Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS8888.roa
File:                     AS8888.roa (raw, json)
Hash identifier:          MkDbSPcbAZBiYhfWfrgqcC4w1Q+Dj6aYalKyw86go9M=
Subject key identifier:   70:89:AD:8F:E6:6E:9E:FA:B7:1B:5A:D4:96:02:7F:16:1E:E9:27:B6
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       575F51CEEC96AD958DDB61DE1F4A1994E81AF8BE
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS8888.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     8888
IP address blocks:        141.11.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:5f:51:ce:ec:96:ad:95:8d:db:61:de:1f:4a:19:94:e8:1a:f8:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=7089AD8FE66E9EFAB71B5AD496027F161EE927B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c7:4e:6d:cd:aa:59:c8:c9:f3:03:12:31:af:
                    b2:31:b4:b7:cb:c0:43:62:7c:d4:7a:db:61:c6:c8:
                    48:99:f5:08:57:1e:69:7c:fd:25:4a:ef:30:89:91:
                    0a:05:58:c1:69:39:7a:52:52:6e:b9:74:fb:75:e7:
                    59:9b:4d:fa:e4:c3:b6:3c:24:0f:dc:16:e9:fc:3c:
                    fa:db:0e:42:4f:2a:95:98:69:5c:ed:56:ac:90:62:
                    8c:e2:5b:4f:ef:41:15:44:28:3b:15:c8:83:7f:f7:
                    72:0c:aa:1d:32:c8:96:1d:bb:6f:cf:33:f7:3c:a6:
                    1b:2c:b3:5a:5c:9a:fd:b9:95:35:1b:53:16:a6:7c:
                    94:2f:01:20:2f:da:35:ac:7a:2a:c9:ce:80:05:59:
                    88:2c:63:63:b5:e2:68:f6:6c:98:e3:f9:7a:64:45:
                    7e:ed:1a:2d:ca:a6:75:c5:64:80:a8:8c:db:c6:2b:
                    f6:2b:47:fc:d8:d6:53:13:91:f7:43:af:e7:e2:d5:
                    a0:73:20:94:a6:78:5b:ae:25:12:f5:6c:22:94:7a:
                    54:73:25:8a:52:70:f9:4b:01:9e:55:64:ca:e8:2b:
                    d8:0c:78:50:1d:c9:54:32:f5:a5:48:70:15:a1:62:
                    04:2f:d6:d5:c1:1c:f5:b7:63:3b:df:5f:f9:f7:23:
                    67:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:89:AD:8F:E6:6E:9E:FA:B7:1B:5A:D4:96:02:7F:16:1E:E9:27:B6
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS8888.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d9:bd:cd:6d:e4:9e:12:20:df:41:7d:a6:bf:fa:94:3d:d4:
         29:f2:70:99:50:1a:22:4c:24:ce:e4:58:03:7b:ad:b2:e6:6a:
         48:19:1a:f9:c1:a6:67:7c:4a:83:40:83:19:eb:d9:4e:70:ee:
         60:8f:88:16:ca:ec:a0:d7:66:8a:ed:e0:09:7d:f4:04:ac:85:
         a7:b5:af:06:6a:56:4c:fd:4c:8b:cf:c9:cf:3c:1b:45:51:3e:
         5e:34:2d:f6:8e:67:94:38:5b:55:68:1e:77:d3:81:0e:27:7d:
         6b:ec:7b:19:96:70:ca:45:67:c1:ca:e4:a7:d3:e4:e8:b2:de:
         e9:3b:89:40:4c:13:15:b1:d3:ff:8a:f2:07:ce:d8:6c:00:52:
         61:e5:23:92:84:14:41:74:22:ca:77:03:6e:5b:46:d0:ee:42:
         59:59:6a:d5:9c:9c:99:5e:8f:65:b2:9a:06:98:36:e5:2a:db:
         f6:8e:d8:5c:28:8a:ff:c7:c7:d1:e9:dc:b2:72:cf:e4:48:f3:
         af:bc:e9:55:66:db:4f:83:b8:81:b7:60:ad:7c:0e:bd:50:3b:
         37:9c:84:08:8d:5e:3a:4c:2e:c2:da:bc:a1:f6:1c:ad:4f:2f:
         37:53:d1:30:ef:6a:a5:1b:87:9c:43:e0:cb:16:f8:1a:01:4e:
         11:90:0e:fe
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUV19RzuyWrZWN22HeH0oZlOga+L4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKDcwODlBRDhGRTY2RTlFRkFCNzFCNUFENDk2MDI3RjE2MUVFOTI3QjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTx05tzapZyMnzAxIxr7IxtLfL
wENifNR622HGyEiZ9QhXHml8/SVK7zCJkQoFWMFpOXpSUm65dPt151mbTfrkw7Y8
JA/cFun8PPrbDkJPKpWYaVztVqyQYoziW0/vQRVEKDsVyIN/93IMqh0yyJYdu2/P
M/c8phsss1pcmv25lTUbUxamfJQvASAv2jWseirJzoAFWYgsY2O14mj2bJjj+Xpk
RX7tGi3KpnXFZICojNvGK/YrR/zY1lMTkfdDr+fi1aBzIJSmeFuuJRL1bCKUelRz
JYpScPlLAZ5VZMroK9gMeFAdyVQy9aVIcBWhYgQv1tXBHPW3YzvfX/n3I2dnAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUcImtj+Zunvq3G1rUlgJ/Fh7pJ7YwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTODg4OC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI0LbzAN
BgkqhkiG9w0BAQsFAAOCAQEActm9zW3knhIg30F9pr/6lD3UKfJwmVAaIkwkzuRY
A3utsuZqSBka+cGmZ3xKg0CDGevZTnDuYI+IFsrsoNdmiu3gCX30BKyFp7WvBmpW
TP1Mi8/JzzwbRVE+XjQt9o5nlDhbVWged9OBDid9a+x7GZZwykVnwcrkp9Pk6LLe
6TuJQEwTFbHT/4ryB87YbABSYeUjkoQUQXQiyncDbltG0O5CWVlq1ZycmV6PZbKa
Bpg25Srb9o7YXCiK/8fH0encsnLP5Ejzr7zpVWbbT4O4gbdgrXwOvVA7N5yECI1e
Okwuwtq8ofYcrU8vN1PRMO9qpRuHnEPgyxb4GgFOEZAO/g==
-----END CERTIFICATE-----