Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa
File:                     AS141158.roa (raw, json)
Hash identifier:          WmMPnb4fyMzaWY9L+aKonLTFGf0H/Byne22vysS20G8=
Subject key identifier:   18:EB:B9:AB:2F:EC:A4:92:7C:C5:D2:2E:F2:7E:18:B6:1E:C5:40:7D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       532480493F20945CFD4C9FCD9F77C22A32F35E30
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     141158
IP address blocks:        141.11.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:24:80:49:3f:20:94:5c:fd:4c:9f:cd:9f:77:c2:2a:32:f3:5e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=18EBB9AB2FECA4927CC5D22EF27E18B61EC5407D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:28:e3:eb:a4:8c:6a:35:b5:cd:95:4a:fa:0f:
                    4f:5c:1e:97:5d:79:d4:fc:61:4f:bf:f5:a7:c9:6d:
                    ce:5c:3a:26:e6:f5:6f:85:44:f0:81:e9:21:22:6a:
                    f3:1b:0d:7a:a3:1e:7c:70:63:fc:94:61:f9:55:4e:
                    c5:15:ff:1e:a2:4a:f1:42:2f:f4:57:87:19:bb:07:
                    35:8e:7a:9c:c8:b7:61:0f:d8:0e:b0:9e:f5:50:2f:
                    48:bb:38:1b:a1:6e:2f:27:dc:eb:4d:de:b7:d3:b7:
                    04:1c:0f:00:88:70:80:e4:de:e9:78:66:08:50:b0:
                    ec:16:e2:43:92:66:ef:75:9e:4e:b1:74:c5:46:a4:
                    d1:9d:84:4a:1b:b5:22:a3:b6:7d:ee:4d:ac:da:bc:
                    db:9c:f1:04:ed:66:cc:4a:bd:06:14:ba:33:3f:b5:
                    aa:d6:f9:a2:90:88:46:6c:63:c0:02:11:a9:cc:10:
                    e4:20:00:ac:bf:51:57:be:19:70:7d:fe:e8:8f:ac:
                    d1:b5:ca:6c:b1:99:9e:40:0f:69:f3:32:34:d7:6f:
                    39:ec:f7:8a:54:db:de:ad:c9:33:55:4c:98:b9:8e:
                    c4:51:42:cd:f8:10:ad:74:bc:a4:43:fc:c6:ea:ad:
                    13:9d:33:72:15:05:45:7d:51:fe:99:98:86:35:44:
                    6d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:EB:B9:AB:2F:EC:A4:92:7C:C5:D2:2E:F2:7E:18:B6:1E:C5:40:7D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:16:aa:da:a7:21:1f:5b:2c:2b:60:79:de:9e:34:94:91:39:
         9d:1a:55:43:2a:12:9e:a2:86:0b:8f:8a:e7:80:b3:23:e3:c0:
         c6:80:eb:d0:2b:fa:93:96:34:fb:68:4c:85:eb:fc:f7:56:44:
         af:97:71:0c:95:cc:5b:db:95:7b:58:c0:6b:a6:2f:dc:ee:f6:
         c6:52:91:9c:a4:3c:d2:e7:f4:f2:ab:7a:a8:08:3c:14:60:a6:
         be:83:7b:e5:76:8e:9b:39:23:4b:dc:a8:e0:f9:92:dc:0e:84:
         50:f7:0b:45:4a:c3:1a:11:2b:31:6d:cf:9e:05:cf:6e:c3:2f:
         6f:2a:a9:3c:de:f7:74:c9:ac:0c:b0:45:33:56:0a:b6:95:4c:
         af:23:94:71:77:2a:58:38:d6:fe:1f:c5:2a:0f:5f:f8:2d:05:
         82:7b:bc:2e:11:05:97:24:bf:b3:8b:e8:f2:de:7c:df:04:d9:
         d9:ff:7e:36:b4:13:ef:ed:b0:f2:02:5f:da:3a:c9:4c:a7:ff:
         6c:e0:4e:60:c9:cc:64:45:5d:90:e7:6d:c0:b1:69:df:de:23:
         7c:7a:7f:40:36:20:48:e9:14:36:c1:f9:4f:fc:16:9d:38:d4:
         c9:3a:84:73:b4:a3:b3:98:95:b3:17:d1:75:a7:8b:f7:39:82:
         21:e5:ae:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUySAST8glFz9TJ/Nn3fCKjLzXjAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKDE4RUJCOUFCMkZFQ0E0OTI3Q0M1RDIyRUYyN0UxOEI2MUVDNTQwN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJKOPrpIxqNbXNlUr6D09cHpdd
edT8YU+/9afJbc5cOibm9W+FRPCB6SEiavMbDXqjHnxwY/yUYflVTsUV/x6iSvFC
L/RXhxm7BzWOepzIt2EP2A6wnvVQL0i7OBuhbi8n3OtN3rfTtwQcDwCIcIDk3ul4
ZghQsOwW4kOSZu91nk6xdMVGpNGdhEobtSKjtn3uTazavNuc8QTtZsxKvQYUujM/
tarW+aKQiEZsY8ACEanMEOQgAKy/UVe+GXB9/uiPrNG1ymyxmZ5AD2nzMjTXbzns
94pU296tyTNVTJi5jsRRQs34EK10vKRD/MbqrROdM3IVBUV9Uf6ZmIY1RG2VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGOu5qy/spJJ8xdIu8n4Yth7FQH0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQxMTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtl
MA0GCSqGSIb3DQEBCwUAA4IBAQAWFqrapyEfWywrYHnenjSUkTmdGlVDKhKeooYL
j4rngLMj48DGgOvQK/qTljT7aEyF6/z3VkSvl3EMlcxb25V7WMBrpi/c7vbGUpGc
pDzS5/Tyq3qoCDwUYKa+g3vldo6bOSNL3Kjg+ZLcDoRQ9wtFSsMaESsxbc+eBc9u
wy9vKqk83vd0yawMsEUzVgq2lUyvI5RxdypYONb+H8UqD1/4LQWCe7wuEQWXJL+z
i+jy3nzfBNnZ/342tBPv7bDyAl/aOslMp/9s4E5gycxkRV2Q523AsWnf3iN8en9A
NiBI6RQ2wflP/BadONTJOoRztKOzmJWzF9F1p4v3OYIh5a78
-----END CERTIFICATE-----