Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139989.roa
File:                     AS139989.roa (raw, json)
Hash identifier:          1VpULAdhFf/un9MUiUaFeXpF6etXRXTuNYCEYdtxpaI=
Subject key identifier:   83:FB:AF:55:32:57:BE:AC:39:08:7A:30:22:9C:87:D2:53:85:48:54
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       426341B15259CDF58E3973B7F6A88F40EDEC9185
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139989.roa
Signing time:             Fri 03 Jan 2025 10:53:51 +0000
ROA not before:           Fri 03 Jan 2025 10:48:51 +0000
ROA not after:            Fri 02 Jan 2026 10:53:51 +0000
asID:                     139989
IP address blocks:        141.11.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:63:41:b1:52:59:cd:f5:8e:39:73:b7:f6:a8:8f:40:ed:ec:91:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan  3 10:48:51 2025 GMT
            Not After : Jan  2 10:53:51 2026 GMT
        Subject: CN=83FBAF553257BEAC39087A30229C87D253854854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:79:d8:61:a4:af:f5:30:31:22:3c:e7:92:
                    0d:02:83:38:40:2f:a4:17:12:f4:60:23:0c:a1:ee:
                    c7:61:18:c0:ba:32:e5:70:e8:ae:ec:2c:83:a7:e7:
                    99:c6:84:ca:f5:f4:b6:c8:6e:e6:fb:05:5d:94:aa:
                    6a:22:03:b9:cc:0b:76:ea:b1:1d:80:7d:d0:fd:24:
                    f3:65:04:3f:54:58:04:21:27:b4:3f:ff:a2:f4:ac:
                    b8:05:21:68:9d:25:8c:dc:a9:61:35:51:89:0f:35:
                    51:a6:54:88:8a:73:48:62:16:8c:ae:39:ec:20:0a:
                    de:f8:89:bf:da:8e:d6:2e:7f:f3:1e:66:d0:db:81:
                    f8:be:c3:6e:59:e6:58:03:c2:d3:70:eb:63:6b:af:
                    a4:5e:08:85:93:9a:70:26:d4:54:64:ce:35:0e:af:
                    01:e6:2d:e1:6f:e7:16:cd:72:de:10:e4:ed:ca:74:
                    5b:cc:a8:46:e8:4d:62:c4:91:f4:a7:3c:87:7f:00:
                    59:1a:c6:4c:a2:f4:9f:ed:4f:a1:dc:48:9d:14:b4:
                    ff:5a:ca:67:8b:8d:e7:e0:55:76:4b:db:cd:23:0d:
                    04:a7:94:16:ef:1b:c2:36:9e:59:fb:38:97:b2:ed:
                    34:38:74:f3:76:1e:e7:b8:2b:93:e5:31:5c:4d:24:
                    3c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:FB:AF:55:32:57:BE:AC:39:08:7A:30:22:9C:87:D2:53:85:48:54
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS139989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:86:d0:e7:c5:c5:27:1f:6f:e4:76:5b:c3:b3:ac:57:21:6c:
         93:a3:59:fe:7d:f3:77:15:e5:89:12:07:d7:e3:b6:b8:e6:e0:
         b9:2d:95:d5:0e:57:88:20:f4:28:67:2e:76:a5:db:22:e0:e1:
         98:64:28:20:8c:c8:d6:36:bd:e9:f2:ba:6e:09:09:f6:0f:43:
         8a:c5:7a:d3:0c:5e:e0:c6:12:9c:87:cb:62:91:f0:87:0d:2e:
         a9:28:5e:b6:70:8c:24:a0:8e:f1:90:f9:d2:3b:66:75:80:16:
         b3:d6:2b:d8:7f:fe:9c:9e:85:43:bb:3f:bc:7e:2f:1a:b9:f6:
         06:ad:2a:46:85:64:5f:c7:df:f1:c9:d0:4d:44:b4:3c:e3:4c:
         13:9a:88:6f:a0:cd:7a:d9:89:3a:34:78:08:78:f9:b6:b6:30:
         4f:ee:e5:66:55:05:74:ac:0f:22:af:e9:8c:03:02:21:5d:fb:
         d7:e3:99:ba:41:b9:18:05:dc:f4:a8:ed:df:0c:de:c4:2a:4d:
         c0:4a:d3:63:76:27:c9:42:8a:0d:b7:60:9b:96:51:76:37:70:
         2b:2c:1b:e0:db:6d:77:29:ef:06:40:41:32:fc:ae:8e:b2:e7:
         c1:7d:7e:ff:5d:23:0c:52:29:30:74:21:e7:f0:32:19:c2:ed:
         10:2c:88:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQmNBsVJZzfWOOXO39qiPQO3skYUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAxMDMxMDQ4NTFaFw0yNjAxMDIxMDUzNTFaMDMxMTAvBgNV
BAMTKDgzRkJBRjU1MzI1N0JFQUMzOTA4N0EzMDIyOUM4N0QyNTM4NTQ4NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpxXnYYaSv9TAxIjznkg0CgzhA
L6QXEvRgIwyh7sdhGMC6MuVw6K7sLIOn55nGhMr19LbIbub7BV2UqmoiA7nMC3bq
sR2AfdD9JPNlBD9UWAQhJ7Q//6L0rLgFIWidJYzcqWE1UYkPNVGmVIiKc0hiFoyu
OewgCt74ib/ajtYuf/MeZtDbgfi+w25Z5lgDwtNw62Nrr6ReCIWTmnAm1FRkzjUO
rwHmLeFv5xbNct4Q5O3KdFvMqEboTWLEkfSnPId/AFkaxkyi9J/tT6HcSJ0UtP9a
ymeLjefgVXZL280jDQSnlBbvG8I2nln7OJey7TQ4dPN2Hue4K5PlMVxNJDxxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUg/uvVTJXvqw5CHowIpyH0lOFSFQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTM5OTg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvx
MA0GCSqGSIb3DQEBCwUAA4IBAQBzhtDnxcUnH2/kdlvDs6xXIWyTo1n+ffN3FeWJ
EgfX47a45uC5LZXVDleIIPQoZy52pdsi4OGYZCggjMjWNr3p8rpuCQn2D0OKxXrT
DF7gxhKch8tikfCHDS6pKF62cIwkoI7xkPnSO2Z1gBaz1ivYf/6cnoVDuz+8fi8a
ufYGrSpGhWRfx9/xydBNRLQ840wTmohvoM162Yk6NHgIePm2tjBP7uVmVQV0rA8i
r+mMAwIhXfvX45m6QbkYBdz0qO3fDN7EKk3AStNjdifJQooNt2CbllF2N3ArLBvg
2213Ke8GQEEy/K6OsufBfX7/XSMMUikwdCHn8DIZwu0QLIhH
-----END CERTIFICATE-----