Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34372e302f32342d3234203d3e2037303138.roa
File:                     3231322e3130332e34372e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          cHloJRokAuSrc8moMEBQO1JYueWgMh/VbSgADCTahj8=
Subject key identifier:   93:B1:7B:F2:AD:95:12:95:F9:FA:C4:D8:8D:5C:58:AD:CA:88:F0:2B
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       35A222903F32D4FDA6E603E213A711DA30F1F280
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34372e302f32342d3234203d3e2037303138.roa
Signing time:             Mon 29 Jul 2024 16:31:32 +0000
ROA not before:           Mon 29 Jul 2024 16:26:32 +0000
ROA not after:            Mon 28 Jul 2025 16:31:32 +0000
asID:                     7018
IP address blocks:        212.103.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 13:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:a2:22:90:3f:32:d4:fd:a6:e6:03:e2:13:a7:11:da:30:f1:f2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Jul 29 16:26:32 2024 GMT
            Not After : Jul 28 16:31:32 2025 GMT
        Subject: CN=93B17BF2AD951295F9FAC4D88D5C58ADCA88F02B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a5:41:5b:3d:38:47:d1:44:a3:c7:a0:8d:92:
                    10:cb:3c:98:be:ea:ab:ee:1e:7c:9b:4d:19:0a:15:
                    51:af:54:f0:b9:40:03:aa:10:94:5d:b0:dc:9c:6f:
                    5f:25:ec:02:cd:04:d3:db:b6:9a:f1:92:18:77:7d:
                    67:fc:74:ef:33:29:97:e5:26:2e:f6:3c:de:41:68:
                    1c:2a:87:c7:2e:47:09:8a:73:92:43:2c:fd:84:0d:
                    de:ba:16:a6:95:c1:77:ad:37:a3:cc:7e:58:e2:c3:
                    b8:8d:b4:d5:5a:6e:12:89:4d:83:89:55:18:37:94:
                    3b:9f:d0:21:a7:96:09:6f:db:fa:c1:5b:a7:db:ce:
                    3e:45:30:00:54:e9:e8:9d:5c:70:89:03:cd:a2:92:
                    37:85:33:e8:c2:d3:db:cf:c0:9d:14:08:4e:04:c3:
                    b1:4c:18:8d:87:59:79:8c:d2:4c:4b:07:1b:d0:19:
                    3f:80:d3:a7:31:e2:6b:a3:82:13:d8:4d:02:4d:23:
                    8f:a1:9e:7e:e3:db:62:28:35:a8:9f:69:98:a5:07:
                    de:24:49:a2:04:2e:42:a0:89:f9:00:ce:66:51:a0:
                    ac:f5:f4:61:44:ce:3e:96:7f:fa:ec:b5:4b:7b:a2:
                    4d:9d:e9:23:26:26:75:1e:60:cd:0b:f5:a7:72:20:
                    3c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B1:7B:F2:AD:95:12:95:F9:FA:C4:D8:8D:5C:58:AD:CA:88:F0:2B
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34372e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:6d:19:18:c1:f4:f2:8d:7c:be:ff:7c:e0:f9:66:48:aa:6b:
         e5:2c:f1:f6:dc:ba:f5:df:48:a6:e8:82:b3:2d:98:fc:01:af:
         a7:0b:06:0d:31:c0:0b:1e:ad:cd:dd:90:9c:10:31:86:90:66:
         91:1a:1d:31:8d:81:55:f8:f7:35:03:37:d4:f4:72:5b:86:45:
         ce:b1:a7:0b:fa:64:a7:6b:6c:3e:58:9a:5a:63:44:53:c3:c1:
         a4:00:0a:01:47:68:d5:09:72:c9:0e:43:f6:ca:c2:54:19:3d:
         f2:f1:2f:63:27:ab:48:8c:a9:4d:b6:3b:1c:34:29:5f:2f:ef:
         a2:11:f9:ef:84:d5:56:d9:0f:97:32:94:fb:7c:e4:5d:05:40:
         c6:4f:d1:da:56:9e:41:f2:86:65:0d:2f:87:24:fc:6b:af:ae:
         e7:4c:71:87:be:de:ea:97:5c:db:66:1d:ee:e8:19:f2:6b:38:
         1d:c3:27:f1:80:07:4c:da:31:d8:7d:59:6a:af:a8:19:71:f6:
         7e:34:73:eb:8e:6d:1e:6d:27:be:3d:4c:d2:58:47:7e:4b:8e:
         db:ac:be:78:e8:2a:7f:bb:3a:e1:fa:f6:5a:f9:ef:7a:b8:c6:
         7e:64:90:fa:2a:00:ee:b8:7f:e9:33:fe:de:44:4f:5d:31:b4:
         f3:72:fc:3e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNaIikD8y1P2m5gPiE6cR2jDx8oAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA3MjkxNjI2MzJaFw0yNTA3MjgxNjMxMzJaMDMxMTAvBgNV
BAMTKDkzQjE3QkYyQUQ5NTEyOTVGOUZBQzREODhENUM1OEFEQ0E4OEYwMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSpUFbPThH0USjx6CNkhDLPJi+
6qvuHnybTRkKFVGvVPC5QAOqEJRdsNycb18l7ALNBNPbtprxkhh3fWf8dO8zKZfl
Ji72PN5BaBwqh8cuRwmKc5JDLP2EDd66FqaVwXetN6PMfljiw7iNtNVabhKJTYOJ
VRg3lDuf0CGnlglv2/rBW6fbzj5FMABU6eidXHCJA82ikjeFM+jC09vPwJ0UCE4E
w7FMGI2HWXmM0kxLBxvQGT+A06cx4mujghPYTQJNI4+hnn7j22IoNaifaZilB94k
SaIELkKgifkAzmZRoKz19GFEzj6Wf/rstUt7ok2d6SMmJnUeYM0L9adyIDxjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUk7F78q2VEpX5+sTYjVxYrcqI8CswHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzIzMTMyMmUzMTMwMzMyZTM0
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRn
LzANBgkqhkiG9w0BAQsFAAOCAQEAbm0ZGMH08o18vv984PlmSKpr5Szx9ty69d9I
puiCsy2Y/AGvpwsGDTHACx6tzd2QnBAxhpBmkRodMY2BVfj3NQM31PRyW4ZFzrGn
C/pkp2tsPliaWmNEU8PBpAAKAUdo1QlyyQ5D9srCVBk98vEvYyerSIypTbY7HDQp
Xy/vohH574TVVtkPlzKU+3zkXQVAxk/R2laeQfKGZQ0vhyT8a6+u50xxh77e6pdc
22Yd7ugZ8ms4HcMn8YAHTNox2H1Zaq+oGXH2fjRz645tHm0nvj1M0lhHfkuO26y+
eOgqf7s64fr2WvnverjGfmSQ+ioA7rh/6TP+3kRPXTG083L8Pg==
-----END CERTIFICATE-----