Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS138156.roa
File:                     AS138156.roa (raw, json)
Hash identifier:          EE0a2mXHt12fa417fuYhPhxqkd6dDkm3OQQWVAIiQCw=
Subject key identifier:   2B:80:AC:FD:47:52:B9:FE:CF:87:21:FB:40:AE:26:D0:A8:FE:82:75
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       216FB1D2AD1C91531F1128DB22BB99A7D2499D40
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS138156.roa
Signing time:             Tue 13 Feb 2024 10:05:12 +0000
ROA not before:           Tue 13 Feb 2024 10:00:12 +0000
ROA not after:            Tue 11 Feb 2025 10:05:12 +0000
asID:                     138156
IP address blocks:        141.11.156.0/24 maxlen: 24
                          141.11.157.0/24 maxlen: 24
                          141.11.158.0/24 maxlen: 24
                          141.11.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:6f:b1:d2:ad:1c:91:53:1f:11:28:db:22:bb:99:a7:d2:49:9d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 13 10:00:12 2024 GMT
            Not After : Feb 11 10:05:12 2025 GMT
        Subject: CN=2B80ACFD4752B9FECF8721FB40AE26D0A8FE8275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:85:53:48:36:23:b8:0d:40:f8:70:5c:eb:ea:
                    c3:5b:39:b8:ce:d9:ec:37:e3:a8:a1:e2:f8:70:af:
                    91:1d:5b:1a:81:98:b7:71:d7:82:9f:9f:86:51:ea:
                    81:61:6a:d0:f2:56:11:04:16:a2:d0:2f:20:69:76:
                    6c:72:a8:6f:5e:89:f7:d0:96:dc:8a:e4:95:1a:6c:
                    c1:f3:67:56:c6:a5:8f:ca:f8:0f:70:88:34:35:d3:
                    c3:ed:3a:2c:f7:63:9e:7a:0d:28:d1:e5:dd:49:53:
                    e8:44:b3:4c:ca:ae:dd:32:46:bd:4e:d8:66:47:f6:
                    f0:f0:a3:6a:bd:5b:34:6a:3b:dc:84:dd:34:bd:ec:
                    f1:e1:0b:21:fd:43:0c:78:90:cd:ce:43:6e:4e:2d:
                    1a:bf:86:17:de:f8:f1:d8:0c:27:6e:94:cb:aa:b1:
                    7d:68:0d:5b:5a:7a:56:34:97:a6:3d:19:ef:e0:f1:
                    2e:05:5a:8e:68:80:1e:77:f2:9e:60:aa:e6:46:54:
                    67:fd:2c:86:c3:6d:12:50:89:31:2f:6f:8a:35:c5:
                    af:29:e2:f8:10:19:db:26:a3:b8:12:ca:1d:ca:fb:
                    bf:20:66:ed:00:05:a6:54:57:f0:d4:47:fa:c4:9b:
                    8e:d1:ca:d2:c6:38:74:68:2c:30:f7:6c:98:ac:96:
                    c8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:80:AC:FD:47:52:B9:FE:CF:87:21:FB:40:AE:26:D0:A8:FE:82:75
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS138156.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:fd:89:50:6d:84:b7:c9:a5:60:2d:3d:bf:7f:17:de:09:ed:
         71:42:a2:94:fd:7f:e2:90:ef:91:3a:9b:f0:90:1e:ad:c6:c3:
         bd:1a:bf:bc:37:8a:fb:eb:2f:e9:b3:08:64:68:e1:13:88:84:
         3a:5f:c2:44:5f:2d:77:97:f5:49:f6:91:10:9b:38:ff:45:5a:
         78:69:5c:d8:c0:15:34:91:d2:17:cf:3f:18:21:95:33:a4:1b:
         5d:24:9c:d6:e6:86:12:0c:c4:72:85:f3:16:91:67:7d:cd:fc:
         36:56:c7:b7:b6:29:2b:33:d2:60:a0:17:22:38:7e:dc:4a:7b:
         6c:51:ba:87:a9:32:22:84:c8:a4:a7:40:30:bf:bb:19:01:80:
         a9:45:54:9a:23:c8:36:cf:95:a0:26:48:00:8f:4c:6c:aa:1c:
         b3:7d:a4:9d:ec:20:39:8e:c5:8b:10:2c:b4:4b:f8:78:83:36:
         f1:41:5f:ee:10:41:24:bc:a7:cb:0f:4d:24:c6:24:a2:f3:c2:
         11:de:3e:35:27:74:04:99:66:84:b4:02:cb:9a:89:00:b7:d2:
         37:dc:9c:b9:3a:ef:a0:a7:ee:65:bb:9a:90:84:c8:ee:5e:fb:
         fc:a0:64:9f:08:f2:9a:23:68:b7:e9:5f:b0:fa:0f:b1:9e:7d:
         8c:8d:72:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIW+x0q0ckVMfESjbIruZp9JJnUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAyMTMxMDAwMTJaFw0yNTAyMTExMDA1MTJaMDMxMTAvBgNV
BAMTKDJCODBBQ0ZENDc1MkI5RkVDRjg3MjFGQjQwQUUyNkQwQThGRTgyNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFhVNINiO4DUD4cFzr6sNbObjO
2ew346ih4vhwr5EdWxqBmLdx14Kfn4ZR6oFhatDyVhEEFqLQLyBpdmxyqG9eiffQ
ltyK5JUabMHzZ1bGpY/K+A9wiDQ108PtOiz3Y556DSjR5d1JU+hEs0zKrt0yRr1O
2GZH9vDwo2q9WzRqO9yE3TS97PHhCyH9Qwx4kM3OQ25OLRq/hhfe+PHYDCdulMuq
sX1oDVtaelY0l6Y9Ge/g8S4FWo5ogB538p5gquZGVGf9LIbDbRJQiTEvb4o1xa8p
4vgQGdsmo7gSyh3K+78gZu0ABaZUV/DUR/rEm47RytLGOHRoLDD3bJislshRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUK4Cs/UdSuf7PhyH7QK4m0Kj+gnUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM4MTU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjQuc
MA0GCSqGSIb3DQEBCwUAA4IBAQBY/YlQbYS3yaVgLT2/fxfeCe1xQqKU/X/ikO+R
OpvwkB6txsO9Gr+8N4r76y/pswhkaOETiIQ6X8JEXy13l/VJ9pEQmzj/RVp4aVzY
wBU0kdIXzz8YIZUzpBtdJJzW5oYSDMRyhfMWkWd9zfw2Vse3tikrM9JgoBciOH7c
SntsUbqHqTIihMikp0Awv7sZAYCpRVSaI8g2z5WgJkgAj0xsqhyzfaSd7CA5jsWL
ECy0S/h4gzbxQV/uEEEkvKfLD00kxiSi88IR3j41J3QEmWaEtALLmokAt9I33Jy5
Ou+gp+5lu5qQhMjuXvv8oGSfCPKaI2i36V+w+g+xnn2MjXKc
-----END CERTIFICATE-----