Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2038303735.roa
File:                     3231322e3130332e34352e302f32342d3234203d3e2038303735.roa (raw, json)
Hash identifier:          fHVIMx8xlYqpN0AXQfWLm0vqOUAEGFXc3sBROHoQyYA=
Subject key identifier:   17:16:E9:7D:35:62:C5:15:AB:19:3E:96:CE:8E:49:52:A6:83:5F:E4
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       4726D45A7CCCA325142D12726D9917CAF0DF951A
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2038303735.roa
Signing time:             Wed 27 Nov 2024 12:06:14 +0000
ROA not before:           Wed 27 Nov 2024 12:01:14 +0000
ROA not after:            Wed 26 Nov 2025 12:06:14 +0000
asID:                     8075
IP address blocks:        212.103.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:27:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:26:d4:5a:7c:cc:a3:25:14:2d:12:72:6d:99:17:ca:f0:df:95:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Nov 27 12:01:14 2024 GMT
            Not After : Nov 26 12:06:14 2025 GMT
        Subject: CN=1716E97D3562C515AB193E96CE8E4952A6835FE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ca:61:64:2b:b5:82:0f:1f:76:57:e8:41:2e:
                    98:11:6c:63:34:95:b7:5f:03:97:60:04:d0:7c:24:
                    64:6e:c5:85:a0:60:c1:42:d7:10:a6:c8:4c:9c:d7:
                    d3:6c:47:d4:74:5e:74:40:15:8c:d5:7d:fe:7a:aa:
                    dc:16:c9:af:6f:c9:7a:ce:bf:53:88:4c:03:33:9f:
                    fa:f0:96:95:e4:11:c6:02:a0:eb:6c:6b:33:65:a1:
                    bc:10:1c:eb:06:31:64:4e:a5:4f:cb:aa:bd:24:0c:
                    ef:04:77:ba:c2:7d:d5:7d:32:73:3c:9b:94:7a:29:
                    ac:5f:3b:07:b6:d0:92:30:bd:7f:13:9e:85:bf:cf:
                    46:db:e8:65:48:e2:60:09:4d:2c:d6:9b:5b:64:b1:
                    a4:95:8e:ea:bd:ed:4b:55:bb:50:61:96:81:5e:3c:
                    7d:f9:04:45:6b:e0:89:2d:cb:10:ae:92:72:ea:24:
                    80:34:04:f7:ec:b4:8e:af:da:90:bc:9d:1f:76:49:
                    4d:52:98:1c:8c:06:99:a5:55:0f:a5:5f:42:e9:e2:
                    d2:9b:9a:3d:b7:e3:80:cf:c9:9b:f4:1e:59:f9:e3:
                    59:c0:a5:3a:89:ad:f1:35:6a:24:c6:21:28:08:a2:
                    93:65:8d:c5:23:de:cf:90:88:7d:d8:45:f8:70:b0:
                    41:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:16:E9:7D:35:62:C5:15:AB:19:3E:96:CE:8E:49:52:A6:83:5F:E4
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2038303735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:59:75:fe:62:c2:01:cf:64:12:c5:96:f6:28:52:b0:15:16:
         e0:86:62:64:56:e6:e7:a2:75:29:fe:ca:57:50:1e:fc:b2:c9:
         fe:08:ab:6a:ba:50:0d:e7:ce:5e:fc:5b:58:21:45:4e:01:54:
         6f:7f:5b:7f:a3:14:60:64:0c:b8:c9:ca:d1:29:73:1a:30:6e:
         3e:26:79:73:b1:6f:1d:45:28:a0:f4:49:50:76:d3:fc:1c:b3:
         9b:73:39:3b:40:b5:cf:f9:5d:fe:72:9c:cd:0c:54:98:40:bc:
         af:81:ed:f2:ac:a3:7e:0a:6d:57:71:fe:65:ae:ce:4e:9b:50:
         cc:3e:03:5d:bb:5a:13:e6:4c:f4:88:a3:80:a8:d4:e3:da:c8:
         2d:83:99:c4:d7:aa:b5:8b:2a:b0:ed:b5:5f:97:46:a6:50:41:
         d2:bf:2c:29:13:4d:ec:2e:58:97:51:88:05:76:0a:bf:5e:6d:
         08:08:78:03:ad:7f:be:73:d1:5b:2a:4f:e0:f7:c4:71:eb:b1:
         eb:e7:9b:1a:25:d0:9b:1f:a8:16:ea:1b:43:6d:0d:d1:e1:e4:
         ab:7b:84:5a:78:f1:b3:7a:73:9d:84:2c:42:7a:f4:87:7f:a0:
         e4:83:a8:b1:60:a8:71:a9:bb:40:9d:c7:e1:f6:8e:bc:ce:46:
         35:05:4c:3c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURybUWnzMoyUULRJybZkXyvDflRowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDExMjcxMjAxMTRaFw0yNTExMjYxMjA2MTRaMDMxMTAvBgNV
BAMTKDE3MTZFOTdEMzU2MkM1MTVBQjE5M0U5NkNFOEU0OTUyQTY4MzVGRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNymFkK7WCDx92V+hBLpgRbGM0
lbdfA5dgBNB8JGRuxYWgYMFC1xCmyEyc19NsR9R0XnRAFYzVff56qtwWya9vyXrO
v1OITAMzn/rwlpXkEcYCoOtsazNlobwQHOsGMWROpU/Lqr0kDO8Ed7rCfdV9MnM8
m5R6KaxfOwe20JIwvX8TnoW/z0bb6GVI4mAJTSzWm1tksaSVjuq97UtVu1BhloFe
PH35BEVr4IktyxCuknLqJIA0BPfstI6v2pC8nR92SU1SmByMBpmlVQ+lX0Lp4tKb
mj2344DPyZv0Hln541nApTqJrfE1aiTGISgIopNljcUj3s+QiH3YRfhwsEEHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFxbpfTVixRWrGT6Wzo5JUqaDX+QwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzIzMTMyMmUzMTMwMzMyZTM0
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMwMzczNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRn
LTANBgkqhkiG9w0BAQsFAAOCAQEAP1l1/mLCAc9kEsWW9ihSsBUW4IZiZFbm56J1
Kf7KV1Ae/LLJ/girarpQDefOXvxbWCFFTgFUb39bf6MUYGQMuMnK0SlzGjBuPiZ5
c7FvHUUooPRJUHbT/Byzm3M5O0C1z/ld/nKczQxUmEC8r4Ht8qyjfgptV3H+Za7O
TptQzD4DXbtaE+ZM9IijgKjU49rILYOZxNeqtYsqsO21X5dGplBB0r8sKRNN7C5Y
l1GIBXYKv15tCAh4A61/vnPRWypP4PfEceux6+ebGiXQmx+oFuobQ20N0eHkq3uE
Wnjxs3pznYQsQnr0h3+g5IOosWCocam7QJ3H4faOvM5GNQVMPA==
-----END CERTIFICATE-----