Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34372e302f32342d3234203d3e20383334.roa
File:                     3231322e3130332e34372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          tBJtqCjr0cq/MMgRAK92Aj3/alZJx7yj+Im6DlRSUtc=
Subject key identifier:   2B:03:10:F0:7D:CC:FB:05:31:F6:A2:68:C6:26:FB:BC:03:21:60:42
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       5C3C37D1C83E5F2E75A6DA9E22937EC5E3296764
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 12 Aug 2025 13:07:28 +0000
ROA not before:           Tue 12 Aug 2025 13:02:28 +0000
ROA not after:            Tue 11 Aug 2026 13:07:28 +0000
asID:                     834
IP address blocks:        212.103.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:3c:37:d1:c8:3e:5f:2e:75:a6:da:9e:22:93:7e:c5:e3:29:67:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Aug 12 13:02:28 2025 GMT
            Not After : Aug 11 13:07:28 2026 GMT
        Subject: CN=2B0310F07DCCFB0531F6A268C626FBBC03216042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ac:d1:6b:74:01:43:59:bf:7a:f6:cf:6a:0f:
                    ae:f1:d6:6e:a7:fb:a3:00:58:c0:14:f9:b0:94:c2:
                    4d:1f:33:ae:b9:25:7a:50:e3:1e:c4:8d:0c:2e:c4:
                    d3:43:4c:28:d0:c7:75:a6:60:12:97:7f:63:02:89:
                    89:87:b0:4c:5a:97:4b:8c:87:bb:42:a4:18:80:3a:
                    97:64:17:c8:81:28:f6:04:75:10:0c:7a:0e:17:46:
                    93:15:af:68:cb:56:e3:00:a3:63:97:f3:a8:0a:3f:
                    b1:e6:be:52:40:09:3b:d8:6e:a6:81:00:8b:21:64:
                    74:1d:a8:c7:b3:dd:d1:c7:3e:14:e9:56:fc:f4:16:
                    b2:40:dd:e8:54:24:5b:e5:65:16:7d:16:af:03:7d:
                    4b:69:02:d7:e6:9d:f2:41:76:0b:11:45:09:9a:40:
                    6d:bf:a6:23:c1:6f:00:5c:bf:4c:51:c1:ea:e7:a9:
                    da:e2:26:3e:5d:45:3b:0c:3f:35:e3:88:f5:70:0c:
                    9a:58:0e:49:9c:c0:f9:d3:79:ba:b5:df:94:cb:c4:
                    8b:66:8b:8c:c2:92:04:45:d2:80:8e:7f:76:63:cd:
                    13:1c:98:90:a2:90:c3:bd:f1:28:a6:a3:d2:6e:f3:
                    53:59:65:dd:74:71:1e:c2:d4:32:fa:d5:68:9d:b0:
                    30:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:03:10:F0:7D:CC:FB:05:31:F6:A2:68:C6:26:FB:BC:03:21:60:42
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:86:1b:55:5a:32:77:1c:15:0a:6f:b3:34:4d:04:4f:88:ea:
         62:38:9e:8a:52:ef:7d:f2:f8:38:6d:db:bd:e2:5f:d4:96:2b:
         b6:64:a5:10:82:54:c3:0a:f3:75:94:51:e8:55:bb:7e:2a:64:
         79:85:7c:fd:7d:47:fe:ca:d7:b2:c8:b5:79:b7:33:ae:4a:65:
         71:92:7b:54:17:bf:36:76:6f:06:57:a6:1b:76:21:e9:a2:15:
         23:b4:3c:50:2a:34:0e:2a:ba:a2:38:2b:e1:89:de:4f:1d:fa:
         38:60:06:e5:c1:26:ee:18:f3:2f:b1:c7:78:6c:9f:99:57:d4:
         f4:a0:30:05:c1:50:80:03:bb:b3:f7:e4:54:0e:8b:ed:ca:17:
         da:a1:84:8d:52:de:53:98:6f:51:a0:48:62:b1:ae:1c:8f:cf:
         86:ae:83:ea:57:cb:4c:23:e6:0a:8f:bb:40:e8:bd:74:4e:16:
         11:d4:8d:6d:1a:bf:53:d1:67:7d:06:ae:66:a4:a4:85:c8:a7:
         d9:8f:69:ef:8f:80:d5:79:8a:47:3f:82:f8:4c:71:bc:c2:90:
         f7:77:94:fe:c0:c3:3a:76:27:91:0d:73:08:81:24:01:44:f1:
         fd:f9:5a:56:34:01:57:99:d1:1f:71:c4:81:d5:02:eb:bc:87:
         8f:f4:49:9c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXDw30cg+Xy51ptqeIpN+xeMpZ2QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNTA4MTIxMzAyMjhaFw0yNjA4MTExMzA3MjhaMDMxMTAvBgNV
BAMTKDJCMDMxMEYwN0RDQ0ZCMDUzMUY2QTI2OEM2MjZGQkJDMDMyMTYwNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirNFrdAFDWb969s9qD67x1m6n
+6MAWMAU+bCUwk0fM665JXpQ4x7EjQwuxNNDTCjQx3WmYBKXf2MCiYmHsExal0uM
h7tCpBiAOpdkF8iBKPYEdRAMeg4XRpMVr2jLVuMAo2OX86gKP7HmvlJACTvYbqaB
AIshZHQdqMez3dHHPhTpVvz0FrJA3ehUJFvlZRZ9Fq8DfUtpAtfmnfJBdgsRRQma
QG2/piPBbwBcv0xRwernqdriJj5dRTsMPzXjiPVwDJpYDkmcwPnTebq135TLxItm
i4zCkgRF0oCOf3ZjzRMcmJCikMO98Simo9Ju81NZZd10cR7C1DL61WidsDCXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUKwMQ8H3M+wUx9qJoxib7vAMhYEIwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzIzMTMyMmUzMTMwMzMyZTM0
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUZy8w
DQYJKoZIhvcNAQELBQADggEBAEWGG1VaMnccFQpvszRNBE+I6mI4nopS733y+Dht
273iX9SWK7ZkpRCCVMMK83WUUehVu34qZHmFfP19R/7K17LItXm3M65KZXGSe1QX
vzZ2bwZXpht2IemiFSO0PFAqNA4quqI4K+GJ3k8d+jhgBuXBJu4Y8y+xx3hsn5lX
1PSgMAXBUIADu7P35FQOi+3KF9qhhI1S3lOYb1GgSGKxrhyPz4aug+pXy0wj5gqP
u0DovXROFhHUjW0av1PRZ30GrmakpIXIp9mPae+PgNV5ikc/gvhMcbzCkPd3lP7A
wzp2J5ENcwiBJAFE8f35WlY0AVeZ0R9xxIHVAuu8h4/0SZw=
-----END CERTIFICATE-----