Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151872.roa
File:                     AS151872.roa (raw, json)
Hash identifier:          e9LBFTe//sYHgY1TEGtwL/TDC7EzIkXQtWdP7pgZOKQ=
Subject key identifier:   5F:5F:17:54:DA:75:0D:3A:1A:59:06:88:E1:57:72:7C:01:64:A1:97
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       67767E887100A05D5D069E9CE0DAB507273FE02E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151872.roa
Signing time:             Mon 06 May 2024 14:44:54 +0000
ROA not before:           Mon 06 May 2024 14:39:54 +0000
ROA not after:            Mon 05 May 2025 14:44:54 +0000
asID:                     151872
IP address blocks:        141.11.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:76:7e:88:71:00:a0:5d:5d:06:9e:9c:e0:da:b5:07:27:3f:e0:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  6 14:39:54 2024 GMT
            Not After : May  5 14:44:54 2025 GMT
        Subject: CN=5F5F1754DA750D3A1A590688E157727C0164A197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f6:4f:63:fc:b9:aa:8a:ce:49:c4:6c:ab:e5:
                    7c:20:63:39:b2:1e:02:d2:b4:60:a7:ac:25:3f:a6:
                    9d:6e:78:1f:e3:76:cb:19:8e:9e:9e:a4:d6:2b:e1:
                    5f:d2:39:b9:30:16:26:d8:91:ed:1e:e2:56:d3:bd:
                    ab:01:ef:e6:30:79:24:6b:35:1c:ed:0f:0d:b8:6b:
                    95:1f:eb:77:24:d4:2b:a5:34:52:76:ce:47:16:4a:
                    be:6d:3c:9c:5e:92:84:f1:b0:3b:f8:09:27:d9:33:
                    13:29:43:d9:9f:d2:06:31:20:e8:42:1c:24:ca:51:
                    3e:aa:57:17:a7:9e:ee:d9:de:f5:1f:0f:e0:71:75:
                    89:b4:39:36:79:a2:8b:27:73:ff:aa:df:4e:d9:6f:
                    9b:3d:5d:8f:05:cf:c9:df:b5:94:09:92:81:ae:f8:
                    1f:d7:e8:b5:a7:40:47:63:4f:37:63:0e:ad:66:e5:
                    27:17:03:c0:02:36:fe:64:c5:4c:99:24:7a:5b:bc:
                    c5:61:81:dd:da:bd:98:57:d5:68:6c:36:47:e7:26:
                    74:dc:59:0f:52:63:65:e8:ee:db:66:35:f5:64:f0:
                    6f:c1:61:d7:41:46:ac:46:1f:71:51:ed:fb:ed:58:
                    b8:0f:b9:39:e5:c0:f5:2c:0c:ef:20:6d:7f:55:32:
                    33:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:5F:17:54:DA:75:0D:3A:1A:59:06:88:E1:57:72:7C:01:64:A1:97
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151872.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:55:f1:8a:a7:e9:a9:1b:92:9b:a6:73:52:c5:6e:6b:e2:7b:
         4e:df:59:fa:a4:79:aa:2a:11:fb:49:ee:a9:6a:a1:92:42:eb:
         2b:4b:61:50:c8:56:6d:69:61:55:ec:23:0d:c7:bd:f9:3d:63:
         ce:cb:4d:07:2f:d0:a3:28:02:68:ff:de:40:6d:30:fd:86:97:
         bd:68:d5:8e:50:bb:0b:a0:06:e0:85:74:34:13:a9:09:b0:7a:
         de:af:39:df:02:7c:db:9c:fd:aa:15:40:e6:19:44:cc:cd:e9:
         ee:13:55:e4:97:56:4f:8d:d1:e4:a1:d5:63:37:f9:73:89:92:
         49:6a:5f:a0:92:51:89:b6:f8:57:94:05:d3:18:20:3e:60:df:
         05:13:d5:62:61:36:12:5b:af:ad:e9:81:95:e9:4c:16:20:28:
         b4:28:c0:62:84:04:b0:5c:87:a6:16:7e:82:9a:66:7e:cb:a8:
         c9:bd:90:8c:6f:d6:91:e1:67:ab:71:0a:84:c2:1e:2b:34:7c:
         4d:80:9c:06:c8:f1:46:c7:e7:79:d0:ba:90:53:8c:9b:18:21:
         ab:20:45:cc:e5:b5:a1:24:f1:66:08:ae:dc:09:41:7e:3e:1a:
         ae:2b:8f:01:80:30:19:69:ad:3b:d9:28:d5:06:44:c7:f3:f8:
         4c:03:c2:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZ3Z+iHEAoF1dBp6c4Nq1Byc/4C4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MDYxNDM5NTRaFw0yNTA1MDUxNDQ0NTRaMDMxMTAvBgNV
BAMTKDVGNUYxNzU0REE3NTBEM0ExQTU5MDY4OEUxNTc3MjdDMDE2NEExOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe9k9j/Lmqis5JxGyr5XwgYzmy
HgLStGCnrCU/pp1ueB/jdssZjp6epNYr4V/SObkwFibYke0e4lbTvasB7+YweSRr
NRztDw24a5Uf63ck1CulNFJ2zkcWSr5tPJxekoTxsDv4CSfZMxMpQ9mf0gYxIOhC
HCTKUT6qVxennu7Z3vUfD+BxdYm0OTZ5oosnc/+q307Zb5s9XY8Fz8nftZQJkoGu
+B/X6LWnQEdjTzdjDq1m5ScXA8ACNv5kxUyZJHpbvMVhgd3avZhX1WhsNkfnJnTc
WQ9SY2Xo7ttmNfVk8G/BYddBRqxGH3FR7fvtWLgPuTnlwPUsDO8gbX9VMjNNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUX18XVNp1DToaWQaI4VdyfAFkoZcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUxODcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsq
MA0GCSqGSIb3DQEBCwUAA4IBAQCmVfGKp+mpG5KbpnNSxW5r4ntO31n6pHmqKhH7
Se6paqGSQusrS2FQyFZtaWFV7CMNx735PWPOy00HL9CjKAJo/95AbTD9hpe9aNWO
ULsLoAbghXQ0E6kJsHrerznfAnzbnP2qFUDmGUTMzenuE1Xkl1ZPjdHkodVjN/lz
iZJJal+gklGJtvhXlAXTGCA+YN8FE9ViYTYSW6+t6YGV6UwWICi0KMBihASwXIem
Fn6CmmZ+y6jJvZCMb9aR4WercQqEwh4rNHxNgJwGyPFGx+d50LqQU4ybGCGrIEXM
5bWhJPFmCK7cCUF+PhquK48BgDAZaa072SjVBkTH8/hMA8Lt
-----END CERTIFICATE-----