037303138.roa
File:                     3231322e3130332e34342e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          M4JPV0EpOREdo4rtW4NnuCUGqJpn33if9+NH5NeepXw=
Subject key identifier:   7B:19:81:AA:DE:E2:34:46:7B:A5:ED:84:2B:D1:EE:B4:91:90:D8:72
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       64C4910B5F4B9DFD0F6893519D954E552AC162B7
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34342e302f32342d3234203d3e2037303138.roa
Signing time:             Mon 29 Jul 2024 16:31:31 +0000
ROA not before:           Mon 29 Jul 2024 16:26:31 +0000
ROA not after:            Mon 28 Jul 2025 16:31:31 +0000
asID:                     7018
IP address blocks:        212.103.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 13:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:c4:91:0b:5f:4b:9d:fd:0f:68:93:51:9d:95:4e:55:2a:c1:62:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Jul 29 16:26:31 2024 GMT
            Not After : Jul 28 16:31:31 2025 GMT
        Subject: CN=7B1981AADEE234467BA5ED842BD1EEB49190D872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:91:35:df:30:2c:44:f2:fc:ee:cd:08:59:f9:
                    ef:e5:34:b7:98:88:7b:cb:84:a2:90:e1:d6:db:fe:
                    68:56:3e:c9:99:45:31:1f:b8:21:2e:d4:5b:7f:c9:
                    1e:7c:f1:d0:82:e0:fc:d7:b3:fc:01:41:5d:33:f1:
                    c0:8b:6c:eb:c3:76:94:2b:8c:0f:fb:47:e2:ef:4f:
                    82:eb:c3:4d:bb:31:dc:71:65:85:79:3f:50:94:cf:
                    1f:c3:2b:84:98:05:43:fc:9e:4d:16:b7:68:7d:e5:
                    81:bd:eb:a5:9a:13:30:51:54:4d:38:8c:06:7f:d1:
                    a8:d9:b5:95:4f:ba:9d:a5:58:f5:43:34:27:30:0c:
                    3a:a4:52:ab:35:24:89:ec:80:69:2b:43:97:2c:d3:
                    e9:06:ea:31:1a:9b:bf:39:53:12:04:b8:ca:fe:78:
                    92:48:52:0a:e9:10:20:e5:10:f7:f6:cb:ef:e6:7a:
                    02:15:8f:25:65:dd:29:cb:5b:1d:ce:53:77:f3:c2:
                    76:2c:03:b5:e9:a4:32:da:7d:c6:9b:d2:f5:ee:fc:
                    70:b3:c8:c6:7d:35:ce:8c:94:33:64:ff:e2:4a:27:
                    68:cc:b2:3b:06:62:b6:23:59:2f:2b:61:a7:8d:c4:
                    ae:95:be:e1:b5:04:7e:d4:17:87:20:47:18:63:5c:
                    0f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:19:81:AA:DE:E2:34:46:7B:A5:ED:84:2B:D1:EE:B4:91:90:D8:72
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34342e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:45:d1:59:be:2d:eb:45:42:1e:f2:fc:18:8d:c6:72:66:97:
         ef:15:36:2d:d6:e8:55:9a:fa:55:e0:74:70:b6:e9:fa:48:51:
         d2:a6:78:f5:37:ce:56:b2:bf:43:bb:f5:81:4d:2f:46:e4:80:
         d5:65:ca:cf:09:fc:23:ad:88:39:e6:93:5f:2d:f7:39:81:26:
         94:db:36:9a:41:12:18:e9:f3:74:64:04:17:37:b3:cf:04:5a:
         34:02:32:32:8a:9d:ee:ef:77:b0:c4:6f:a9:1f:39:e6:4d:9f:
         aa:e3:7e:5b:59:c1:e6:02:3a:9f:04:48:79:31:c6:b2:cf:78:
         90:2d:bb:3c:14:8f:78:ff:e2:a7:f5:ec:73:72:12:d7:c6:55:
         d8:1f:1f:ed:61:28:5b:e8:2f:84:e2:cb:7b:bc:c3:08:0b:4b:
         fe:10:7f:bb:f3:41:ec:28:90:44:6a:45:a0:d5:e5:61:0e:12:
         30:5f:41:c9:ea:11:75:b2:87:e6:b6:7f:07:db:7b:d2:50:a1:
         80:a2:7f:14:d5:65:c0:cf:30:86:b1:ae:58:d8:07:9e:13:99:
         09:06:84:a1:fe:81:4a:2b:9e:10:2d:69:f6:67:cd:5e:21:4d:
         be:ff:30:25:d0:92:0f:c5:24:d1:ca:6c:48:1c:c3:5a:81:33:
         ac:62:35:e6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZMSRC19Lnf0PaJNRnZVOVSrBYrcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA3MjkxNjI2MzFaFw0yNTA3MjgxNjMxMzFaMDMxMTAvBgNV
BAMTKDdCMTk4MUFBREVFMjM0NDY3QkE1RUQ4NDJCRDFFRUI0OTE5MEQ4NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9kTXfMCxE8vzuzQhZ+e/lNLeY
iHvLhKKQ4dbb/mhWPsmZRTEfuCEu1Ft/yR588dCC4PzXs/wBQV0z8cCLbOvDdpQr
jA/7R+LvT4Lrw027MdxxZYV5P1CUzx/DK4SYBUP8nk0Wt2h95YG966WaEzBRVE04
jAZ/0ajZtZVPup2lWPVDNCcwDDqkUqs1JInsgGkrQ5cs0+kG6jEam785UxIEuMr+
eJJIUgrpECDlEPf2y+/megIVjyVl3SnLWx3OU3fzwnYsA7XppDLafcab0vXu/HCz
yMZ9Nc6MlDNk/+JKJ2jMsjsGYrYjWS8rYaeNxK6VvuG1BH7UF4cgRxhjXA9jAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUexmBqt7iNEZ7pe2EK9HutJGQ2HIwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzIzMTMyMmUzMTMwMzMyZTM0
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRn
LDANBgkqhkiG9w0BAQsFAAOCAQEAFkXRWb4t60VCHvL8GI3GcmaX7xU2LdboVZr6
VeB0cLbp+khR0qZ49TfOVrK/Q7v1gU0vRuSA1WXKzwn8I62IOeaTXy33OYEmlNs2
mkESGOnzdGQEFzezzwRaNAIyMoqd7u93sMRvqR855k2fquN+W1nB5gI6nwRIeTHG
ss94kC27PBSPeP/ip/Xsc3IS18ZV2B8f7WEoW+gvhOLLe7zDCAtL/hB/u/NB7CiQ
RGpFoNXlYQ4SMF9ByeoRdbKH5rZ/B9t70lChgKJ/FNVlwM8whrGuWNgHnhOZCQaE
of6BSiueEC1p9mfNXiFNvv8wJdCSD8Uk0cpsSBzDWoEzrGI15g==
-----END CERTIFICATE-----