Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e3130322e3130322e302f32342d3234203d3e20383334.roa
File:                     3231322e3130322e3130322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          PR4EZX97nQoXvGEKUIVNynNasvU0COwhDSpVYZ4oGAY=
Subject key identifier:   B9:9C:48:02:60:33:48:84:00:1F:03:CB:23:11:FE:0C:62:D8:B6:61
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       04C11CDDDE358EACD8913BDED3F587E7244B5793
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e3130322e3130322e302f32342d3234203d3e20383334.roa
Signing time:             Thu 15 Aug 2024 08:04:38 +0000
ROA not before:           Thu 15 Aug 2024 07:59:38 +0000
ROA not after:            Thu 14 Aug 2025 08:04:38 +0000
asID:                     834
IP address blocks:        212.102.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c1:1c:dd:de:35:8e:ac:d8:91:3b:de:d3:f5:87:e7:24:4b:57:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 15 07:59:38 2024 GMT
            Not After : Aug 14 08:04:38 2025 GMT
        Subject: CN=B99C480260334884001F03CB2311FE0C62D8B661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ce:f4:bb:88:f3:9d:b7:ce:e7:c6:0b:3b:7b:
                    e4:db:36:43:e4:64:53:43:5f:f1:76:8d:c6:f3:f3:
                    67:39:43:64:4f:b5:d7:32:84:5a:a0:20:ae:95:20:
                    9e:23:98:75:d0:b9:59:6a:91:8d:6b:d9:f2:d3:94:
                    32:f5:d3:28:e5:b4:31:df:4f:a8:a9:e4:e8:10:f2:
                    84:05:a5:9f:26:9d:1e:11:73:05:e2:17:6e:92:25:
                    dc:e8:aa:2a:1d:eb:71:73:4b:7a:eb:90:e2:64:65:
                    db:8f:a6:8c:72:f9:8c:7b:b6:62:7b:06:dd:26:63:
                    bc:98:11:0c:cc:b7:80:4c:3c:9d:5a:be:a2:9a:57:
                    90:d3:6a:3d:97:30:6c:2a:7a:34:33:a3:34:7f:e7:
                    e7:e3:08:2d:ce:95:8e:67:5d:7d:30:10:61:bb:2e:
                    83:c2:bd:8d:50:df:e6:c5:a1:d7:41:ea:49:8f:d7:
                    e7:91:4d:a7:c9:76:e5:f3:75:ff:4d:38:90:28:3b:
                    2a:21:eb:87:f1:66:e8:e9:8b:eb:18:17:f5:a8:89:
                    a4:51:d5:82:cf:09:e5:fe:e9:69:ac:13:bb:fb:4d:
                    57:30:0c:8e:e5:1d:dc:ff:35:8e:27:8f:b5:ae:b9:
                    07:99:27:12:1b:83:d5:ae:f9:ba:0b:fb:c4:aa:08:
                    d7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:9C:48:02:60:33:48:84:00:1F:03:CB:23:11:FE:0C:62:D8:B6:61
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e3130322e3130322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:9c:2a:fd:14:23:fa:35:87:ae:68:a2:ca:ab:93:93:f4:14:
         05:15:80:f3:57:90:a9:f1:fb:58:e9:98:b4:ac:9a:88:ad:fd:
         7b:65:f9:e5:ce:f5:bc:7a:d7:9b:77:ea:7f:16:45:16:c7:fd:
         0d:f7:cf:51:e5:9c:3c:85:6d:21:b1:3a:91:b4:70:da:d8:54:
         ac:ce:ea:70:af:0e:19:74:f4:a2:ae:3a:aa:7f:6c:3e:0b:aa:
         ff:dd:a9:ee:18:9d:8c:5f:ab:9a:08:ba:2a:2a:d3:e9:c2:67:
         12:a0:8a:c2:46:a8:69:6e:d6:ff:76:c8:ee:b1:63:3f:c9:ab:
         99:ea:0b:02:5e:06:7c:fa:17:5a:14:d6:1d:da:12:b1:d0:26:
         d1:4f:a9:38:cb:7f:c9:1d:8d:8a:06:e3:c1:01:c1:0c:c9:bb:
         2f:73:a1:05:ef:2a:df:68:07:44:9c:2e:c3:67:d9:b2:d5:70:
         c2:c5:a1:a8:45:7d:8f:be:55:49:2c:ed:11:94:17:79:22:b5:
         69:a0:21:ab:87:53:39:39:6e:22:02:78:55:50:03:87:3e:84:
         ba:9e:e6:3a:12:91:91:20:62:8d:9e:bf:3f:c0:5a:23:03:c7:
         44:57:46:99:42:9f:20:c1:ad:b0:f7:87:37:b9:a8:83:dd:b0:
         b2:3d:25:d2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBMEc3d41jqzYkTve0/WH5yRLV5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MTUwNzU5MzhaFw0yNTA4MTQwODA0MzhaMDMxMTAvBgNV
BAMTKEI5OUM0ODAyNjAzMzQ4ODQwMDFGMDNDQjIzMTFGRTBDNjJEOEI2NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMzvS7iPOdt87nxgs7e+TbNkPk
ZFNDX/F2jcbz82c5Q2RPtdcyhFqgIK6VIJ4jmHXQuVlqkY1r2fLTlDL10yjltDHf
T6ip5OgQ8oQFpZ8mnR4RcwXiF26SJdzoqiod63FzS3rrkOJkZduPpoxy+Yx7tmJ7
Bt0mY7yYEQzMt4BMPJ1avqKaV5DTaj2XMGwqejQzozR/5+fjCC3OlY5nXX0wEGG7
LoPCvY1Q3+bFoddB6kmP1+eRTafJduXzdf9NOJAoOyoh64fxZujpi+sYF/WoiaRR
1YLPCeX+6WmsE7v7TVcwDI7lHdz/NY4nj7WuuQeZJxIbg9Wu+boL+8SqCNdTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuZxIAmAzSIQAHwPLIxH+DGLYtmEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTMyMmUzMTMwMzIyZTMx
MzAzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRm
ZjANBgkqhkiG9w0BAQsFAAOCAQEAQpwq/RQj+jWHrmiiyquTk/QUBRWA81eQqfH7
WOmYtKyaiK39e2X55c71vHrXm3fqfxZFFsf9DffPUeWcPIVtIbE6kbRw2thUrM7q
cK8OGXT0oq46qn9sPguq/92p7hidjF+rmgi6KirT6cJnEqCKwkaoaW7W/3bI7rFj
P8mrmeoLAl4GfPoXWhTWHdoSsdAm0U+pOMt/yR2NigbjwQHBDMm7L3OhBe8q32gH
RJwuw2fZstVwwsWhqEV9j75VSSztEZQXeSK1aaAhq4dTOTluIgJ4VVADhz6Eup7m
OhKRkSBijZ6/P8BaIwPHRFdGmUKfIMGtsPeHN7mog92wsj0l0g==
-----END CERTIFICATE-----