Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e2033323233.roa
File:                     3231322e32342e3132372e302f32342d3234203d3e2033323233.roa (raw, json)
Hash identifier:          isRTAAL3Mo9fbk3evy1FHWNVLVXWHce/DqtU+oMrtU0=
Subject key identifier:   29:02:19:BC:DF:9F:C4:91:E7:F1:BF:9A:E7:25:4F:E4:25:C0:34:B3
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       1AD3D940A69EE532434E26D98400DAE836071FC5
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e2033323233.roa
Signing time:             Fri 15 Dec 2023 03:49:22 +0000
ROA not before:           Fri 15 Dec 2023 03:44:22 +0000
ROA not after:            Fri 13 Dec 2024 03:49:22 +0000
asID:                     3223
IP address blocks:        212.24.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:d3:d9:40:a6:9e:e5:32:43:4e:26:d9:84:00:da:e8:36:07:1f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec 15 03:44:22 2023 GMT
            Not After : Dec 13 03:49:22 2024 GMT
        Subject: CN=290219BCDF9FC491E7F1BF9AE7254FE425C034B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:33:22:94:2d:a0:67:0f:8c:c3:a8:30:80:a1:
                    42:c5:6e:6c:05:b1:2c:71:6f:43:2c:b9:2f:03:2d:
                    5b:78:ab:b0:e8:75:65:3f:31:27:1a:3c:40:fc:95:
                    9e:ea:18:81:a5:15:6f:7b:ab:3c:43:cd:2d:cb:e8:
                    5e:11:c4:95:f4:72:4f:d5:73:da:60:27:06:40:66:
                    d0:f7:1e:a8:57:c6:86:ae:be:16:9e:b3:cd:d6:1a:
                    8b:7b:55:23:b1:a6:f0:e7:00:31:9e:8c:92:d1:fc:
                    5b:4e:80:fd:e8:62:46:42:00:5f:b6:15:2b:45:e7:
                    02:fe:a7:27:57:eb:15:b6:80:dd:38:8c:65:28:8f:
                    2c:1e:62:4e:66:38:9e:90:8e:92:a2:f1:7b:48:76:
                    4f:d8:58:98:25:b6:b4:49:07:24:f9:e8:45:47:27:
                    b8:e3:9a:d2:c8:f8:2d:85:98:03:1e:e1:68:57:54:
                    11:20:84:91:44:64:0e:86:8f:52:b5:46:8d:ab:e0:
                    e6:59:6f:85:24:1c:42:b3:23:df:40:73:a9:25:d1:
                    ae:6e:cd:76:cd:10:97:f4:49:6e:88:17:3e:20:49:
                    10:76:8b:73:11:df:33:89:01:fc:e9:a6:4a:51:67:
                    04:c1:43:eb:54:a4:8a:12:84:3e:25:6e:f7:66:9a:
                    87:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:02:19:BC:DF:9F:C4:91:E7:F1:BF:9A:E7:25:4F:E4:25:C0:34:B3
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3231322e32342e3132372e302f32342d3234203d3e2033323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.24.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:66:9e:2e:43:98:cf:83:95:23:0e:ab:ce:35:7c:49:45:e6:
         46:e2:05:d5:2b:e1:16:cc:06:f5:79:ba:28:39:0c:fa:f3:4f:
         0a:f7:9b:b8:88:0b:33:4b:1d:48:0e:de:6f:78:c4:e5:ba:e3:
         cb:a6:35:6d:cc:9d:31:62:3c:fc:76:db:9f:4d:9b:ef:3f:18:
         d5:b0:f3:3e:b6:8f:66:33:e4:a0:97:36:bd:f6:bc:99:47:d7:
         3d:9c:da:5e:d3:c0:0e:61:3b:e1:19:d9:85:1f:4f:1a:f9:a6:
         9a:24:6d:a2:05:19:c0:c7:2a:d2:5a:4b:6a:58:f4:0a:6d:f9:
         42:dc:55:bc:ad:f5:83:96:e1:c8:e6:de:d8:23:8c:8f:f4:f4:
         2d:d0:12:5f:62:a0:ad:c2:2a:a9:02:bf:22:a8:6c:28:e0:fe:
         c9:5c:91:6a:6b:61:c3:a9:e4:d5:fd:bd:02:be:42:f9:6d:c1:
         ad:07:76:e6:88:29:1e:d9:04:cc:a9:24:09:b8:75:9a:4e:da:
         c6:14:89:92:78:8f:1d:72:d3:bf:28:3f:35:06:78:58:4f:cc:
         64:68:13:6c:18:de:4b:37:d5:11:db:84:e1:18:0d:72:18:93:
         d9:eb:64:a2:a1:59:87:94:d7:7a:7f:8b:77:36:fe:ee:2b:4c:
         6e:b9:6e:8e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGtPZQKae5TJDTibZhADa6DYHH8UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMTUwMzQ0MjJaFw0yNDEyMTMwMzQ5MjJaMDMxMTAvBgNV
BAMTKDI5MDIxOUJDREY5RkM0OTFFN0YxQkY5QUU3MjU0RkU0MjVDMDM0QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZMyKULaBnD4zDqDCAoULFbmwF
sSxxb0MsuS8DLVt4q7DodWU/MScaPED8lZ7qGIGlFW97qzxDzS3L6F4RxJX0ck/V
c9pgJwZAZtD3HqhXxoauvhaes83WGot7VSOxpvDnADGejJLR/FtOgP3oYkZCAF+2
FStF5wL+pydX6xW2gN04jGUojyweYk5mOJ6QjpKi8XtIdk/YWJgltrRJByT56EVH
J7jjmtLI+C2FmAMe4WhXVBEghJFEZA6Gj1K1Ro2r4OZZb4UkHEKzI99Ac6kl0a5u
zXbNEJf0SW6IFz4gSRB2i3MR3zOJAfzppkpRZwTBQ+tUpIoShD4lbvdmmodbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKQIZvN+fxJHn8b+a5yVP5CXANLMwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIzMTMyMmUzMjM0MmUzMTMy
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMyMzIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQY
fzANBgkqhkiG9w0BAQsFAAOCAQEAHGaeLkOYz4OVIw6rzjV8SUXmRuIF1SvhFswG
9Xm6KDkM+vNPCvebuIgLM0sdSA7eb3jE5brjy6Y1bcydMWI8/Hbbn02b7z8Y1bDz
PraPZjPkoJc2vfa8mUfXPZzaXtPADmE74RnZhR9PGvmmmiRtogUZwMcq0lpLalj0
Cm35QtxVvK31g5bhyObe2COMj/T0LdASX2KgrcIqqQK/IqhsKOD+yVyRamthw6nk
1f29Ar5C+W3BrQd25ogpHtkEzKkkCbh1mk7axhSJkniPHXLTvyg/NQZ4WE/MZGgT
bBjeSzfVEduE4RgNchiT2etkoqFZh5TXen+Ldzb+7itMbrlujg==
-----END CERTIFICATE-----