Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          ZqwsOLf45Y/ZzXaeEhRoZf44HVdT2W4c8OH6db7XvtI=
Subject key identifier:   BA:6E:DF:2A:D7:F6:E5:5C:E3:E8:1D:13:A2:68:A5:DF:D1:CC:13:B8
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7F3D3256EA8D19DF2EAB410D95D0305EFE43D7A9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa
Signing time:             Fri 31 May 2024 14:39:36 +0000
ROA not before:           Fri 31 May 2024 14:34:36 +0000
ROA not after:            Fri 30 May 2025 14:39:36 +0000
asID:                     137409
IP address blocks:        141.11.36.0/24 maxlen: 24
                          141.11.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:3d:32:56:ea:8d:19:df:2e:ab:41:0d:95:d0:30:5e:fe:43:d7:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 31 14:34:36 2024 GMT
            Not After : May 30 14:39:36 2025 GMT
        Subject: CN=BA6EDF2AD7F6E55CE3E81D13A268A5DFD1CC13B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d3:e4:8a:3d:63:a6:b3:73:57:3a:5f:e0:2a:
                    78:d4:2c:63:65:c3:98:93:a6:f9:a1:eb:0a:3c:03:
                    17:20:15:d0:b4:d4:bd:33:aa:07:30:cc:bf:78:4e:
                    f3:53:a4:a6:be:08:9d:c6:39:ff:e7:34:3f:1a:b2:
                    43:ac:dc:dd:ab:a0:ea:af:0f:83:1c:dd:df:c0:0c:
                    80:ad:87:1e:0d:bd:c2:40:3d:61:94:9c:fe:82:45:
                    b5:19:f7:0a:be:48:fa:12:8e:9c:fd:b7:51:13:47:
                    a3:b2:a0:d2:fd:d5:ab:47:6a:df:2c:f5:be:db:b8:
                    e6:c0:f9:8f:35:0e:42:aa:68:6a:33:ed:a7:c0:cf:
                    3c:5b:28:61:27:9a:18:1f:98:a1:d2:ef:82:41:40:
                    2b:aa:2f:0a:9e:8a:b3:a0:ae:9b:c3:13:c9:33:3a:
                    fa:f4:72:5f:cf:49:b6:72:47:72:b3:61:f4:40:dd:
                    d1:fe:38:17:e1:68:aa:be:20:5b:d6:3a:8b:7d:c4:
                    f8:fe:46:10:7f:39:68:65:3e:89:3f:e7:c6:d5:7a:
                    3a:e6:c2:7b:0e:0c:28:bf:14:a1:6b:05:13:44:35:
                    50:e2:31:67:37:e2:67:03:5c:b2:6e:be:07:dc:66:
                    39:14:b1:fc:86:3f:ca:14:1d:f8:87:46:8f:d4:40:
                    3e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6E:DF:2A:D7:F6:E5:5C:E3:E8:1D:13:A2:68:A5:DF:D1:CC:13:B8
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.36.0/24
                  141.11.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:2e:05:ba:a3:1e:03:9e:b9:08:ea:4c:e2:cd:26:7d:bb:32:
         99:a6:7d:76:ab:ba:af:52:57:84:93:a1:4b:bb:0f:20:fa:77:
         93:38:fb:35:49:f6:36:37:30:be:b0:f2:c4:f9:9f:4a:7d:db:
         0d:bb:7e:fa:47:c8:0e:6d:25:06:31:88:ba:b8:e3:34:e9:a4:
         0c:d6:89:6c:20:ee:a7:e3:65:5c:bc:95:f7:97:89:78:7f:66:
         50:34:ef:9d:28:72:1d:2e:90:8a:8b:42:b0:a5:03:d6:1c:01:
         6b:68:67:c6:89:18:32:09:23:a9:8e:8f:96:88:51:47:8f:98:
         79:0b:ef:ef:bb:ea:2b:60:26:3c:75:db:e3:5c:76:ae:5b:19:
         af:51:90:1e:5c:48:2b:55:17:c7:4b:b3:21:fd:53:99:48:36:
         7f:5f:77:30:8d:b4:8b:73:76:a1:47:47:f6:26:2b:dd:f1:ec:
         06:23:44:18:5e:f9:ba:bb:8f:74:17:7c:5b:78:5c:02:84:a5:
         2e:7b:8a:d4:95:51:6a:9b:5b:d5:53:c3:bb:b3:54:e2:ad:e5:
         71:b1:17:f4:24:66:a5:48:0b:c6:c4:09:56:02:88:b5:b5:95:
         d7:02:0d:37:11:30:88:de:6c:63:59:7a:bf:25:03:ba:0b:16:
         8d:29:d2:a9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUfz0yVuqNGd8uq0ENldAwXv5D16kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MzExNDM0MzZaFw0yNTA1MzAxNDM5MzZaMDMxMTAvBgNV
BAMTKEJBNkVERjJBRDdGNkU1NUNFM0U4MUQxM0EyNjhBNURGRDFDQzEzQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC90+SKPWOms3NXOl/gKnjULGNl
w5iTpvmh6wo8AxcgFdC01L0zqgcwzL94TvNTpKa+CJ3GOf/nND8askOs3N2roOqv
D4Mc3d/ADICthx4NvcJAPWGUnP6CRbUZ9wq+SPoSjpz9t1ETR6OyoNL91atHat8s
9b7buObA+Y81DkKqaGoz7afAzzxbKGEnmhgfmKHS74JBQCuqLwqeirOgrpvDE8kz
Ovr0cl/PSbZyR3KzYfRA3dH+OBfhaKq+IFvWOot9xPj+RhB/OWhlPok/58bVejrm
wnsODCi/FKFrBRNENVDiMWc34mcDXLJuvgfcZjkUsfyGP8oUHfiHRo/UQD7BAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUum7fKtf25Vzj6B0Tomil39HME7gwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQsk
AwQAjQtAMA0GCSqGSIb3DQEBCwUAA4IBAQCiLgW6ox4DnrkI6kzizSZ9uzKZpn12
q7qvUleEk6FLuw8g+neTOPs1SfY2NzC+sPLE+Z9KfdsNu376R8gObSUGMYi6uOM0
6aQM1olsIO6n42VcvJX3l4l4f2ZQNO+dKHIdLpCKi0KwpQPWHAFraGfGiRgyCSOp
jo+WiFFHj5h5C+/vu+orYCY8ddvjXHauWxmvUZAeXEgrVRfHS7Mh/VOZSDZ/X3cw
jbSLc3ahR0f2Jivd8ewGI0QYXvm6u490F3xbeFwChKUue4rUlVFqm1vVU8O7s1Ti
reVxsRf0JGalSAvGxAlWAoi1tZXXAg03ETCI3mxjWXq/JQO6CxaNKdKp
-----END CERTIFICATE-----