Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e203239353338.roa
File:                     3231322e32342e3132372e302f32342d3234203d3e203239353338.roa (raw, json)
Hash identifier:          z+AzoAQ+n2Kh0GLCySM4fmagzxh4ef185mCsEpvL0Lg=
Subject key identifier:   0C:9C:8E:27:B8:E8:C3:13:34:F4:FB:D9:A5:17:93:07:51:90:4B:48
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       73705D64D057202E81659485A7040A230A37AB1B
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e203239353338.roa
Signing time:             Fri 15 Dec 2023 14:54:46 +0000
ROA not before:           Fri 15 Dec 2023 14:49:46 +0000
ROA not after:            Fri 13 Dec 2024 14:54:46 +0000
asID:                     29538
IP address blocks:        212.24.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:70:5d:64:d0:57:20:2e:81:65:94:85:a7:04:0a:23:0a:37:ab:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec 15 14:49:46 2023 GMT
            Not After : Dec 13 14:54:46 2024 GMT
        Subject: CN=0C9C8E27B8E8C31334F4FBD9A517930751904B48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:35:55:98:fc:83:03:df:70:02:1f:62:15:96:
                    0c:77:bb:97:8a:9e:ad:48:b2:27:7a:5a:1d:bb:e5:
                    bb:0d:65:bc:23:05:d0:84:0f:f6:dd:9d:24:2d:9d:
                    5a:0d:02:34:6f:05:79:5d:f9:4d:d1:84:06:20:81:
                    3b:bd:b4:a6:07:95:2c:05:cc:99:6e:61:0c:4b:b4:
                    39:97:8c:10:3f:dc:d2:f6:90:a7:7b:b1:bf:1a:33:
                    05:be:81:0e:38:ce:d7:b9:5a:d1:4d:4a:b2:52:1b:
                    5f:a8:94:1f:41:47:54:1b:92:0f:26:e5:05:b7:25:
                    02:a0:ae:98:7b:bb:6d:f8:d6:d6:8a:08:61:f4:08:
                    fc:23:e3:36:ad:f8:27:c6:dc:60:dd:86:ad:c8:46:
                    29:32:93:0e:90:96:57:7d:04:6c:2a:fb:a1:a9:13:
                    6b:4d:68:56:47:b3:9b:91:2d:27:24:f4:94:ae:1d:
                    df:7d:91:4d:5a:ed:67:d8:69:c6:c7:8a:f0:21:a5:
                    6f:a7:3e:3f:95:a7:86:65:10:86:9a:43:30:6a:96:
                    bb:f2:89:b7:0d:a2:4e:bd:eb:8e:c5:b0:61:6a:ae:
                    98:d5:31:ec:53:6d:15:f3:63:28:c2:3c:4e:05:6c:
                    a4:85:2f:85:3d:f5:ef:83:d5:70:ec:ee:8e:a9:1b:
                    b7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:9C:8E:27:B8:E8:C3:13:34:F4:FB:D9:A5:17:93:07:51:90:4B:48
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e203239353338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.24.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:77:9f:42:eb:d2:33:fb:df:7e:7b:15:05:a8:40:50:60:79:
         50:56:06:dd:91:41:bf:67:8f:e8:95:cd:61:0e:ce:2b:db:2e:
         c2:19:14:7e:da:b5:9f:a3:9b:33:ef:6b:9e:13:54:a6:e7:28:
         2e:2a:2f:7d:e7:91:fb:fc:c1:b1:7a:de:32:5b:b3:56:94:55:
         bb:e0:13:04:4b:2b:f5:10:a5:1e:28:a1:25:06:a5:af:a5:4c:
         0c:97:46:19:ae:ca:25:1d:9d:36:88:ab:68:b9:cd:c3:76:bc:
         95:c0:78:42:86:f9:d8:49:c0:6c:a6:28:93:bb:7c:da:59:b2:
         1f:d4:f0:b4:8a:0e:2f:b6:0b:a8:b5:b4:b4:2e:70:c9:38:32:
         d8:6b:38:bf:89:32:40:c7:e2:99:9b:55:01:13:cf:37:d1:5c:
         f1:21:e8:72:62:ca:03:3b:14:83:11:ab:8c:8d:d3:22:ea:59:
         fd:13:2e:6b:6f:bb:63:82:6b:35:1e:3a:60:5f:57:79:d8:d9:
         ee:4b:bd:27:ea:4b:2f:b9:a5:91:80:74:0e:96:10:b9:b3:06:
         cc:56:ad:3a:70:06:ff:c6:ba:1e:82:b9:7a:fa:bc:62:08:0d:
         31:39:7e:40:fe:e1:65:21:b5:f4:2b:07:93:ed:a7:99:f6:58:
         29:e3:65:8e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUc3BdZNBXIC6BZZSFpwQKIwo3qxswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMTUxNDQ5NDZaFw0yNDEyMTMxNDU0NDZaMDMxMTAvBgNV
BAMTKDBDOUM4RTI3QjhFOEMzMTMzNEY0RkJEOUE1MTc5MzA3NTE5MDRCNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzNVWY/IMD33ACH2IVlgx3u5eK
nq1Isid6Wh275bsNZbwjBdCED/bdnSQtnVoNAjRvBXld+U3RhAYggTu9tKYHlSwF
zJluYQxLtDmXjBA/3NL2kKd7sb8aMwW+gQ44zte5WtFNSrJSG1+olB9BR1Qbkg8m
5QW3JQKgrph7u2341taKCGH0CPwj4zat+CfG3GDdhq3IRikykw6Qlld9BGwq+6Gp
E2tNaFZHs5uRLSck9JSuHd99kU1a7WfYacbHivAhpW+nPj+Vp4ZlEIaaQzBqlrvy
ibcNok69647FsGFqrpjVMexTbRXzYyjCPE4FbKSFL4U99e+D1XDs7o6pG7drAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUDJyOJ7jowxM09PvZpReTB1GQS0gwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIzMTMyMmUzMjM0MmUzMTMy
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzUzMzM4LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
1Bh/MA0GCSqGSIb3DQEBCwUAA4IBAQBCd59C69Iz+99+exUFqEBQYHlQVgbdkUG/
Z4/olc1hDs4r2y7CGRR+2rWfo5sz72ueE1Sm5yguKi9955H7/MGxet4yW7NWlFW7
4BMESyv1EKUeKKElBqWvpUwMl0YZrsolHZ02iKtouc3DdryVwHhChvnYScBspiiT
u3zaWbIf1PC0ig4vtguotbS0LnDJODLYazi/iTJAx+KZm1UBE8830VzxIehyYsoD
OxSDEauMjdMi6ln9Ey5rb7tjgms1HjpgX1d52NnuS70n6ksvuaWRgHQOlhC5swbM
Vq06cAb/xroegrl6+rxiCA0xOX5A/uFlIbX0KweT7aeZ9lgp42WO
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org