Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215049.roa
File:                     AS215049.roa (raw, json)
Hash identifier:          ut4vnuXSa2uwTFt7otdhYPtOtlQgSLXxEoXvY2KYZXs=
Subject key identifier:   A3:4E:AA:E4:F5:B6:97:0F:50:46:CF:82:BD:7D:B2:35:F6:A2:19:8D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       485DF91E2AD9F4C29CC1E38767803908E65681F6
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215049.roa
Signing time:             Thu 09 May 2024 22:31:57 +0000
ROA not before:           Thu 09 May 2024 22:26:57 +0000
ROA not after:            Thu 08 May 2025 22:31:57 +0000
asID:                     215049
IP address blocks:        141.11.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:5d:f9:1e:2a:d9:f4:c2:9c:c1:e3:87:67:80:39:08:e6:56:81:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  9 22:26:57 2024 GMT
            Not After : May  8 22:31:57 2025 GMT
        Subject: CN=A34EAAE4F5B6970F5046CF82BD7DB235F6A2198D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:81:4d:f4:83:97:8c:0d:3c:19:4d:ac:fb:08:
                    79:8d:cf:7f:2c:30:0b:a7:c2:02:ee:b8:0e:52:f7:
                    56:cf:9e:eb:2d:d3:fd:8f:84:f2:ec:fa:24:57:5f:
                    c3:89:af:49:d1:20:83:8e:6b:9f:e7:36:e1:7e:d3:
                    2e:ed:ea:72:66:b8:73:ed:8e:fe:62:8d:03:d2:52:
                    89:3c:54:10:86:e3:37:bd:2f:15:72:f2:0e:c6:0e:
                    5c:eb:be:34:06:d2:9d:0f:6b:e4:3f:2c:49:48:52:
                    cd:c4:cd:66:17:57:56:2d:5c:d3:69:08:19:be:c9:
                    cc:12:39:b6:cd:7d:7b:a2:ae:df:c4:63:91:09:91:
                    35:3d:2f:ab:89:de:cc:15:46:8a:0c:c2:7d:6a:12:
                    89:93:ad:d1:ee:16:d6:08:1d:90:d9:2d:fc:4d:36:
                    15:e0:65:a2:af:66:0b:5b:05:eb:0d:0e:b4:1f:16:
                    9d:dc:fa:bf:cf:bd:7c:d9:f1:2a:48:37:ae:c5:32:
                    0d:a9:ca:61:0f:6d:65:3f:e7:71:f0:7d:5d:e4:f1:
                    72:66:8c:c5:c4:f8:53:25:51:1d:bc:7f:b8:2b:16:
                    6d:5a:1c:35:fa:78:1f:05:c9:91:c3:73:6f:61:98:
                    56:ff:e3:6c:b7:32:e8:78:4f:11:11:64:ce:3d:b9:
                    ee:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4E:AA:E4:F5:B6:97:0F:50:46:CF:82:BD:7D:B2:35:F6:A2:19:8D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215049.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:6b:c6:d7:4b:5c:5c:c9:0d:19:5a:44:84:58:aa:d5:76:a2:
         54:d2:55:a0:00:31:b7:9f:ee:aa:b0:d2:47:3e:e9:c0:e6:ea:
         7f:ea:88:a7:ae:a0:bf:4c:8c:cc:d9:9c:7d:4a:ec:9a:db:e9:
         7e:b4:59:f0:49:5a:2f:1d:a3:51:1d:c4:9c:e4:f5:f0:8f:24:
         02:03:82:be:dd:9b:70:68:be:b8:9d:46:2a:1d:d5:ea:e8:0a:
         4c:69:34:b1:5e:71:d0:2a:38:a6:bd:40:4c:5e:a3:aa:92:84:
         6a:de:7e:0f:84:0b:30:d1:50:ab:97:e0:0a:be:00:55:bb:50:
         59:2d:9f:dd:da:b5:61:26:0f:4b:85:6c:94:d2:fd:b8:84:93:
         62:ce:80:f2:68:08:29:14:d4:bf:50:00:98:56:c9:e9:9d:fb:
         fb:e4:92:01:a3:3c:08:3a:b6:9a:7b:9a:40:97:56:51:d0:57:
         1d:a4:8f:ee:2b:19:7b:11:1f:fb:00:8f:dc:28:9f:95:26:2f:
         d6:82:60:15:82:38:33:dc:b2:53:fd:66:81:b2:a2:44:38:c7:
         e5:bb:e4:57:8c:ef:ed:8f:3a:70:9d:79:31:22:0b:8c:89:e3:
         ca:5c:79:4e:bd:34:fa:08:51:c8:5c:52:ed:a1:cf:36:62:85:
         09:cf:56:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSF35HirZ9MKcweOHZ4A5COZWgfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MDkyMjI2NTdaFw0yNTA1MDgyMjMxNTdaMDMxMTAvBgNV
BAMTKEEzNEVBQUU0RjVCNjk3MEY1MDQ2Q0Y4MkJEN0RCMjM1RjZBMjE5OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJgU30g5eMDTwZTaz7CHmNz38s
MAunwgLuuA5S91bPnust0/2PhPLs+iRXX8OJr0nRIIOOa5/nNuF+0y7t6nJmuHPt
jv5ijQPSUok8VBCG4ze9LxVy8g7GDlzrvjQG0p0Pa+Q/LElIUs3EzWYXV1YtXNNp
CBm+ycwSObbNfXuirt/EY5EJkTU9L6uJ3swVRooMwn1qEomTrdHuFtYIHZDZLfxN
NhXgZaKvZgtbBesNDrQfFp3c+r/PvXzZ8SpIN67FMg2pymEPbWU/53HwfV3k8XJm
jMXE+FMlUR28f7grFm1aHDX6eB8FyZHDc29hmFb/42y3Muh4TxERZM49ue69AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUo06q5PW2lw9QRs+CvX2yNfaiGY0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1MDQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt3
MA0GCSqGSIb3DQEBCwUAA4IBAQAQa8bXS1xcyQ0ZWkSEWKrVdqJU0lWgADG3n+6q
sNJHPunA5up/6oinrqC/TIzM2Zx9Suya2+l+tFnwSVovHaNRHcSc5PXwjyQCA4K+
3ZtwaL64nUYqHdXq6ApMaTSxXnHQKjimvUBMXqOqkoRq3n4PhAsw0VCrl+AKvgBV
u1BZLZ/d2rVhJg9LhWyU0v24hJNizoDyaAgpFNS/UACYVsnpnfv75JIBozwIOraa
e5pAl1ZR0FcdpI/uKxl7ER/7AI/cKJ+VJi/WgmAVgjgz3LJT/WaBsqJEOMflu+RX
jO/tjzpwnXkxIguMiePKXHlOvTT6CFHIXFLtoc82YoUJz1ax
-----END CERTIFICATE-----