Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS31898.roa
File:                     AS31898.roa (raw, json)
Hash identifier:          0t53RWxlBpsiB8tuTN0ujfvV9Gh0JNUNgIkg0Nh/5/4=
Subject key identifier:   E2:16:A1:80:D1:3E:FC:03:9F:DF:F2:FA:34:BD:3F:DC:95:5C:AE:CE
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4E87A5F10ACB91E13B0EA9A8DCBD4F73967721A9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS31898.roa
Signing time:             Fri 03 May 2024 00:08:35 +0000
ROA not before:           Fri 03 May 2024 00:03:35 +0000
ROA not after:            Fri 02 May 2025 00:08:35 +0000
asID:                     31898
IP address blocks:        141.11.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:87:a5:f1:0a:cb:91:e1:3b:0e:a9:a8:dc:bd:4f:73:96:77:21:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  3 00:03:35 2024 GMT
            Not After : May  2 00:08:35 2025 GMT
        Subject: CN=E216A180D13EFC039FDFF2FA34BD3FDC955CAECE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:c1:3b:6b:c0:f3:14:9f:f7:59:e4:c1:3d:d4:
                    a8:9a:bb:82:00:57:5b:ef:2c:e8:7d:86:fd:36:35:
                    91:61:a8:a4:af:5b:b9:1d:6f:e8:15:28:06:e6:d8:
                    e1:81:8b:18:60:db:51:d9:cf:5a:ed:a7:0c:c3:0a:
                    16:34:14:77:b9:eb:a6:a4:df:a8:5f:0f:7d:3c:5c:
                    23:80:c1:ae:7a:df:c3:f6:6b:50:07:5d:84:35:59:
                    bc:ea:c0:d7:1f:2c:ee:d5:e8:54:42:59:9f:6f:25:
                    2e:39:fd:b8:5f:82:5a:ee:52:dd:a6:f5:c3:c1:76:
                    e1:48:72:a3:e2:f2:b3:44:9e:c4:bb:95:c5:b0:73:
                    88:a8:b5:08:01:ce:eb:f0:15:fe:41:23:15:4c:ae:
                    19:ad:fc:b7:2f:77:4c:42:d4:eb:89:c5:f8:40:7b:
                    b8:92:3c:86:57:5b:3d:2c:7d:11:f3:cc:f3:04:a6:
                    af:0b:e7:f3:95:f4:2f:0d:ea:17:98:7c:13:af:91:
                    8c:e2:56:fa:aa:6b:a0:68:2b:4f:15:26:4d:ea:a6:
                    d3:56:11:8b:82:e3:64:03:8d:c4:27:3b:e1:30:f3:
                    c0:d0:74:ad:7f:f3:5a:87:93:4f:7b:60:1b:4b:35:
                    80:23:30:7b:43:79:4e:a0:e8:e3:87:c3:ac:b3:51:
                    08:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:16:A1:80:D1:3E:FC:03:9F:DF:F2:FA:34:BD:3F:DC:95:5C:AE:CE
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS31898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:eb:78:e1:b6:2d:85:05:1f:f3:5b:08:f0:cc:da:be:39:9d:
         19:ad:40:0c:fd:b2:0d:86:df:10:de:81:b9:d1:7b:ef:45:d2:
         28:61:4c:a3:e1:b4:7d:09:33:e2:4e:48:3a:a7:08:4e:f1:fa:
         a6:bd:0c:92:63:1b:32:ad:7a:a3:03:f0:89:83:03:7e:f8:7a:
         cc:50:2f:56:b1:8e:aa:af:0b:ab:17:eb:34:a9:be:87:25:55:
         73:7b:3d:b2:0d:85:99:dd:6c:d7:78:f4:c1:a3:7d:46:db:5e:
         bd:fd:eb:17:e1:9d:04:ef:d7:2c:1a:fa:f2:10:51:c7:bc:e9:
         73:c5:f0:57:90:c8:74:0e:83:87:66:67:85:30:a7:96:0a:91:
         b7:e5:0e:5e:30:f0:66:16:87:93:4e:1f:ab:b8:1d:f2:ef:bc:
         f2:a1:b3:26:4a:a8:af:5d:af:f6:8a:ad:42:28:26:3d:6b:91:
         3b:d0:0d:1a:02:06:06:3c:3b:17:e5:ed:82:22:e7:72:1f:30:
         7f:7e:74:91:c8:01:31:4f:f3:25:36:cc:a6:9e:6d:1f:0a:9d:
         5f:74:7f:d1:44:ba:ef:45:cc:69:83:27:52:10:50:7e:bc:d9:
         86:0e:a7:0e:1f:ec:4a:b7:02:91:0d:17:a0:b6:dc:68:a0:6e:
         0b:4f:eb:01
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUToel8QrLkeE7Dqmo3L1Pc5Z3IakwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MDMwMDAzMzVaFw0yNTA1MDIwMDA4MzVaMDMxMTAvBgNV
BAMTKEUyMTZBMTgwRDEzRUZDMDM5RkRGRjJGQTM0QkQzRkRDOTU1Q0FFQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6wTtrwPMUn/dZ5ME91Kiau4IA
V1vvLOh9hv02NZFhqKSvW7kdb+gVKAbm2OGBixhg21HZz1rtpwzDChY0FHe566ak
36hfD308XCOAwa5638P2a1AHXYQ1WbzqwNcfLO7V6FRCWZ9vJS45/bhfglruUt2m
9cPBduFIcqPi8rNEnsS7lcWwc4iotQgBzuvwFf5BIxVMrhmt/Lcvd0xC1OuJxfhA
e7iSPIZXWz0sfRHzzPMEpq8L5/OV9C8N6heYfBOvkYziVvqqa6BoK08VJk3qptNW
EYuC42QDjcQnO+Ew88DQdK1/81qHk097YBtLNYAjMHtDeU6g6OOHw6yzUQg7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU4hahgNE+/AOf3/L6NL0/3JVcrs4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzE4OTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCy8w
DQYJKoZIhvcNAQELBQADggEBAD/reOG2LYUFH/NbCPDM2r45nRmtQAz9sg2G3xDe
gbnRe+9F0ihhTKPhtH0JM+JOSDqnCE7x+qa9DJJjGzKteqMD8ImDA374esxQL1ax
jqqvC6sX6zSpvoclVXN7PbINhZndbNd49MGjfUbbXr396xfhnQTv1ywa+vIQUce8
6XPF8FeQyHQOg4dmZ4Uwp5YKkbflDl4w8GYWh5NOH6u4HfLvvPKhsyZKqK9dr/aK
rUIoJj1rkTvQDRoCBgY8Oxfl7YIi53IfMH9+dJHIATFP8yU2zKaebR8KnV90f9FE
uu9FzGmDJ1IQUH682YYOpw4f7Eq3ApENF6C23GigbgtP6wE=
-----END CERTIFICATE-----