Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa
File:                     AS139648.roa (raw, json)
Hash identifier:          LvLMKWGAjaO6NEKkASTMlcyPW4GlyYM+3h7xzXX3RmE=
Subject key identifier:   F9:7D:2E:86:5F:52:DE:E3:38:3B:CB:EC:7A:73:73:34:D1:9F:4A:CE
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3F942E1B86F4B52F45CD73DCB56DCE1C970ECE68
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa
Signing time:             Fri 26 Jul 2024 00:01:56 +0000
ROA not before:           Thu 25 Jul 2024 23:56:56 +0000
ROA not after:            Fri 25 Jul 2025 00:01:56 +0000
asID:                     139648
IP address blocks:        141.11.194.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:94:2e:1b:86:f4:b5:2f:45:cd:73:dc:b5:6d:ce:1c:97:0e:ce:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 25 23:56:56 2024 GMT
            Not After : Jul 25 00:01:56 2025 GMT
        Subject: CN=F97D2E865F52DEE3383BCBEC7A737334D19F4ACE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:58:55:0d:72:c9:cc:3c:11:ad:4b:0a:84:aa:
                    00:a8:78:c1:25:7a:f9:52:7e:21:61:af:b0:bf:cd:
                    01:ac:3d:36:08:0e:dc:7c:b7:d6:54:bb:bc:eb:ee:
                    b1:25:b8:a7:4c:9d:bd:40:43:bd:20:7d:c9:f0:c8:
                    ab:09:67:5f:80:68:bb:fa:74:04:be:10:76:0c:b7:
                    ce:2c:f2:9f:65:10:21:f1:b0:90:1c:4c:68:dd:f5:
                    0f:27:4f:8d:cc:f3:6a:3a:e5:eb:d9:d9:dc:fc:fd:
                    c5:73:64:0d:86:ba:e9:17:92:a5:f8:9c:3f:ec:f8:
                    50:0f:a0:7d:6f:a2:5d:99:82:b4:b4:b2:f2:6f:4e:
                    c3:12:85:46:62:33:8b:e1:4f:38:4c:0b:8c:98:21:
                    3f:a1:13:c8:fa:c6:90:f9:03:dd:5c:a1:e0:bb:ee:
                    33:ea:bd:fb:56:09:33:25:14:58:db:65:5a:c6:c2:
                    84:e7:8c:92:5e:e1:ee:60:c4:3a:e0:c8:07:a3:b3:
                    d7:43:fc:38:5f:aa:55:86:6d:4f:e1:2a:30:42:71:
                    0a:90:72:17:36:bc:ca:40:96:e2:56:78:6a:68:2f:
                    24:f8:52:79:11:12:9b:f5:3d:92:ea:c8:65:ee:a8:
                    e2:ff:3a:c2:38:09:d0:73:e9:2e:51:5c:85:39:89:
                    89:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:7D:2E:86:5F:52:DE:E3:38:3B:CB:EC:7A:73:73:34:D1:9F:4A:CE
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:98:34:0f:59:26:e5:30:4d:ba:da:28:46:9b:77:3c:f3:46:
         45:a1:e0:73:4c:1d:80:b1:52:7f:fc:4f:06:28:87:da:d7:7d:
         88:11:18:1f:d3:4b:24:8b:d6:b5:d0:72:da:b0:ac:a6:ef:f1:
         54:52:46:fc:05:0e:79:5d:c1:0f:55:1f:02:6f:1b:f9:b1:f0:
         51:ba:7a:5f:34:e8:1c:02:51:01:51:09:6f:48:39:3a:01:44:
         2c:83:b9:1a:70:48:5a:69:40:08:52:39:9f:35:14:48:6f:75:
         8f:24:9f:ac:62:7e:fc:60:46:29:41:d2:70:41:49:76:6f:9d:
         69:62:b4:0a:49:b5:99:a4:de:5c:df:26:f0:93:05:ae:d5:f3:
         1a:4c:af:6a:3e:eb:ab:19:01:27:e2:b2:ac:b8:99:04:5b:74:
         56:c6:2e:04:05:ff:db:cd:76:f7:9f:f0:54:2b:1f:bb:91:82:
         a7:89:ab:c3:b2:40:42:e3:7a:b6:ee:61:95:aa:74:47:d2:4c:
         d9:00:33:64:6f:e8:14:9d:ae:f7:77:ee:bf:5b:ed:35:be:e4:
         fa:a7:c6:9d:c9:1d:ce:af:ce:a4:a4:89:d5:10:c8:62:00:7f:
         50:38:73:ab:30:df:09:36:17:f8:96:29:f9:e4:5b:fc:1e:5d:
         1f:e2:14:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUP5QuG4b0tS9FzXPctW3OHJcOzmgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA3MjUyMzU2NTZaFw0yNTA3MjUwMDAxNTZaMDMxMTAvBgNV
BAMTKEY5N0QyRTg2NUY1MkRFRTMzODNCQ0JFQzdBNzM3MzM0RDE5RjRBQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaWFUNcsnMPBGtSwqEqgCoeMEl
evlSfiFhr7C/zQGsPTYIDtx8t9ZUu7zr7rEluKdMnb1AQ70gfcnwyKsJZ1+AaLv6
dAS+EHYMt84s8p9lECHxsJAcTGjd9Q8nT43M82o65evZ2dz8/cVzZA2GuukXkqX4
nD/s+FAPoH1vol2ZgrS0svJvTsMShUZiM4vhTzhMC4yYIT+hE8j6xpD5A91coeC7
7jPqvftWCTMlFFjbZVrGwoTnjJJe4e5gxDrgyAejs9dD/DhfqlWGbU/hKjBCcQqQ
chc2vMpAluJWeGpoLyT4UnkREpv1PZLqyGXuqOL/OsI4CdBz6S5RXIU5iYk7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+X0uhl9S3uM4O8vsenNzNNGfSs4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM5NjQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQvC
MA0GCSqGSIb3DQEBCwUAA4IBAQASmDQPWSblME262ihGm3c880ZFoeBzTB2AsVJ/
/E8GKIfa132IERgf00ski9a10HLasKym7/FUUkb8BQ55XcEPVR8Cbxv5sfBRunpf
NOgcAlEBUQlvSDk6AUQsg7kacEhaaUAIUjmfNRRIb3WPJJ+sYn78YEYpQdJwQUl2
b51pYrQKSbWZpN5c3ybwkwWu1fMaTK9qPuurGQEn4rKsuJkEW3RWxi4EBf/bzXb3
n/BUKx+7kYKniavDskBC43q27mGVqnRH0kzZADNkb+gUna73d+6/W+01vuT6p8ad
yR3Or86kpInVEMhiAH9QOHOrMN8JNhf4lin55Fv8Hl0f4hS0
-----END CERTIFICATE-----