Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2037303138.roa
File:                     3231322e3130332e34352e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          7tYhgwnpQgjrUY6lIYzrsufXTdIxxdIzG5zhNY7GMPE=
Subject key identifier:   7F:40:41:9F:15:01:A0:74:F2:0F:70:16:3F:C3:8A:58:0A:A2:8F:83
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       39A7589F0B3F4DEFA272F89C562F57B5AD1FA30E
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2037303138.roa
Signing time:             Mon 29 Jul 2024 16:31:31 +0000
ROA not before:           Mon 29 Jul 2024 16:26:31 +0000
ROA not after:            Mon 28 Jul 2025 16:31:31 +0000
asID:                     7018
IP address blocks:        212.103.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 13:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:a7:58:9f:0b:3f:4d:ef:a2:72:f8:9c:56:2f:57:b5:ad:1f:a3:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Jul 29 16:26:31 2024 GMT
            Not After : Jul 28 16:31:31 2025 GMT
        Subject: CN=7F40419F1501A074F20F70163FC38A580AA28F83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:80:9f:e8:fd:a9:7a:b0:41:92:13:c4:20:8a:
                    a7:07:83:45:bc:4a:0d:4b:e1:2c:2a:bd:a9:0f:44:
                    0d:16:78:75:4e:af:4e:a1:85:a5:b1:21:6c:d1:45:
                    14:79:09:f4:ef:f8:59:77:97:2c:56:f5:5f:39:00:
                    7a:5d:43:8a:0e:8d:f7:1f:85:77:46:ae:13:3b:bf:
                    71:b8:b0:7e:ad:79:1d:c3:8a:9f:67:a7:3d:3b:c0:
                    fa:e1:18:51:9c:58:90:99:0d:c8:d6:3e:1f:9e:97:
                    3d:51:30:b6:d4:d2:2b:40:4a:75:d2:83:4a:b9:ee:
                    1c:55:c8:40:5b:d5:20:ef:ad:dc:7b:ad:9d:4b:33:
                    04:07:a3:93:dc:5b:8a:d7:e3:92:8a:5f:40:2c:ff:
                    3d:87:ce:c5:83:97:f1:6f:fb:ca:cf:a9:83:9e:28:
                    78:6f:05:90:02:2b:97:e3:bd:e1:7a:0a:51:6a:66:
                    de:6c:9f:25:15:3c:5c:2c:e2:e7:80:49:66:72:db:
                    1e:ca:e5:65:56:58:9c:d5:0f:a1:50:3b:57:12:01:
                    32:e7:f9:ce:7c:57:a6:a1:43:a8:cc:47:92:19:02:
                    dc:01:55:45:2b:38:b7:60:5d:fc:ac:82:d5:91:85:
                    1c:fe:48:a8:42:63:b6:21:61:39:d3:7e:aa:20:60:
                    c2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:40:41:9F:15:01:A0:74:F2:0F:70:16:3F:C3:8A:58:0A:A2:8F:83
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:53:69:fd:ce:1a:b8:80:7f:97:79:69:cb:45:0e:45:ea:e6:
         64:b0:0b:54:3a:79:58:c9:f1:b5:ee:76:5e:1f:6f:da:55:75:
         9c:e6:bd:1f:81:08:5d:85:94:1c:30:d6:af:70:db:ab:d0:d7:
         0b:cf:0c:ec:4b:0f:bc:44:70:e4:e4:37:c4:93:4e:2e:67:5f:
         62:2e:44:45:ec:2e:5d:89:93:56:1c:bf:6c:f5:22:5d:62:9b:
         90:3f:a7:66:4d:cc:23:ac:08:ac:75:58:2e:60:88:9a:46:df:
         ec:66:04:5c:32:4e:03:06:65:cd:0b:01:c1:81:b5:f0:e0:8f:
         c8:db:05:9d:b9:f7:ea:b0:6f:1d:13:b7:b7:2d:6d:61:de:5d:
         dd:af:c7:ab:38:74:8c:f5:e2:2e:a0:de:fc:28:d4:a8:a0:a1:
         ec:53:f2:d9:9d:c2:1e:98:fa:71:6b:fc:2e:8e:dc:ef:96:72:
         62:f4:e8:02:bd:27:c4:da:19:e8:82:13:0d:9e:e1:31:9e:1d:
         a0:8d:ce:80:99:3d:e0:31:ac:ea:2f:c5:58:64:d5:91:a5:cb:
         5d:2a:ec:69:ff:36:a7:97:69:c6:4a:85:ff:2b:03:59:04:e4:
         db:62:06:70:9a:49:0f:a4:dc:d9:85:32:bd:6d:fb:fa:76:51:
         db:12:e7:a1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOadYnws/Te+icvicVi9Xta0fow4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA3MjkxNjI2MzFaFw0yNTA3MjgxNjMxMzFaMDMxMTAvBgNV
BAMTKDdGNDA0MTlGMTUwMUEwNzRGMjBGNzAxNjNGQzM4QTU4MEFBMjhGODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrgJ/o/al6sEGSE8QgiqcHg0W8
Sg1L4SwqvakPRA0WeHVOr06hhaWxIWzRRRR5CfTv+Fl3lyxW9V85AHpdQ4oOjfcf
hXdGrhM7v3G4sH6teR3Dip9npz07wPrhGFGcWJCZDcjWPh+elz1RMLbU0itASnXS
g0q57hxVyEBb1SDvrdx7rZ1LMwQHo5PcW4rX45KKX0As/z2HzsWDl/Fv+8rPqYOe
KHhvBZACK5fjveF6ClFqZt5snyUVPFws4ueASWZy2x7K5WVWWJzVD6FQO1cSATLn
+c58V6ahQ6jMR5IZAtwBVUUrOLdgXfysgtWRhRz+SKhCY7YhYTnTfqogYML5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUf0BBnxUBoHTyD3AWP8OKWAqij4MwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzIzMTMyMmUzMTMwMzMyZTM0
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRn
LTANBgkqhkiG9w0BAQsFAAOCAQEAXFNp/c4auIB/l3lpy0UORermZLALVDp5WMnx
te52Xh9v2lV1nOa9H4EIXYWUHDDWr3Dbq9DXC88M7EsPvERw5OQ3xJNOLmdfYi5E
RewuXYmTVhy/bPUiXWKbkD+nZk3MI6wIrHVYLmCImkbf7GYEXDJOAwZlzQsBwYG1
8OCPyNsFnbn36rBvHRO3ty1tYd5d3a/Hqzh0jPXiLqDe/CjUqKCh7FPy2Z3CHpj6
cWv8Lo7c75ZyYvToAr0nxNoZ6IITDZ7hMZ4doI3OgJk94DGs6i/FWGTVkaXLXSrs
af82p5dpxkqF/ysDWQTk22IGcJpJD6Tc2YUyvW37+nZR2xLnoQ==
-----END CERTIFICATE-----