Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14445.roa
File:                     AS14445.roa (raw, json)
Hash identifier:          p0SZslwtp52AQjhyE5hlGXjRTJUPDeBjdUX79CHyDEY=
Subject key identifier:   BA:93:38:70:8A:2C:5D:2E:90:D3:D4:C6:F8:0F:70:B0:FF:2E:47:5C
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0F11A51051B1A410C4D1CEBE4CC824AE4FD98DD7
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14445.roa
Signing time:             Wed 13 Sep 2023 11:11:39 +0000
ROA not before:           Wed 13 Sep 2023 11:06:39 +0000
ROA not after:            Wed 11 Sep 2024 11:11:39 +0000
asID:                     14445
IP address blocks:        141.11.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:11:a5:10:51:b1:a4:10:c4:d1:ce:be:4c:c8:24:ae:4f:d9:8d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 13 11:06:39 2023 GMT
            Not After : Sep 11 11:11:39 2024 GMT
        Subject: CN=BA9338708A2C5D2E90D3D4C6F80F70B0FF2E475C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:71:ec:95:2c:16:87:bc:65:24:e6:2d:b3:9e:
                    b3:df:82:33:06:cf:3e:41:89:fd:9b:ff:af:fd:ac:
                    94:ea:17:4d:0f:65:35:80:d6:01:07:0f:aa:40:d7:
                    34:19:f0:2b:8a:e0:d1:cb:24:4a:75:2c:5b:46:ce:
                    48:c0:e2:91:bd:5e:2e:9b:b4:49:79:18:6d:de:94:
                    38:f2:0a:8e:33:21:0b:dd:a8:62:84:29:11:d7:e4:
                    95:df:a3:d0:ca:04:77:1b:3a:92:76:d7:65:e0:ff:
                    63:f9:c1:61:2d:9c:f4:8e:1f:68:6a:8e:63:f5:d2:
                    93:99:ce:6a:97:92:15:9f:86:e2:40:c1:ec:f0:f1:
                    39:e2:39:fc:e9:c2:f5:18:4e:bd:40:a0:5e:72:5f:
                    de:5c:c2:37:a7:69:da:50:e8:d9:31:5b:3f:67:24:
                    1d:e7:36:12:6b:c2:e3:2f:32:43:06:e7:39:12:94:
                    60:cf:ea:ee:48:f3:0b:6f:ca:d9:66:12:5b:b5:f6:
                    96:3c:8d:fb:e2:f2:e6:52:47:b8:b1:88:30:28:5f:
                    8c:6e:1c:f4:cf:9e:9d:34:44:27:7c:04:05:a1:77:
                    39:73:4c:df:26:41:50:a8:30:37:52:95:4e:a6:51:
                    d3:f3:bf:07:c1:fa:a1:38:99:ea:7e:de:3b:54:6f:
                    ce:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:93:38:70:8A:2C:5D:2E:90:D3:D4:C6:F8:0F:70:B0:FF:2E:47:5C
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS14445.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4c:0b:71:e5:bf:59:0d:86:90:d6:f0:d1:e5:c1:71:ab:6f:
         b7:c0:9f:38:fd:2b:72:76:e0:5d:3e:b0:cf:ee:e6:14:c4:24:
         7e:9f:15:64:25:2d:37:fe:4f:4a:61:a0:f4:d5:b2:88:d3:7b:
         ed:38:47:c9:7b:f5:35:02:7d:c7:ec:a0:44:ad:c2:44:7e:28:
         5d:66:ca:a6:bd:ca:91:ee:37:14:88:d1:69:b9:75:cb:71:8c:
         25:b8:11:3c:00:69:26:b9:c6:6d:26:b9:bf:a9:58:47:01:14:
         7b:0b:ce:e7:23:61:48:c1:e2:e9:44:08:99:0c:bc:b3:ac:66:
         33:dd:35:b6:11:96:3f:85:64:03:cc:eb:9f:db:1a:ed:78:72:
         ab:b4:b5:25:c7:9c:fb:f6:2b:d1:cc:11:8d:da:f1:66:2f:65:
         d2:c6:a2:e8:41:30:32:7b:f3:30:4c:2b:ed:62:92:d1:8b:e5:
         1c:c4:bc:0a:bb:28:f0:d8:99:af:97:02:69:61:bb:ad:18:ea:
         c1:64:82:af:5f:b5:5c:09:80:8d:0e:97:d0:fb:42:dc:44:76:
         16:fd:98:d1:43:ea:cd:07:68:4d:d6:aa:a5:b3:a4:dd:a3:57:
         5e:d3:67:cf:2d:bf:44:05:f0:4b:20:3b:e5:1c:d1:9e:08:47:
         61:02:59:b5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDxGlEFGxpBDE0c6+TMgkrk/ZjdcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzA5MTMxMTA2MzlaFw0yNDA5MTExMTExMzlaMDMxMTAvBgNV
BAMTKEJBOTMzODcwOEEyQzVEMkU5MEQzRDRDNkY4MEY3MEIwRkYyRTQ3NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIceyVLBaHvGUk5i2znrPfgjMG
zz5Bif2b/6/9rJTqF00PZTWA1gEHD6pA1zQZ8CuK4NHLJEp1LFtGzkjA4pG9Xi6b
tEl5GG3elDjyCo4zIQvdqGKEKRHX5JXfo9DKBHcbOpJ212Xg/2P5wWEtnPSOH2hq
jmP10pOZzmqXkhWfhuJAwezw8TniOfzpwvUYTr1AoF5yX95cwjenadpQ6NkxWz9n
JB3nNhJrwuMvMkMG5zkSlGDP6u5I8wtvytlmElu19pY8jfvi8uZSR7ixiDAoX4xu
HPTPnp00RCd8BAWhdzlzTN8mQVCoMDdSlU6mUdPzvwfB+qE4mep+3jtUb85LAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUupM4cIosXS6Q09TG+A9wsP8uR1wwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQ0NDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC/gw
DQYJKoZIhvcNAQELBQADggEBAJJMC3Hlv1kNhpDW8NHlwXGrb7fAnzj9K3J24F0+
sM/u5hTEJH6fFWQlLTf+T0phoPTVsojTe+04R8l79TUCfcfsoEStwkR+KF1myqa9
ypHuNxSI0Wm5dctxjCW4ETwAaSa5xm0mub+pWEcBFHsLzucjYUjB4ulECJkMvLOs
ZjPdNbYRlj+FZAPM65/bGu14cqu0tSXHnPv2K9HMEY3a8WYvZdLGouhBMDJ78zBM
K+1iktGL5RzEvAq7KPDYma+XAmlhu60Y6sFkgq9ftVwJgI0Ol9D7QtxEdhb9mNFD
6s0HaE3WqqWzpN2jV17TZ88tv0QF8EsgO+Uc0Z4IR2ECWbU=
-----END CERTIFICATE-----