Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa
File:                     AS141158.roa (raw, json)
Hash identifier:          SrrVPYkJpPik9FflXUedoQTYjW+Op4ZoXyzcHFGzhoI=
Subject key identifier:   C6:64:D9:EB:51:EF:F8:85:E9:AE:11:2E:B4:88:91:AE:80:6F:62:88
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       06A57D2FB494726FC0274027E3593C729C14F9C2
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa
Signing time:             Tue 29 Oct 2024 15:43:25 +0000
ROA not before:           Tue 29 Oct 2024 15:38:25 +0000
ROA not after:            Tue 28 Oct 2025 15:43:25 +0000
asID:                     141158
IP address blocks:        141.11.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:a5:7d:2f:b4:94:72:6f:c0:27:40:27:e3:59:3c:72:9c:14:f9:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:25 2024 GMT
            Not After : Oct 28 15:43:25 2025 GMT
        Subject: CN=C664D9EB51EFF885E9AE112EB48891AE806F6288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5e:91:15:57:bd:0e:5f:56:64:23:7d:71:db:
                    05:95:0a:82:82:5c:c6:3a:6d:e8:6d:80:6b:9e:7a:
                    2c:f4:dd:aa:09:91:65:3f:9d:1c:ee:78:2c:b9:1e:
                    66:c0:15:af:52:8d:b2:a8:13:82:1f:a5:7a:49:58:
                    12:c5:32:e7:57:d9:37:09:f3:a7:cc:1e:07:c2:c3:
                    b1:a6:64:63:45:2c:6f:65:69:25:a1:ef:cc:4f:60:
                    23:27:ed:e2:61:f6:4f:4c:4d:62:eb:cf:b7:78:27:
                    0d:d8:fe:fc:4e:a3:55:cc:db:76:4c:40:a1:cd:a3:
                    34:f9:33:e6:df:47:39:78:f6:13:31:cb:1a:4c:d3:
                    d6:c9:18:40:35:c2:83:52:cc:ad:00:d1:d1:9d:8a:
                    0b:be:76:a7:30:8b:89:ed:cb:8f:6b:92:c1:fe:21:
                    79:bc:9b:be:04:5c:4b:4e:9a:40:38:ad:79:78:fd:
                    7a:9c:cb:c0:26:6b:4a:4f:22:71:bd:6e:37:cf:fd:
                    57:8b:ea:aa:d3:81:47:72:6f:52:9a:ef:64:4a:a4:
                    4c:ea:09:67:a6:5b:ba:7e:4f:02:98:c8:8d:50:25:
                    17:ec:5f:65:c4:ea:18:54:54:18:08:7f:8a:b8:ad:
                    9b:32:63:9d:27:d6:ec:ca:fa:9e:28:e2:db:3f:8e:
                    da:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:64:D9:EB:51:EF:F8:85:E9:AE:11:2E:B4:88:91:AE:80:6F:62:88
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:0d:47:0e:ba:48:5c:1a:7b:2b:3a:53:ed:13:49:af:00:08:
         0c:ad:bc:4b:9c:23:4e:d6:98:23:84:3d:01:2f:0a:04:8b:c3:
         95:3f:dd:15:20:ee:c1:15:40:5b:b7:08:0d:b4:1b:47:24:8e:
         d4:fc:24:e5:74:30:7b:5a:50:de:df:34:f5:ca:b5:e1:2a:8b:
         2a:69:40:06:32:29:8f:0c:6e:19:64:0c:c5:f3:64:72:e8:93:
         3f:68:30:25:1f:ad:e4:89:77:ad:e3:7e:fc:4c:25:8f:9f:11:
         b6:a8:a0:4e:d2:9e:fc:83:4c:14:eb:ec:76:47:b1:3f:d6:3c:
         9e:b3:29:7b:f6:a2:49:06:3e:e3:f1:55:00:3f:2f:c0:8b:3a:
         89:d2:b2:f6:d4:f1:ab:4c:f9:eb:01:c5:17:bc:91:46:86:21:
         ee:12:76:c9:45:b3:48:88:7b:b4:bb:3a:9b:1b:6c:96:50:c4:
         70:af:6d:89:cc:90:61:51:30:89:a7:19:43:30:bf:a5:68:d8:
         15:7d:32:16:d0:27:ac:cd:b2:14:52:af:79:f9:45:77:b6:c1:
         9f:56:b7:ca:f1:74:00:ea:8d:96:9d:ea:d3:5e:90:6a:80:d9:
         19:02:5b:2e:b0:11:b7:48:c3:65:d7:85:9a:69:a1:25:6e:16:
         95:ad:10:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBqV9L7SUcm/AJ0An41k8cpwU+cIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjVaFw0yNTEwMjgxNTQzMjVaMDMxMTAvBgNV
BAMTKEM2NjREOUVCNTFFRkY4ODVFOUFFMTEyRUI0ODg5MUFFODA2RjYyODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRXpEVV70OX1ZkI31x2wWVCoKC
XMY6behtgGueeiz03aoJkWU/nRzueCy5HmbAFa9SjbKoE4IfpXpJWBLFMudX2TcJ
86fMHgfCw7GmZGNFLG9laSWh78xPYCMn7eJh9k9MTWLrz7d4Jw3Y/vxOo1XM23ZM
QKHNozT5M+bfRzl49hMxyxpM09bJGEA1woNSzK0A0dGdigu+dqcwi4nty49rksH+
IXm8m74EXEtOmkA4rXl4/Xqcy8Ama0pPInG9bjfP/VeL6qrTgUdyb1Ka72RKpEzq
CWemW7p+TwKYyI1QJRfsX2XE6hhUVBgIf4q4rZsyY50n1uzK+p4o4ts/jtoDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxmTZ61Hv+IXprhEutIiRroBvYogwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQxMTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtl
MA0GCSqGSIb3DQEBCwUAA4IBAQCkDUcOukhcGnsrOlPtE0mvAAgMrbxLnCNO1pgj
hD0BLwoEi8OVP90VIO7BFUBbtwgNtBtHJI7U/CTldDB7WlDe3zT1yrXhKosqaUAG
MimPDG4ZZAzF82Ry6JM/aDAlH63kiXet4378TCWPnxG2qKBO0p78g0wU6+x2R7E/
1jyesyl79qJJBj7j8VUAPy/AizqJ0rL21PGrTPnrAcUXvJFGhiHuEnbJRbNIiHu0
uzqbG2yWUMRwr22JzJBhUTCJpxlDML+laNgVfTIW0CeszbIUUq95+UV3tsGfVrfK
8XQA6o2WnerTXpBqgNkZAlsusBG3SMNl14WaaaElbhaVrRAp
-----END CERTIFICATE-----