Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e2033323233.roa
File:                     3231322e32342e3132372e302f32342d3234203d3e2033323233.roa (raw, json)
Hash identifier:          TwQ14tnZUlVXRPy7xwKr244vkg3kUD+1wWwlXVFd6io=
Subject key identifier:   51:A5:BC:3E:CD:54:38:D4:7E:0B:89:DC:51:BA:C0:7F:4D:ED:F7:67
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       7140165F08061903C8DDFD7B64D66EC2699BADCF
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e2033323233.roa
Signing time:             Fri 15 Nov 2024 04:43:28 +0000
ROA not before:           Fri 15 Nov 2024 04:38:28 +0000
ROA not after:            Fri 14 Nov 2025 04:43:28 +0000
asID:                     3223
IP address blocks:        212.24.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:40:16:5f:08:06:19:03:c8:dd:fd:7b:64:d6:6e:c2:69:9b:ad:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov 15 04:38:28 2024 GMT
            Not After : Nov 14 04:43:28 2025 GMT
        Subject: CN=51A5BC3ECD5438D47E0B89DC51BAC07F4DEDF767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ae:ce:70:eb:36:c4:7d:e0:70:64:65:2b:21:
                    06:d5:40:4d:19:33:3c:ed:99:1a:35:37:85:d4:2c:
                    ab:e6:e9:1f:e5:be:de:49:e0:16:90:d5:f5:85:ad:
                    61:dd:49:c6:3d:98:9a:00:9b:61:7c:43:fb:9a:df:
                    6e:bf:5c:9e:54:56:1d:a1:28:c0:b3:f9:1a:f9:be:
                    1f:77:12:33:b8:27:8d:a0:c8:3d:bf:04:2b:c8:41:
                    54:6d:36:5b:1d:32:76:81:e6:f3:e7:fb:6d:a3:8a:
                    d3:ee:6e:03:41:2e:1f:90:b3:15:a6:ae:19:b3:1a:
                    a7:a0:b7:99:38:f6:30:8e:c6:d9:7b:7f:c7:a6:db:
                    54:91:31:30:1d:86:65:77:64:d9:17:c5:a8:af:38:
                    c8:d5:af:67:56:03:02:cc:f3:fa:21:f9:d1:71:6e:
                    c5:54:72:78:38:27:14:10:a2:13:c3:1f:38:55:fd:
                    ce:05:0c:20:69:3b:ec:8e:bd:db:73:89:a1:1b:51:
                    3f:de:4a:bb:de:25:ca:3d:17:a6:7a:43:5d:67:f3:
                    60:a1:9d:ac:fc:3c:fd:ee:2f:dc:dc:d9:fe:dc:87:
                    36:82:61:7c:54:0e:b5:34:5c:d3:39:bf:17:31:90:
                    e3:69:e0:b4:83:9b:88:cd:b8:20:02:e1:a7:51:93:
                    25:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A5:BC:3E:CD:54:38:D4:7E:0B:89:DC:51:BA:C0:7F:4D:ED:F7:67
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e2033323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.24.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:a8:6b:2c:4f:7c:0b:05:07:80:61:be:c4:6c:f4:fa:64:22:
         ce:ed:38:41:b7:5a:06:ba:04:b6:6b:3c:11:af:6d:41:c3:8b:
         0e:29:38:57:bd:cc:29:bd:d4:cc:1c:65:79:8b:48:a2:ba:55:
         88:79:b7:f0:08:cc:84:ba:fd:bc:58:6d:eb:9d:f2:ac:c7:6c:
         ac:42:00:58:b7:67:91:91:1d:ab:0e:ce:70:3a:d4:7b:a7:07:
         f2:6d:8a:dc:e0:6f:0f:c1:61:a2:c3:f9:34:d8:d8:38:6c:3f:
         bc:ae:13:11:1d:a9:6a:68:5f:1f:c9:27:2e:4c:d8:f9:79:6e:
         b8:86:f1:e3:65:88:ad:99:4b:ee:30:dc:de:be:8a:26:a4:b1:
         06:be:65:b7:ce:b7:9e:62:0f:7e:2a:3a:53:e2:75:37:25:1e:
         22:d7:42:05:3f:4b:14:38:63:f8:32:4d:e9:6a:e4:90:2e:83:
         c7:9f:42:96:99:1d:03:1c:d0:4f:48:1b:2e:5e:76:4e:59:3c:
         bd:3e:07:14:45:26:4e:6c:1e:04:98:73:9c:ea:97:01:b6:7c:
         89:cc:ce:23:6c:f3:0c:d8:e9:fc:cd:33:4b:6e:95:8e:97:93:
         45:be:ab:42:53:40:45:47:82:c4:c0:43:ec:07:b5:e4:81:fc:
         f4:6f:70:ae
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcUAWXwgGGQPI3f17ZNZuwmmbrc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDExMTUwNDM4MjhaFw0yNTExMTQwNDQzMjhaMDMxMTAvBgNV
BAMTKDUxQTVCQzNFQ0Q1NDM4RDQ3RTBCODlEQzUxQkFDMDdGNERFREY3NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClrs5w6zbEfeBwZGUrIQbVQE0Z
MzztmRo1N4XULKvm6R/lvt5J4BaQ1fWFrWHdScY9mJoAm2F8Q/ua326/XJ5UVh2h
KMCz+Rr5vh93EjO4J42gyD2/BCvIQVRtNlsdMnaB5vPn+22jitPubgNBLh+QsxWm
rhmzGqegt5k49jCOxtl7f8em21SRMTAdhmV3ZNkXxaivOMjVr2dWAwLM8/oh+dFx
bsVUcng4JxQQohPDHzhV/c4FDCBpO+yOvdtziaEbUT/eSrveJco9F6Z6Q11n82Ch
naz8PP3uL9zc2f7chzaCYXxUDrU0XNM5vxcxkONp4LSDm4jNuCAC4adRkyWRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUaW8Ps1UONR+C4ncUbrAf03t92cwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIzMTMyMmUzMjM0MmUzMTMy
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMyMzIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQY
fzANBgkqhkiG9w0BAQsFAAOCAQEAeqhrLE98CwUHgGG+xGz0+mQizu04QbdaBroE
tms8Ea9tQcOLDik4V73MKb3UzBxleYtIorpViHm38AjMhLr9vFht653yrMdsrEIA
WLdnkZEdqw7OcDrUe6cH8m2K3OBvD8FhosP5NNjYOGw/vK4TER2pamhfH8knLkzY
+XluuIbx42WIrZlL7jDc3r6KJqSxBr5lt863nmIPfio6U+J1NyUeItdCBT9LFDhj
+DJN6WrkkC6Dx59ClpkdAxzQT0gbLl52Tlk8vT4HFEUmTmweBJhznOqXAbZ8iczO
I2zzDNjp/M0zS26VjpeTRb6rQlNARUeCxMBD7Ae15IH89G9wrg==
-----END CERTIFICATE-----