Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14315.roa
File:                     AS14315.roa (raw, json)
Hash identifier:          biV+yuznTuoclGp8f0YrjPSifodltHN2dEFp3GZ6wdY=
Subject key identifier:   87:99:85:0E:6E:EA:6E:1C:A3:B4:71:A1:67:9E:AE:76:A1:35:01:4B
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1404291A960AF20B6A5EBD1CA9D290863ACEC7BA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14315.roa
Signing time:             Tue 19 Mar 2024 01:39:12 +0000
ROA not before:           Tue 19 Mar 2024 01:34:12 +0000
ROA not after:            Tue 18 Mar 2025 01:39:12 +0000
asID:                     14315
IP address blocks:        141.11.74.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:04:29:1a:96:0a:f2:0b:6a:5e:bd:1c:a9:d2:90:86:3a:ce:c7:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 19 01:34:12 2024 GMT
            Not After : Mar 18 01:39:12 2025 GMT
        Subject: CN=8799850E6EEA6E1CA3B471A1679EAE76A135014B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:93:ba:7e:d9:ea:10:63:97:17:51:91:7a:9c:
                    fe:ae:72:0d:49:32:79:47:79:8c:35:42:61:dd:b5:
                    6f:00:88:32:ca:33:9b:7d:5c:5a:be:f8:1b:4c:ee:
                    f0:5b:6e:b2:d5:30:8b:5d:39:3f:33:c8:39:3a:53:
                    4b:9c:e7:8d:8c:0f:48:52:10:1c:7c:12:0c:5b:56:
                    d0:29:08:23:42:fe:f2:c7:d6:45:9b:ba:6d:55:fa:
                    91:ee:4e:39:04:b1:cb:ec:b9:e6:dc:71:fb:d3:c0:
                    af:69:82:ea:47:cf:92:20:43:ee:ea:a0:f7:fd:12:
                    da:4b:73:e5:9f:22:20:c5:b8:75:3b:b2:70:e1:a9:
                    18:53:ce:32:0b:76:e8:ef:f5:f8:44:2b:6a:8b:1e:
                    bb:54:0e:50:a1:ba:dc:ab:b2:48:af:c8:cf:22:dd:
                    02:d4:10:aa:f1:e7:97:a9:4e:ad:b1:f1:e7:bf:ad:
                    1a:93:51:47:48:c3:b9:14:76:c3:8c:e4:46:09:3b:
                    fb:51:d8:80:b6:f4:fe:4e:7f:75:38:dd:03:a0:3f:
                    fd:4e:f1:2e:65:1a:63:1a:6c:93:9f:23:71:c6:65:
                    c3:9c:5c:e8:9b:e9:0c:b9:e6:6f:ad:a7:3a:df:5c:
                    b3:d2:e8:a4:9e:07:9a:a4:e7:b1:ef:12:1e:1c:9f:
                    2e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:99:85:0E:6E:EA:6E:1C:A3:B4:71:A1:67:9E:AE:76:A1:35:01:4B
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14315.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:89:5e:a7:17:fa:b5:6a:34:4e:03:1a:bb:3d:8b:02:ae:28:
         25:fa:f7:52:12:53:7b:5f:46:50:09:ae:67:58:26:af:c8:7c:
         46:79:87:9b:06:19:0a:50:8f:f6:aa:90:91:bf:07:df:b5:79:
         d1:09:af:67:e1:03:6e:81:d1:83:d3:4d:0d:08:9b:98:e5:a1:
         cb:5b:f6:a6:ac:f1:5e:9f:d5:f4:0e:02:49:51:53:c7:c6:75:
         37:06:c0:3b:45:76:52:ad:17:2b:7b:f1:ce:9a:40:32:31:b0:
         13:df:8c:8c:8a:30:46:1d:fd:71:bb:65:d1:2b:cf:ca:fb:fb:
         a2:59:66:46:b1:d7:d4:dc:e6:ef:c2:5e:20:9e:46:f6:eb:0d:
         43:61:ef:93:ed:c0:85:0c:55:3e:80:81:1f:71:05:ff:32:7a:
         0f:4d:fc:cc:4b:44:df:ee:3e:58:c5:bb:79:41:09:e2:21:e6:
         7d:97:84:79:e0:81:1d:e0:99:43:78:cc:29:79:41:4e:4d:76:
         85:24:a1:62:3b:70:46:8b:52:46:2a:d0:d0:47:c6:ec:a4:96:
         71:8a:ec:58:83:84:e8:ec:8b:b8:a0:cc:b4:3c:56:1c:a6:00:
         9f:02:9b:70:4f:75:73:dd:ab:e0:04:71:30:4c:19:47:9f:96:
         d0:1a:53:bd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFAQpGpYK8gtqXr0cqdKQhjrOx7owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAzMTkwMTM0MTJaFw0yNTAzMTgwMTM5MTJaMDMxMTAvBgNV
BAMTKDg3OTk4NTBFNkVFQTZFMUNBM0I0NzFBMTY3OUVBRTc2QTEzNTAxNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMk7p+2eoQY5cXUZF6nP6ucg1J
MnlHeYw1QmHdtW8AiDLKM5t9XFq++BtM7vBbbrLVMItdOT8zyDk6U0uc542MD0hS
EBx8EgxbVtApCCNC/vLH1kWbum1V+pHuTjkEscvsuebccfvTwK9pgupHz5IgQ+7q
oPf9EtpLc+WfIiDFuHU7snDhqRhTzjILdujv9fhEK2qLHrtUDlChutyrskivyM8i
3QLUEKrx55epTq2x8ee/rRqTUUdIw7kUdsOM5EYJO/tR2IC29P5Of3U43QOgP/1O
8S5lGmMabJOfI3HGZcOcXOib6Qy55m+tpzrfXLPS6KSeB5qk57HvEh4cny7nAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUh5mFDm7qbhyjtHGhZ56udqE1AUswHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQzMTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNC0ow
DQYJKoZIhvcNAQELBQADggEBAMCJXqcX+rVqNE4DGrs9iwKuKCX691ISU3tfRlAJ
rmdYJq/IfEZ5h5sGGQpQj/aqkJG/B9+1edEJr2fhA26B0YPTTQ0Im5jloctb9qas
8V6f1fQOAklRU8fGdTcGwDtFdlKtFyt78c6aQDIxsBPfjIyKMEYd/XG7ZdErz8r7
+6JZZkax19Tc5u/CXiCeRvbrDUNh75PtwIUMVT6AgR9xBf8yeg9N/MxLRN/uPljF
u3lBCeIh5n2XhHnggR3gmUN4zCl5QU5NdoUkoWI7cEaLUkYq0NBHxuyklnGK7FiD
hOjsi7igzLQ8VhymAJ8Cm3BPdXPdq+AEcTBMGUefltAaU70=
-----END CERTIFICATE-----