Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa
File:                     3231322e322e3233362e302f32342d3234203d3e203632313634.roa (raw, json)
Hash identifier:          Svy2NKV7kzPPgXXMdR6c4s+5TcRMxuZYhs+DcJaiemI=
Subject key identifier:   D5:71:DC:DC:5A:C5:58:1C:40:72:93:8F:5B:1E:13:D1:17:B0:1C:F6
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       740C0450DB75685F07E7E6E198D0A82F97FEAE3C
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa
Signing time:             Thu 04 Apr 2024 11:05:15 +0000
ROA not before:           Thu 04 Apr 2024 11:00:15 +0000
ROA not after:            Thu 03 Apr 2025 11:05:15 +0000
asID:                     62164
IP address blocks:        212.2.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:0c:04:50:db:75:68:5f:07:e7:e6:e1:98:d0:a8:2f:97:fe:ae:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:15 2024 GMT
            Not After : Apr  3 11:05:15 2025 GMT
        Subject: CN=D571DCDC5AC5581C4072938F5B1E13D117B01CF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:79:0e:a9:e8:22:db:75:68:bd:34:ae:e3:56:
                    b2:2c:72:52:75:e6:10:4f:7a:05:9e:fd:32:38:49:
                    cc:a4:17:2f:9c:7c:66:3b:3f:e3:98:91:69:3f:81:
                    33:18:a5:8b:4a:9a:49:98:e0:ec:fb:f1:48:e1:d4:
                    a1:79:5a:6d:77:df:8a:d2:ab:31:a5:98:85:1e:4f:
                    43:a9:2c:ad:77:ba:d7:74:9a:ef:c4:68:b2:1c:27:
                    92:57:ef:dc:af:2f:a8:ce:75:6f:e0:4a:07:9a:c0:
                    cc:b8:c3:31:8d:ae:26:ec:4a:21:f5:d9:6a:33:a3:
                    83:06:1a:2c:84:08:4b:12:47:b1:b2:3c:ce:56:36:
                    76:4f:82:22:76:84:24:9a:c4:86:5a:a8:91:0a:55:
                    1a:58:aa:68:28:f8:6a:60:db:94:9a:1a:bd:9f:ed:
                    6b:b3:5b:ee:3d:54:46:77:86:f8:2b:6a:a7:a6:7a:
                    e0:e0:1b:44:41:1d:54:a0:96:0c:0e:18:17:7a:4b:
                    29:f6:0d:5e:0a:db:62:37:7c:9b:0a:8c:a5:97:9d:
                    76:7a:04:5c:aa:65:ec:c9:95:0b:34:f0:59:9d:9d:
                    98:5c:14:69:c6:4e:68:f7:75:71:d8:f3:58:48:43:
                    17:61:e4:a0:3b:f7:0a:a8:95:eb:d7:5d:20:9b:e6:
                    c1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:71:DC:DC:5A:C5:58:1C:40:72:93:8F:5B:1E:13:D1:17:B0:1C:F6
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.2.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:e5:65:11:cf:db:e8:63:40:a6:85:d9:9e:db:64:1b:db:d2:
         3d:7b:b0:21:8f:23:a8:95:d7:70:a7:7e:7e:f2:db:b7:2c:66:
         32:69:99:86:c8:31:06:7d:65:2f:71:9b:5e:89:dc:a1:0b:1d:
         51:c8:21:18:11:27:65:75:ed:c2:03:f9:76:2f:96:b3:e0:93:
         0b:43:6c:67:d2:ce:8f:af:5f:92:03:22:f6:fc:29:2f:2d:29:
         5a:d8:c5:4b:56:19:d4:21:1e:ee:e2:f7:d1:4a:1a:6e:be:f8:
         58:41:ee:1f:29:c3:68:75:4f:c1:4a:af:95:50:44:8d:99:40:
         29:aa:28:0e:af:ff:ce:8e:32:4e:36:1f:87:ba:0f:e1:65:64:
         ba:4f:08:e1:84:7c:6f:a7:a7:b8:32:29:4a:c8:93:ce:0a:53:
         26:0f:6a:0f:a1:ba:0e:64:ce:0d:aa:88:95:02:67:12:91:f5:
         df:f3:2f:88:95:ed:d2:92:9e:af:24:4b:75:3e:31:c5:96:0e:
         30:6f:b6:9f:26:62:90:45:57:2a:30:56:2a:a4:7c:5f:e2:2d:
         49:31:f9:02:9f:e9:2b:ca:c0:bf:85:b8:7a:7d:ae:83:1c:b8:
         54:95:23:4b:15:08:2a:16:3f:3c:0f:46:a3:d5:ee:f8:61:22:
         37:21:d3:12
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdAwEUNt1aF8H5+bhmNCoL5f+rjwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTVaFw0yNTA0MDMxMTA1MTVaMDMxMTAvBgNV
BAMTKEQ1NzFEQ0RDNUFDNTU4MUM0MDcyOTM4RjVCMUUxM0QxMTdCMDFDRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDReQ6p6CLbdWi9NK7jVrIsclJ1
5hBPegWe/TI4ScykFy+cfGY7P+OYkWk/gTMYpYtKmkmY4Oz78Ujh1KF5Wm1334rS
qzGlmIUeT0OpLK13utd0mu/EaLIcJ5JX79yvL6jOdW/gSgeawMy4wzGNribsSiH1
2Wozo4MGGiyECEsSR7GyPM5WNnZPgiJ2hCSaxIZaqJEKVRpYqmgo+Gpg25SaGr2f
7WuzW+49VEZ3hvgraqemeuDgG0RBHVSglgwOGBd6Syn2DV4K22I3fJsKjKWXnXZ6
BFyqZezJlQs08FmdnZhcFGnGTmj3dXHY81hIQxdh5KA79wqolevXXSCb5sFDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU1XHc3FrFWBxAcpOPWx4T0RewHPYwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzIzMTMyMmUzMjJlMzIzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMjMxMzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQC
7DANBgkqhkiG9w0BAQsFAAOCAQEANeVlEc/b6GNApoXZnttkG9vSPXuwIY8jqJXX
cKd+fvLbtyxmMmmZhsgxBn1lL3GbXoncoQsdUcghGBEnZXXtwgP5di+Ws+CTC0Ns
Z9LOj69fkgMi9vwpLy0pWtjFS1YZ1CEe7uL30Uoabr74WEHuHynDaHVPwUqvlVBE
jZlAKaooDq//zo4yTjYfh7oP4WVkuk8I4YR8b6enuDIpSsiTzgpTJg9qD6G6DmTO
DaqIlQJnEpH13/MviJXt0pKeryRLdT4xxZYOMG+2nyZikEVXKjBWKqR8X+ItSTH5
Ap/pK8rAv4W4en2ugxy4VJUjSxUIKhY/PA9Go9Xu+GEiNyHTEg==
-----END CERTIFICATE-----