Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa
File:                     AS139648.roa (raw, json)
Hash identifier:          Mu8U8ftvOM2qQfM1QGvlk2voiBNf6S27d6TfI8G/Z9k=
Subject key identifier:   FB:78:9B:67:99:F5:4A:E0:9C:18:90:FD:B5:87:2F:77:DC:57:FE:41
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0DC6987BDD9FB5EF971F4AA5CAFD02DA76355087
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa
Signing time:             Sat 01 Jun 2024 06:57:13 +0000
ROA not before:           Sat 01 Jun 2024 06:52:13 +0000
ROA not after:            Sat 31 May 2025 06:57:13 +0000
asID:                     139648
IP address blocks:        141.11.194.0/23 maxlen: 24
                          141.11.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:c6:98:7b:dd:9f:b5:ef:97:1f:4a:a5:ca:fd:02:da:76:35:50:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  1 06:52:13 2024 GMT
            Not After : May 31 06:57:13 2025 GMT
        Subject: CN=FB789B6799F54AE09C1890FDB5872F77DC57FE41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9c:6a:bc:b9:6f:a3:15:9d:f1:76:e0:43:0d:
                    f1:15:41:1d:04:a9:f5:2d:70:66:20:5b:c9:99:8c:
                    51:76:f2:d1:a9:96:1f:ee:ba:ba:6c:00:bc:6f:74:
                    50:f2:b0:ef:74:70:4b:4e:4f:e0:e8:b8:ff:05:54:
                    b0:2f:d1:b7:99:45:c7:fd:21:a1:b5:cd:55:33:2d:
                    6c:ae:a7:b7:d5:0d:89:b4:0f:3c:65:07:34:0a:ef:
                    59:34:04:49:2c:2d:5e:60:4c:86:d6:5c:bd:bc:32:
                    03:f5:47:79:51:e6:67:4d:d5:97:4e:3b:bb:3a:20:
                    79:7f:62:f8:a0:1c:56:31:3c:a4:70:52:8e:7b:0c:
                    76:95:f4:0f:d9:7e:c5:b8:74:bf:d6:ba:46:80:e0:
                    4f:ed:25:b6:86:21:8b:5b:93:83:27:81:97:3f:00:
                    5e:70:05:88:7d:3a:f5:30:12:fa:7e:c6:54:de:68:
                    69:34:76:c8:cd:28:4b:82:fe:ab:c9:3c:2e:98:50:
                    7e:41:61:08:08:e1:3c:0f:65:f2:bd:cc:1c:fd:07:
                    55:48:25:8e:10:ed:c5:a7:7e:df:f8:a9:a7:ed:40:
                    31:54:5d:78:df:f9:f0:a1:8b:ad:9c:e3:e3:1d:e6:
                    ff:d7:e8:0f:9d:7a:c2:2c:dd:b1:30:6c:3f:0b:05:
                    0b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:78:9B:67:99:F5:4A:E0:9C:18:90:FD:B5:87:2F:77:DC:57:FE:41
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.194.0/23
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:c2:5d:2a:bc:a5:c5:6b:73:de:49:f6:ef:76:4b:67:3e:5f:
         84:5d:76:31:f7:48:80:35:05:20:0a:cc:81:d7:f2:21:62:3b:
         04:b8:5a:15:62:a4:41:4a:eb:eb:9c:b8:c7:f8:74:7f:85:c9:
         67:8c:f1:b5:2f:da:ba:01:07:cc:a5:1e:7d:0a:16:43:5e:fe:
         6b:dc:ca:76:1e:9d:01:e4:0d:60:26:25:45:03:03:0d:db:e2:
         09:4c:e6:f7:59:57:eb:aa:29:29:64:e1:e1:9c:49:de:de:3d:
         bf:59:8a:ae:98:66:c0:b1:80:85:46:fb:ca:8b:99:9d:c7:21:
         d8:2a:74:1a:20:9f:6a:25:10:cc:7e:e5:30:67:57:69:52:31:
         be:19:f9:45:73:2e:5c:68:32:f9:2a:95:11:c9:1b:a1:41:4d:
         89:4a:d7:d1:74:fd:05:b7:bf:27:59:7b:9c:f8:13:0f:95:a9:
         25:27:1a:e4:1a:b2:e0:5c:05:69:b9:27:bc:16:e9:3e:b2:73:
         90:b0:14:3a:c2:f5:b2:21:1b:b7:f3:88:65:36:19:7c:e1:1b:
         95:04:3d:a3:05:09:ce:9f:0a:88:b9:39:43:00:5c:89:0b:3e:
         dc:33:0f:47:f1:bd:8c:2a:35:19:fe:05:fb:c2:f3:1c:a9:0b:
         8e:36:fa:c6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUDcaYe92fte+XH0qlyv0C2nY1UIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA2MDEwNjUyMTNaFw0yNTA1MzEwNjU3MTNaMDMxMTAvBgNV
BAMTKEZCNzg5QjY3OTlGNTRBRTA5QzE4OTBGREI1ODcyRjc3REM1N0ZFNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKnGq8uW+jFZ3xduBDDfEVQR0E
qfUtcGYgW8mZjFF28tGplh/uurpsALxvdFDysO90cEtOT+DouP8FVLAv0beZRcf9
IaG1zVUzLWyup7fVDYm0DzxlBzQK71k0BEksLV5gTIbWXL28MgP1R3lR5mdN1ZdO
O7s6IHl/YvigHFYxPKRwUo57DHaV9A/ZfsW4dL/WukaA4E/tJbaGIYtbk4MngZc/
AF5wBYh9OvUwEvp+xlTeaGk0dsjNKEuC/qvJPC6YUH5BYQgI4TwPZfK9zBz9B1VI
JY4Q7cWnft/4qaftQDFUXXjf+fChi62c4+Md5v/X6A+desIs3bEwbD8LBQslAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU+3ibZ5n1SuCcGJD9tYcvd9xX/kEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM5NjQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBjQvC
AwQAjQvwMA0GCSqGSIb3DQEBCwUAA4IBAQBYwl0qvKXFa3PeSfbvdktnPl+EXXYx
90iANQUgCsyB1/IhYjsEuFoVYqRBSuvrnLjH+HR/hclnjPG1L9q6AQfMpR59ChZD
Xv5r3Mp2Hp0B5A1gJiVFAwMN2+IJTOb3WVfrqikpZOHhnEne3j2/WYqumGbAsYCF
RvvKi5mdxyHYKnQaIJ9qJRDMfuUwZ1dpUjG+GflFcy5caDL5KpURyRuhQU2JStfR
dP0Ft78nWXuc+BMPlaklJxrkGrLgXAVpuSe8Fuk+snOQsBQ6wvWyIRu384hlNhl8
4RuVBD2jBQnOnwqIuTlDAFyJCz7cMw9H8b2MKjUZ/gX7wvMcqQuONvrG
-----END CERTIFICATE-----