Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          R0c2ETn0FZfpa4TVykfiRanYSdahbuVFnANM/HkSyT0=
Subject key identifier:   87:93:60:AE:EA:96:22:A4:77:92:F3:66:E4:B3:B9:C3:6A:6B:29:6A
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4A3C9EEE8F9C74D0643A01AC4EEC1FD219DCA062
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29802.roa
Signing time:             Sat 16 Dec 2023 10:43:40 +0000
ROA not before:           Sat 16 Dec 2023 10:38:40 +0000
ROA not after:            Sat 14 Dec 2024 10:43:40 +0000
asID:                     29802
IP address blocks:        141.11.35.0/24 maxlen: 24
                          141.11.38.0/24 maxlen: 24
                          141.11.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:3c:9e:ee:8f:9c:74:d0:64:3a:01:ac:4e:ec:1f:d2:19:dc:a0:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec 16 10:38:40 2023 GMT
            Not After : Dec 14 10:43:40 2024 GMT
        Subject: CN=879360AEEA9622A47792F366E4B3B9C36A6B296A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:cb:6f:f6:3f:bc:1d:0b:11:f3:53:2a:cc:65:
                    ea:d1:6b:8f:5b:a9:47:87:a4:cc:e2:fa:29:e5:d8:
                    80:78:ab:c1:d7:8f:ac:fb:2d:d9:fa:2b:5f:72:41:
                    a0:7d:d8:cc:a0:33:d7:56:5c:88:19:61:3c:12:e1:
                    99:3b:8d:78:bc:11:55:55:62:6b:e7:23:ff:5d:a5:
                    ea:ff:9d:62:d2:dc:df:4c:2f:4a:e4:86:12:ad:8e:
                    cd:74:a0:1e:ee:56:d8:a7:0c:6a:40:bb:c4:32:2e:
                    bd:08:e6:b3:16:21:aa:99:1d:97:20:be:67:2a:cc:
                    00:a1:5a:2b:fc:6f:51:9a:ed:46:51:44:0e:49:c8:
                    d6:65:cb:78:6a:ca:56:e5:f9:37:df:26:77:32:43:
                    dd:7c:0f:4d:e9:f8:f3:14:b6:20:b7:2b:39:a8:4e:
                    97:92:6e:f8:56:77:2d:c3:27:61:5a:d3:45:cf:b4:
                    26:b3:37:27:b2:56:d3:d8:c0:22:4e:f8:e8:cd:a4:
                    b0:6c:98:3f:73:1b:af:12:29:b5:db:9f:6b:78:18:
                    2b:d3:46:ad:c7:5a:3a:9d:07:cb:fb:00:78:75:e2:
                    0b:a5:4d:84:e1:d1:48:66:bd:2c:f6:86:de:f3:e3:
                    dd:ab:cf:f9:99:c7:8d:90:c3:45:f3:34:8a:37:f5:
                    e9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:93:60:AE:EA:96:22:A4:77:92:F3:66:E4:B3:B9:C3:6A:6B:29:6A
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.35.0/24
                  141.11.38.0/24
                  141.11.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:df:5a:c0:4a:f7:3a:3f:02:c0:56:7f:ba:54:dc:6e:01:80:
         a3:ff:a1:fd:48:b1:0b:54:0a:84:c4:33:50:2f:d7:79:cf:ea:
         2e:b0:5d:31:c4:03:ec:7e:dd:f9:11:2a:ee:fa:40:ad:65:8e:
         91:32:bc:95:51:1e:e4:0f:3f:59:60:7e:cb:59:17:cc:4c:23:
         96:e8:80:3d:92:3c:98:c7:20:36:25:bb:55:18:84:ed:50:38:
         79:ab:b5:08:e5:8f:c8:17:10:a0:e3:3d:de:64:b9:55:38:77:
         d6:e0:4d:dd:76:8f:c8:5b:2d:17:83:59:f4:82:bd:ac:5c:17:
         49:47:7a:d0:64:6b:b8:ec:3e:d0:3e:74:63:b9:30:67:ff:86:
         83:4f:4c:dc:1d:b9:ee:c8:0e:ed:ba:4e:61:cf:73:9a:ee:ce:
         c5:7b:ef:88:80:6d:de:e1:1f:f4:73:26:72:68:72:86:6e:63:
         59:23:95:58:aa:bd:1d:4d:e8:77:a0:d6:7a:e2:f2:07:06:3c:
         98:82:72:3b:86:c2:0f:1e:ff:a0:d1:bb:47:ac:44:bb:e1:b8:
         28:23:0d:fd:61:f6:5f:b5:a0:b2:a5:f8:09:74:db:a0:bb:4c:
         c6:3c:d5:20:7b:d2:00:0e:7a:ef:d5:00:d1:ca:88:c2:62:67:
         53:0b:74:10
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUSjye7o+cdNBkOgGsTuwf0hncoGIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEyMTYxMDM4NDBaFw0yNDEyMTQxMDQzNDBaMDMxMTAvBgNV
BAMTKDg3OTM2MEFFRUE5NjIyQTQ3NzkyRjM2NkU0QjNCOUMzNkE2QjI5NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXy2/2P7wdCxHzUyrMZerRa49b
qUeHpMzi+inl2IB4q8HXj6z7Ldn6K19yQaB92MygM9dWXIgZYTwS4Zk7jXi8EVVV
YmvnI/9dper/nWLS3N9ML0rkhhKtjs10oB7uVtinDGpAu8QyLr0I5rMWIaqZHZcg
vmcqzAChWiv8b1Ga7UZRRA5JyNZly3hqylbl+TffJncyQ918D03p+PMUtiC3Kzmo
TpeSbvhWdy3DJ2Fa00XPtCazNyeyVtPYwCJO+OjNpLBsmD9zG68SKbXbn2t4GCvT
Rq3HWjqdB8v7AHh14gulTYTh0UhmvSz2ht7z492rz/mZx42Qw0XzNIo39entAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUh5NgruqWIqR3kvNm5LO5w2prKWowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACNCyMD
BACNCyYDBACNC20wDQYJKoZIhvcNAQELBQADggEBAMXfWsBK9zo/AsBWf7pU3G4B
gKP/of1IsQtUCoTEM1Av13nP6i6wXTHEA+x+3fkRKu76QK1ljpEyvJVRHuQPP1lg
fstZF8xMI5bogD2SPJjHIDYlu1UYhO1QOHmrtQjlj8gXEKDjPd5kuVU4d9bgTd12
j8hbLReDWfSCvaxcF0lHetBka7jsPtA+dGO5MGf/hoNPTNwdue7IDu26TmHPc5ru
zsV774iAbd7hH/RzJnJocoZuY1kjlViqvR1N6Heg1nri8gcGPJiCcjuGwg8e/6DR
u0esRLvhuCgjDf1h9l+1oLKl+Al026C7TMY81SB70gAOeu/VANHKiMJiZ1MLdBA=
-----END CERTIFICATE-----