Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231322e3130332e36332e302f32342d3234203d3e20313734.roa
File:                     3231322e3130332e36332e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          d9KMNOQzTrCGtStn7DGkiqhADIWZUCCgRBI703IqL7M=
Subject key identifier:   6E:3C:7A:1B:1A:1F:C8:DB:E9:7E:17:07:6B:DE:E4:D8:92:3A:FB:51
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       508CA0C39AFC360FCEA93DE48AFCB025815AD956
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231322e3130332e36332e302f32342d3234203d3e20313734.roa
Signing time:             Fri 15 Sep 2023 16:34:11 +0000
ROA not before:           Fri 15 Sep 2023 16:29:11 +0000
ROA not after:            Fri 13 Sep 2024 16:34:11 +0000
asID:                     174
IP address blocks:        212.103.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:8c:a0:c3:9a:fc:36:0f:ce:a9:3d:e4:8a:fc:b0:25:81:5a:d9:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Sep 15 16:29:11 2023 GMT
            Not After : Sep 13 16:34:11 2024 GMT
        Subject: CN=6E3C7A1B1A1FC8DBE97E17076BDEE4D8923AFB51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:a1:31:c1:fd:6f:f9:f0:88:19:9c:52:ca:a1:
                    8d:8b:04:61:5e:9e:8e:56:5a:55:31:f4:6e:9c:08:
                    31:4a:f3:da:b2:1e:91:dc:64:db:ae:1d:af:02:82:
                    44:11:56:b0:ef:38:83:7e:d9:4a:c9:ff:7f:5c:d7:
                    c9:13:18:6f:53:d5:e3:de:fc:31:04:6c:ad:9f:04:
                    7a:23:79:75:44:1b:23:ec:cf:2b:3b:6a:41:9e:b9:
                    00:36:20:dd:2c:cb:8c:2b:08:ef:07:c0:cb:01:b0:
                    b3:04:c9:7a:db:d1:61:42:f8:92:9a:17:fd:41:74:
                    b8:13:18:e3:52:c0:67:3d:bb:ae:fa:b0:58:4f:b0:
                    7f:4e:42:70:52:fa:31:7c:0b:fc:68:5d:d9:e5:85:
                    64:e6:d9:a0:7a:1d:73:93:5e:05:db:1b:c6:d9:a5:
                    36:b8:8b:d5:2d:dc:4f:3b:5f:ad:72:74:85:b2:e2:
                    46:73:90:57:a6:c2:fe:4b:be:87:7c:94:82:03:26:
                    f4:25:07:76:e2:75:64:ff:12:dd:87:85:5e:57:e3:
                    cc:dd:4f:b4:0e:6d:78:4a:96:d8:3d:a1:c2:78:70:
                    fc:5c:f6:cc:66:1d:78:c4:83:57:0f:e1:2f:78:28:
                    22:24:e3:d3:e3:0d:08:b4:76:40:ea:cb:f9:d9:2a:
                    ed:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:3C:7A:1B:1A:1F:C8:DB:E9:7E:17:07:6B:DE:E4:D8:92:3A:FB:51
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231322e3130332e36332e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c2:7b:f6:5e:7a:f4:1b:24:1e:b7:dd:25:7d:3b:0a:aa:2e:
         4d:79:8f:68:88:e4:42:cc:4e:52:c3:3f:e3:8b:b4:2b:2d:14:
         d0:84:c4:7f:b0:8b:5c:2e:74:7a:d9:8e:a9:59:96:4d:7c:e2:
         10:aa:00:a7:a1:f4:74:6c:93:5a:41:e0:03:39:6e:f3:c5:c2:
         8b:f0:85:61:7e:65:71:bc:2c:03:84:20:81:2d:95:32:d1:3e:
         6c:eb:a3:55:ff:88:06:46:9b:ee:cb:23:d3:45:6b:56:30:1a:
         66:fa:e3:f4:44:6b:20:96:f7:c0:d2:cb:e4:ef:f6:cd:71:5a:
         30:88:fa:23:7e:9a:ba:90:47:12:a9:a2:63:08:2d:ca:ca:86:
         5f:8e:7c:dc:b8:f7:bd:51:dc:64:5d:b0:b4:0c:e8:5a:46:6e:
         da:cf:78:2c:dd:de:a1:3e:bf:70:30:f8:34:08:23:51:dd:4c:
         c3:1e:36:4c:db:af:9f:bc:ad:da:10:44:c1:9f:77:57:6c:80:
         79:58:da:25:53:eb:a2:5a:65:99:19:d5:ef:e9:f5:44:ed:a6:
         90:9d:1b:7e:b8:de:f7:6a:43:56:dc:b4:60:b1:0f:1a:2b:33:
         3c:f1:b7:ad:9a:32:13:00:3b:df:7e:88:6d:4d:9d:d3:dd:c1:
         c7:9e:ce:bd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUIygw5r8Ng/OqT3kivywJYFa2VYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yMzA5MTUxNjI5MTFaFw0yNDA5MTMxNjM0MTFaMDMxMTAvBgNV
BAMTKDZFM0M3QTFCMUExRkM4REJFOTdFMTcwNzZCREVFNEQ4OTIzQUZCNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjoTHB/W/58IgZnFLKoY2LBGFe
no5WWlUx9G6cCDFK89qyHpHcZNuuHa8CgkQRVrDvOIN+2UrJ/39c18kTGG9T1ePe
/DEEbK2fBHojeXVEGyPszys7akGeuQA2IN0sy4wrCO8HwMsBsLMEyXrb0WFC+JKa
F/1BdLgTGONSwGc9u676sFhPsH9OQnBS+jF8C/xoXdnlhWTm2aB6HXOTXgXbG8bZ
pTa4i9Ut3E87X61ydIWy4kZzkFemwv5Lvod8lIIDJvQlB3bidWT/Et2HhV5X48zd
T7QObXhKltg9ocJ4cPxc9sxmHXjEg1cP4S94KCIk49PjDQi0dkDqy/nZKu2nAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUbjx6GxofyNvpfhcHa97k2JI6+1EwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzIzMTMyMmUzMTMwMzMyZTM2
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUZz8w
DQYJKoZIhvcNAQELBQADggEBAArCe/ZeevQbJB633SV9OwqqLk15j2iI5ELMTlLD
P+OLtCstFNCExH+wi1wudHrZjqlZlk184hCqAKeh9HRsk1pB4AM5bvPFwovwhWF+
ZXG8LAOEIIEtlTLRPmzro1X/iAZGm+7LI9NFa1YwGmb64/REayCW98DSy+Tv9s1x
WjCI+iN+mrqQRxKpomMILcrKhl+OfNy4971R3GRdsLQM6FpGbtrPeCzd3qE+v3Aw
+DQII1HdTMMeNkzbr5+8rdoQRMGfd1dsgHlY2iVT66JaZZkZ1e/p9UTtppCdG364
3vdqQ1bctGCxDxorMzzxt62aMhMAO99+iG1NndPdwceezr0=
-----END CERTIFICATE-----