Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33322e302f32322d3332203d3e203430303231.roa
File:                     3231322e35362e33322e302f32322d3332203d3e203430303231.roa (raw, json)
Hash identifier:          rXCXzrpfQoGg+kc2J2JUfgvhczgdYFhqIeDL9bL84sY=
Subject key identifier:   4C:DD:A0:D7:5D:AF:FA:B4:20:D1:7D:6C:2E:D9:D9:08:E2:F8:F7:BF
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6E0A068BDB4A62096A01CD92E33A47166389BB1F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33322e302f32322d3332203d3e203430303231.roa
Signing time:             Tue 24 Sep 2024 16:00:14 +0000
ROA not before:           Tue 24 Sep 2024 15:55:14 +0000
ROA not after:            Tue 23 Sep 2025 16:00:14 +0000
asID:                     40021
IP address blocks:        212.56.32.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:0a:06:8b:db:4a:62:09:6a:01:cd:92:e3:3a:47:16:63:89:bb:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 24 15:55:14 2024 GMT
            Not After : Sep 23 16:00:14 2025 GMT
        Subject: CN=4CDDA0D75DAFFAB420D17D6C2ED9D908E2F8F7BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f3:82:df:90:93:07:fd:90:6c:5e:07:ce:0a:
                    2d:5c:7e:b3:6b:1b:aa:92:22:6d:75:d0:a3:39:84:
                    ac:ef:bb:05:b1:7e:ac:4a:53:fa:6d:b1:55:81:b3:
                    1b:4b:c2:ef:ae:d6:5f:5c:0e:37:a2:87:86:4e:e2:
                    13:d9:e6:b9:4d:6b:36:50:b4:a3:74:36:f1:40:22:
                    aa:d1:c0:54:56:76:4d:59:e7:11:8b:1b:66:68:d1:
                    5d:4f:2c:3c:37:91:12:41:fe:b5:56:d1:4f:44:a3:
                    c1:d2:76:48:2e:be:6c:e7:b9:c6:66:e6:16:0a:13:
                    4d:79:48:ac:ed:ff:ff:43:4c:89:6a:c1:4d:d3:87:
                    c5:8b:80:49:53:6e:ca:82:fa:59:58:c6:dd:b6:f9:
                    d4:19:26:13:9e:df:5e:55:21:49:10:eb:43:ff:8b:
                    ae:0d:5a:ca:92:c7:d7:c0:14:76:9b:fc:d1:11:a4:
                    92:48:35:f3:5a:70:b8:a7:c8:53:11:f2:2b:b5:fc:
                    df:24:95:45:79:39:3c:4e:9c:1a:58:54:4a:b7:fe:
                    c1:f2:16:89:bd:b0:36:9d:46:a4:23:4f:3b:e7:06:
                    2a:42:23:c2:fa:b9:e6:bf:86:95:7c:83:a7:19:ad:
                    0f:5d:8b:d1:54:df:d1:66:b8:ee:f7:41:80:8d:5e:
                    1f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:DD:A0:D7:5D:AF:FA:B4:20:D1:7D:6C:2E:D9:D9:08:E2:F8:F7:BF
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33322e302f32322d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.56.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:50:ea:4b:27:67:33:b4:a8:8c:cf:f5:2e:65:b8:d4:be:24:
         b0:2e:ba:7b:e1:8d:2a:bd:a8:5f:77:42:27:cd:ad:d9:58:1d:
         fc:a2:65:1f:62:3b:f3:a8:ac:a2:84:25:08:a1:ee:64:7c:e1:
         0d:60:9d:b9:4c:19:ff:74:b7:52:6e:f4:4e:a6:e0:11:79:3a:
         68:40:0a:b7:c1:60:41:c9:54:4d:a6:60:a1:f1:e8:b8:1f:11:
         b4:1a:dc:a4:12:27:d6:87:11:75:89:7e:fa:15:64:a4:f5:1e:
         92:38:6e:d5:5d:5a:75:3c:51:f8:79:63:bf:c7:8a:0d:18:1f:
         e5:c4:71:43:51:ef:83:c0:80:c9:bb:ba:1b:e2:16:f1:cb:3d:
         56:9c:50:89:8f:0c:00:03:4f:68:8b:b7:93:f5:b8:3e:13:b0:
         05:5d:66:5a:31:f4:44:90:cc:21:44:e2:61:b2:73:7b:45:c3:
         e0:c7:36:28:ed:f5:04:90:01:3d:43:fd:99:2a:32:5c:47:ad:
         88:85:d6:7a:77:2d:48:a6:52:46:78:39:d0:77:68:94:7d:d7:
         c5:5d:12:4a:0e:80:78:a3:81:5b:10:9b:c9:96:60:21:76:3f:
         c4:05:39:48:be:51:f7:5b:16:bb:55:05:9e:60:39:64:c9:c8:
         41:64:79:7d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbgoGi9tKYglqAc2S4zpHFmOJux8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjQxNTU1MTRaFw0yNTA5MjMxNjAwMTRaMDMxMTAvBgNV
BAMTKDRDRERBMEQ3NURBRkZBQjQyMEQxN0Q2QzJFRDlEOTA4RTJGOEY3QkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN84LfkJMH/ZBsXgfOCi1cfrNr
G6qSIm110KM5hKzvuwWxfqxKU/ptsVWBsxtLwu+u1l9cDjeih4ZO4hPZ5rlNazZQ
tKN0NvFAIqrRwFRWdk1Z5xGLG2Zo0V1PLDw3kRJB/rVW0U9Eo8HSdkguvmznucZm
5hYKE015SKzt//9DTIlqwU3Th8WLgElTbsqC+llYxt22+dQZJhOe315VIUkQ60P/
i64NWsqSx9fAFHab/NERpJJINfNacLinyFMR8iu1/N8klUV5OTxOnBpYVEq3/sHy
Fom9sDadRqQjTzvnBipCI8L6uea/hpV8g6cZrQ9di9FU39FmuO73QYCNXh8VAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUTN2g112v+rQg0X1sLtnZCOL4978wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTMyMmUzNTM2MmUzMzMy
MmUzMDJmMzIzMjJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtQ4
IDANBgkqhkiG9w0BAQsFAAOCAQEAfVDqSydnM7SojM/1LmW41L4ksC66e+GNKr2o
X3dCJ82t2Vgd/KJlH2I786isooQlCKHuZHzhDWCduUwZ/3S3Um70TqbgEXk6aEAK
t8FgQclUTaZgofHouB8RtBrcpBIn1ocRdYl++hVkpPUekjhu1V1adTxR+Hljv8eK
DRgf5cRxQ1Hvg8CAybu6G+IW8cs9VpxQiY8MAANPaIu3k/W4PhOwBV1mWjH0RJDM
IUTiYbJze0XD4Mc2KO31BJABPUP9mSoyXEetiIXWenctSKZSRng50HdolH3XxV0S
Sg6AeKOBWxCbyZZgIXY/xAU5SL5R91sWu1UFnmA5ZMnIQWR5fQ==
-----END CERTIFICATE-----