Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS1030.roa
File:                     AS1030.roa (raw, json)
Hash identifier:          xpZEu5itKxbJuuG08Pi5wIBTYyEW/ASXDHc7Y/ihXwA=
Subject key identifier:   E4:2F:38:E9:C8:FF:31:4E:C7:E3:C9:77:52:30:B4:C2:0C:B9:F7:12
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7B0B156B3D1D0050DD2F9B397FBA2188A2D1A53A
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS1030.roa
Signing time:             Tue 29 Oct 2024 15:43:25 +0000
ROA not before:           Tue 29 Oct 2024 15:38:25 +0000
ROA not after:            Tue 28 Oct 2025 15:43:25 +0000
asID:                     1030
IP address blocks:        141.11.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:0b:15:6b:3d:1d:00:50:dd:2f:9b:39:7f:ba:21:88:a2:d1:a5:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:25 2024 GMT
            Not After : Oct 28 15:43:25 2025 GMT
        Subject: CN=E42F38E9C8FF314EC7E3C9775230B4C20CB9F712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:78:b3:20:a4:92:86:58:2c:48:b2:1c:f5:fc:
                    e6:2a:ab:e9:a3:8d:47:1d:46:2b:e4:5a:bd:73:49:
                    5d:d4:24:bd:14:f5:4d:35:56:a5:b5:95:f1:79:4f:
                    53:5b:29:dc:fc:91:12:38:e3:f8:1b:33:f6:e1:8c:
                    47:6b:f6:8c:76:25:01:ad:76:33:ff:d5:0d:36:25:
                    a4:ac:f2:4f:8d:22:cc:da:92:66:ec:18:02:de:81:
                    8d:80:40:e1:6c:9d:16:c2:59:5c:12:0f:aa:c1:52:
                    aa:d4:e3:cd:8a:24:a1:db:e2:70:94:bc:b3:6c:0b:
                    70:96:68:a6:88:14:25:95:32:ae:90:94:90:ba:18:
                    22:1f:fa:4d:61:89:23:ff:36:c8:41:69:a1:db:1e:
                    c8:88:49:73:a0:3d:77:4f:de:04:1f:d2:8b:09:0f:
                    57:5a:25:ed:38:2e:d6:75:e8:fc:cb:5f:9a:d4:0e:
                    54:5a:c7:ee:59:1e:7b:e8:ef:4b:bc:cd:95:c3:1c:
                    d3:e1:21:41:ac:6f:22:e4:27:d2:dc:c6:6a:57:d8:
                    08:3b:9a:32:ea:83:b8:3e:80:46:56:40:ed:c4:8d:
                    ba:cb:7b:d5:7c:7e:39:80:55:5b:2e:11:60:91:ca:
                    c1:de:55:44:8d:57:4b:0c:19:e5:3e:51:c7:70:13:
                    73:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:2F:38:E9:C8:FF:31:4E:C7:E3:C9:77:52:30:B4:C2:0C:B9:F7:12
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS1030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a8:eb:d7:24:18:58:33:ab:f8:c7:2f:55:4d:bc:7a:57:d2:
         79:70:b8:34:f4:e4:0b:44:4e:5f:4f:5e:44:17:2a:02:da:00:
         f7:43:66:ae:45:ec:fb:2b:63:b8:82:ce:a0:1b:50:3f:bc:b8:
         ed:e6:77:6e:b2:e0:56:35:28:8f:77:0f:3e:68:3a:43:8a:ea:
         3b:a7:a9:99:b3:c7:1d:73:87:26:74:c8:8b:d9:14:06:56:60:
         56:0a:89:73:01:77:17:46:dc:4c:2e:61:f3:4e:51:d8:fd:03:
         da:44:f0:d7:5a:6b:9d:c6:ff:c1:81:3a:d7:0d:4f:e7:21:ca:
         bf:59:8b:f2:da:17:52:72:17:03:cd:c8:b4:f1:84:7b:98:da:
         a7:48:ae:51:f2:a1:e6:ca:aa:e5:aa:a9:05:d5:9c:45:e5:ec:
         82:57:c7:8e:f6:3e:b2:45:4b:47:71:55:20:84:81:a9:b6:be:
         3b:2d:7a:bc:8a:11:40:de:5f:d1:00:44:88:2f:7e:20:59:ca:
         9a:05:c6:e2:9d:f8:c8:63:27:36:9e:bc:5d:5a:1d:68:eb:0b:
         15:b1:82:24:f7:04:d2:aa:11:36:aa:d8:39:38:9e:ce:08:fa:
         b9:2b:ce:27:60:10:f8:33:40:ed:54:bc:77:12:21:1f:d3:e6:
         5f:6b:a3:3a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUewsVaz0dAFDdL5s5f7ohiKLRpTowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjVaFw0yNTEwMjgxNTQzMjVaMDMxMTAvBgNV
BAMTKEU0MkYzOEU5QzhGRjMxNEVDN0UzQzk3NzUyMzBCNEMyMENCOUY3MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCReLMgpJKGWCxIshz1/OYqq+mj
jUcdRivkWr1zSV3UJL0U9U01VqW1lfF5T1NbKdz8kRI44/gbM/bhjEdr9ox2JQGt
djP/1Q02JaSs8k+NIszakmbsGALegY2AQOFsnRbCWVwSD6rBUqrU482KJKHb4nCU
vLNsC3CWaKaIFCWVMq6QlJC6GCIf+k1hiSP/NshBaaHbHsiISXOgPXdP3gQf0osJ
D1daJe04LtZ16PzLX5rUDlRax+5ZHnvo70u8zZXDHNPhIUGsbyLkJ9LcxmpX2Ag7
mjLqg7g+gEZWQO3EjbrLe9V8fjmAVVsuEWCRysHeVUSNV0sMGeU+UcdwE3MxAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU5C846cj/MU7H48l3UjC0wgy59xIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTAzMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI0LbzAN
BgkqhkiG9w0BAQsFAAOCAQEAmqjr1yQYWDOr+McvVU28elfSeXC4NPTkC0ROX09e
RBcqAtoA90NmrkXs+ytjuILOoBtQP7y47eZ3brLgVjUoj3cPPmg6Q4rqO6epmbPH
HXOHJnTIi9kUBlZgVgqJcwF3F0bcTC5h805R2P0D2kTw11prncb/wYE61w1P5yHK
v1mL8toXUnIXA83ItPGEe5jap0iuUfKh5sqq5aqpBdWcReXsglfHjvY+skVLR3FV
IISBqba+Oy16vIoRQN5f0QBEiC9+IFnKmgXG4p34yGMnNp68XVodaOsLFbGCJPcE
0qoRNqrYOTiezgj6uSvOJ2AQ+DNA7VS8dxIhH9PmX2ujOg==
-----END CERTIFICATE-----