Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139989.roa
File:                     AS139989.roa (raw, json)
Hash identifier:          s4cgfYd+EkgG16BzJQPoWXrDC70fVNOCoEpFdrmP/1c=
Subject key identifier:   1B:44:63:2A:41:D8:41:A8:91:96:D6:C8:4E:B2:07:B3:A0:E4:93:F7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       104BCECE00E8DCD6E1E63CB34200177318271473
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139989.roa
Signing time:             Fri 02 Feb 2024 10:42:55 +0000
ROA not before:           Fri 02 Feb 2024 10:37:55 +0000
ROA not after:            Fri 31 Jan 2025 10:42:55 +0000
asID:                     139989
IP address blocks:        141.11.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:4b:ce:ce:00:e8:dc:d6:e1:e6:3c:b3:42:00:17:73:18:27:14:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb  2 10:37:55 2024 GMT
            Not After : Jan 31 10:42:55 2025 GMT
        Subject: CN=1B44632A41D841A89196D6C84EB207B3A0E493F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2d:d2:61:2f:d9:86:22:95:a8:c9:ed:42:63:
                    33:4d:d9:d4:70:1b:25:be:00:09:12:57:36:cd:d3:
                    b1:46:11:e1:12:8f:45:d6:5e:22:bf:3a:ce:99:6e:
                    96:a5:75:30:fa:1e:45:e1:31:5b:40:c7:85:da:ee:
                    9d:95:c5:9e:13:37:51:74:14:c0:9d:3c:ac:ab:c2:
                    01:47:da:ec:4c:a6:dd:99:60:24:86:d4:3b:66:57:
                    c6:05:2a:3c:ef:26:f6:3b:45:b7:20:06:a8:f6:bf:
                    1c:4a:a3:7d:1a:5f:68:c1:53:d2:63:72:a4:21:c5:
                    d4:e0:c6:b8:b1:23:3d:59:25:e0:34:f8:26:b9:bb:
                    9c:bd:ce:a5:6b:23:30:2b:f7:ee:1c:c4:75:48:8c:
                    5c:d4:e2:1c:05:6f:6f:0c:64:49:d2:08:35:87:32:
                    a7:a8:36:50:12:e0:f4:7b:0f:7c:0f:33:32:8a:23:
                    49:c2:07:53:fe:8b:43:c9:43:d9:d6:f7:fc:8d:96:
                    6a:0f:ba:a0:3a:b2:b6:e4:7c:ce:6e:2d:7e:d5:49:
                    80:24:19:30:e9:df:6b:1a:65:7e:26:b1:29:0c:57:
                    ec:bd:8e:33:33:88:2d:12:42:a2:55:db:5d:2a:be:
                    30:cd:1f:c6:f5:4d:40:9d:c9:5c:68:fe:14:14:60:
                    58:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:44:63:2A:41:D8:41:A8:91:96:D6:C8:4E:B2:07:B3:A0:E4:93:F7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:0b:1d:79:af:f9:00:41:3e:fb:a3:8d:ca:68:cf:c4:e7:63:
         68:c4:ea:20:64:c4:5c:65:e8:de:52:b0:b9:25:b9:b3:e3:4b:
         47:7b:93:53:09:96:d8:0b:4d:02:5a:99:77:05:0c:ca:28:b0:
         d6:d6:68:47:9f:8e:83:ad:37:fc:9c:e4:1d:51:52:d6:cf:e5:
         a3:a4:8b:92:d8:2d:62:51:55:7e:a3:82:58:3b:7a:e0:60:73:
         93:df:24:72:e3:e1:06:5b:bc:29:c4:73:77:7a:67:7d:28:e1:
         26:f7:c2:97:d6:38:e3:9d:aa:b9:01:e2:48:84:06:7c:5d:48:
         5b:bf:34:55:3c:15:67:7c:b3:7f:18:5f:d4:2b:ad:a2:e1:e9:
         51:47:92:d0:ac:32:95:27:be:58:f6:97:6f:1a:11:bc:bf:b1:
         9d:20:2f:d0:de:c7:f6:46:5a:42:d2:5b:bb:5c:73:db:76:f3:
         37:a1:bd:70:83:3d:ab:ae:42:0c:42:35:62:6e:be:62:bf:fd:
         82:ff:ea:07:85:cb:4b:f4:7c:d6:93:c0:86:0a:2d:e5:31:51:
         fa:e0:ac:4e:56:cf:55:90:33:61:28:2e:5f:50:64:92:61:89:
         9e:3b:28:43:e4:a3:aa:21:5d:44:af:e5:c2:9f:bd:92:ad:25:
         12:bf:3e:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEEvOzgDo3Nbh5jyzQgAXcxgnFHMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAyMDIxMDM3NTVaFw0yNTAxMzExMDQyNTVaMDMxMTAvBgNV
BAMTKDFCNDQ2MzJBNDFEODQxQTg5MTk2RDZDODRFQjIwN0IzQTBFNDkzRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDILdJhL9mGIpWoye1CYzNN2dRw
GyW+AAkSVzbN07FGEeESj0XWXiK/Os6ZbpaldTD6HkXhMVtAx4Xa7p2VxZ4TN1F0
FMCdPKyrwgFH2uxMpt2ZYCSG1DtmV8YFKjzvJvY7RbcgBqj2vxxKo30aX2jBU9Jj
cqQhxdTgxrixIz1ZJeA0+Ca5u5y9zqVrIzAr9+4cxHVIjFzU4hwFb28MZEnSCDWH
MqeoNlAS4PR7D3wPMzKKI0nCB1P+i0PJQ9nW9/yNlmoPuqA6srbkfM5uLX7VSYAk
GTDp32saZX4msSkMV+y9jjMziC0SQqJV210qvjDNH8b1TUCdyVxo/hQUYFhrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUG0RjKkHYQaiRltbITrIHs6Dkk/cwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM5OTg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvx
MA0GCSqGSIb3DQEBCwUAA4IBAQA+Cx15r/kAQT77o43KaM/E52NoxOogZMRcZeje
UrC5Jbmz40tHe5NTCZbYC00CWpl3BQzKKLDW1mhHn46DrTf8nOQdUVLWz+WjpIuS
2C1iUVV+o4JYO3rgYHOT3yRy4+EGW7wpxHN3emd9KOEm98KX1jjjnaq5AeJIhAZ8
XUhbvzRVPBVnfLN/GF/UK62i4elRR5LQrDKVJ75Y9pdvGhG8v7GdIC/Q3sf2RlpC
0lu7XHPbdvM3ob1wgz2rrkIMQjVibr5iv/2C/+oHhctL9HzWk8CGCi3lMVH64KxO
Vs9VkDNhKC5fUGSSYYmeOyhD5KOqIV1Er+XCn72SrSUSvz59
-----END CERTIFICATE-----