Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS142594.roa
File:                     AS142594.roa (raw, json)
Hash identifier:          RQ9k7OyZbso1eZXlEieB+V0KNcGJekPfA56q24WglIQ=
Subject key identifier:   78:6E:93:1B:AA:98:CB:18:95:51:16:C1:A7:CA:F5:3B:20:54:55:51
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4467F958620F024AB8794DD92770C66B80CC0E96
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS142594.roa
Signing time:             Sun 05 May 2024 12:44:33 +0000
ROA not before:           Sun 05 May 2024 12:39:33 +0000
ROA not after:            Sun 04 May 2025 12:44:33 +0000
asID:                     142594
IP address blocks:        141.11.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:67:f9:58:62:0f:02:4a:b8:79:4d:d9:27:70:c6:6b:80:cc:0e:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  5 12:39:33 2024 GMT
            Not After : May  4 12:44:33 2025 GMT
        Subject: CN=786E931BAA98CB18955116C1A7CAF53B20545551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:28:d9:15:94:9c:39:11:15:80:f7:ab:10:30:
                    61:09:0a:13:60:69:b1:9e:ac:2d:da:84:c7:18:e2:
                    0e:f9:b2:2b:78:fd:fe:69:7d:91:8a:90:4f:e9:26:
                    69:48:b7:a8:de:e5:23:43:7b:53:ab:b0:4f:c3:e8:
                    19:0b:e4:c0:25:a0:74:c9:27:d0:2c:c8:b1:ad:95:
                    4c:a9:49:f8:e0:de:ae:42:40:45:35:15:18:cc:ce:
                    f4:b4:1e:fd:52:e0:d1:4f:ff:a4:5a:22:a5:57:96:
                    9a:ef:c8:f4:65:ad:5d:55:e7:3f:3b:fa:d8:f8:18:
                    c6:49:66:96:d8:1d:57:03:e6:24:ff:f6:b2:13:4f:
                    2f:41:80:2b:cf:bc:5b:2d:16:d8:8e:c8:da:97:3c:
                    9a:30:dd:77:ff:0d:6b:44:6e:c4:c4:60:4a:f9:68:
                    32:d9:59:8a:3f:14:50:01:3c:41:bb:95:64:87:c7:
                    6d:09:55:21:13:dc:9c:3d:a2:aa:b8:5e:d6:c7:5d:
                    9b:e1:0a:6c:4e:a0:f6:7d:e3:af:2c:11:31:6f:cb:
                    b2:31:12:e2:05:9a:49:1b:54:fa:99:91:1f:8c:2a:
                    94:b2:49:40:98:cc:4f:7b:35:b1:8e:47:c1:6b:56:
                    1c:f9:7b:b1:91:bc:11:2d:c4:67:e6:18:e5:e4:94:
                    39:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:6E:93:1B:AA:98:CB:18:95:51:16:C1:A7:CA:F5:3B:20:54:55:51
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS142594.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:0c:1b:1c:43:ad:d0:2a:8c:20:44:b1:39:ce:25:de:eb:dc:
         df:5f:da:ed:e4:3a:ef:7a:ba:8c:d7:c9:d7:11:e9:49:ce:fd:
         4a:84:d7:31:bf:48:5d:5f:af:4f:3c:95:3b:1f:79:40:34:b1:
         9a:c7:fc:e9:c7:fb:2e:32:e3:c5:88:31:77:1b:2b:e3:aa:cd:
         94:78:8f:b0:74:9d:f6:1f:91:b6:d5:b4:c6:8b:69:c1:93:34:
         5b:44:1f:c9:00:6e:58:e2:b9:1d:d6:6c:97:46:c7:36:1c:a6:
         cc:ed:c4:da:15:9c:ab:e3:98:9e:3d:57:86:0a:7c:c2:74:cb:
         2d:b3:c3:19:e3:e5:61:19:aa:b7:77:e5:5a:cd:d3:2b:88:57:
         0f:80:74:58:b7:2d:16:59:a0:29:12:f6:6e:fd:db:2e:2e:68:
         cb:c8:73:d8:16:4f:d7:32:a6:53:d2:5b:47:35:a0:53:74:82:
         f5:4e:1b:4f:8d:37:7d:fd:52:03:47:ee:1d:58:29:70:f4:82:
         e2:b1:a7:83:37:d9:00:0b:9f:81:20:3f:dc:13:3d:2c:4c:11:
         3c:5d:19:7e:61:f9:8f:d5:79:57:2e:9c:28:09:5c:ae:78:79:
         a8:e9:23:93:c0:d2:6a:4e:03:09:61:96:91:ae:be:62:37:59:
         78:c0:cb:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURGf5WGIPAkq4eU3ZJ3DGa4DMDpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MDUxMjM5MzNaFw0yNTA1MDQxMjQ0MzNaMDMxMTAvBgNV
BAMTKDc4NkU5MzFCQUE5OENCMTg5NTUxMTZDMUE3Q0FGNTNCMjA1NDU1NTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxKNkVlJw5ERWA96sQMGEJChNg
abGerC3ahMcY4g75sit4/f5pfZGKkE/pJmlIt6je5SNDe1OrsE/D6BkL5MAloHTJ
J9AsyLGtlUypSfjg3q5CQEU1FRjMzvS0Hv1S4NFP/6RaIqVXlprvyPRlrV1V5z87
+tj4GMZJZpbYHVcD5iT/9rITTy9BgCvPvFstFtiOyNqXPJow3Xf/DWtEbsTEYEr5
aDLZWYo/FFABPEG7lWSHx20JVSET3Jw9oqq4XtbHXZvhCmxOoPZ9468sETFvy7Ix
EuIFmkkbVPqZkR+MKpSySUCYzE97NbGOR8FrVhz5e7GRvBEtxGfmGOXklDmlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeG6TG6qYyxiVURbBp8r1OyBUVVEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQyNTk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsu
MA0GCSqGSIb3DQEBCwUAA4IBAQCEDBscQ63QKowgRLE5ziXe69zfX9rt5DrverqM
18nXEelJzv1KhNcxv0hdX69PPJU7H3lANLGax/zpx/suMuPFiDF3Gyvjqs2UeI+w
dJ32H5G21bTGi2nBkzRbRB/JAG5Y4rkd1myXRsc2HKbM7cTaFZyr45iePVeGCnzC
dMsts8MZ4+VhGaq3d+VazdMriFcPgHRYty0WWaApEvZu/dsuLmjLyHPYFk/XMqZT
0ltHNaBTdIL1ThtPjTd9/VIDR+4dWClw9ILisaeDN9kAC5+BID/cEz0sTBE8XRl+
YfmP1XlXLpwoCVyueHmo6SOTwNJqTgMJYZaRrr5iN1l4wMvx
-----END CERTIFICATE-----