Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS146996.roa
File:                     AS146996.roa (raw, json)
Hash identifier:          JuwQZQVKwvggS3J/tcFo8bL94soDGbnXB5WU/aJAMVg=
Subject key identifier:   2A:28:48:FC:E3:0E:34:68:FB:1C:F2:27:3F:13:B0:30:2F:D8:F1:D0
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1FB125C4937C487D2D048AF5DF10960F0B140B9D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS146996.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     146996
IP address blocks:        141.11.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:b1:25:c4:93:7c:48:7d:2d:04:8a:f5:df:10:96:0f:0b:14:0b:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=2A2848FCE30E3468FB1CF2273F13B0302FD8F1D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c9:16:e3:d0:ad:2c:61:02:c6:c7:89:48:e6:
                    b1:ed:ec:2c:64:6f:5a:c3:b9:f9:9f:e6:88:26:9a:
                    d4:7e:e8:61:ed:b4:84:5f:d6:b0:e6:2d:e0:e3:9a:
                    df:da:2f:89:dd:fd:3e:87:39:54:78:ce:c5:96:94:
                    c4:6c:73:05:c7:41:ae:c3:5b:bd:a3:71:44:07:00:
                    a5:ed:42:68:42:c9:be:1f:d3:d4:8c:6d:22:e4:f0:
                    e4:43:58:08:06:5a:52:e3:9d:06:e4:21:05:28:f1:
                    6a:fb:a0:e8:45:96:97:3a:81:8a:0d:c1:c5:db:6a:
                    94:38:c8:0b:90:7e:e9:48:d1:bc:c0:5e:0a:ec:aa:
                    a5:a6:c6:c8:db:ac:ec:b2:42:f8:85:35:01:90:69:
                    5c:27:9a:c8:71:88:13:f6:52:f4:85:94:27:3e:7a:
                    94:41:35:fe:de:fb:f6:c4:6f:79:61:62:26:71:a8:
                    93:51:ca:5d:91:ce:b5:ba:5c:6b:4e:42:0c:8e:a8:
                    7d:dd:14:84:8d:4c:8b:1b:a2:de:a9:dc:03:e1:ab:
                    ef:fc:a5:53:29:c2:d6:c9:fd:c2:7f:1f:d0:ff:e5:
                    dc:75:2c:89:30:d0:3b:9c:19:0c:1d:f1:d8:18:32:
                    57:fb:4a:a2:60:55:99:51:94:6c:88:29:19:13:67:
                    17:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:28:48:FC:E3:0E:34:68:FB:1C:F2:27:3F:13:B0:30:2F:D8:F1:D0
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS146996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:13:e8:f4:8a:6d:fb:5d:90:ac:f2:ce:a3:46:10:76:8a:dd:
         ed:95:71:65:90:37:3d:84:d6:b6:83:c4:45:d4:95:90:04:83:
         5c:f1:27:55:c8:a4:c8:6c:2e:77:b7:17:c2:1c:3b:86:d4:b4:
         34:78:67:89:33:c8:7f:df:2e:63:3a:59:20:a0:1c:13:11:e3:
         77:95:d8:99:39:17:0d:e8:b9:0a:e3:21:af:12:dd:fa:b0:63:
         51:db:c3:a5:14:ae:e1:a0:66:64:fe:c9:c5:12:0e:a7:3a:38:
         bb:7e:3e:ed:09:1a:90:b5:ca:47:38:6f:3c:57:5d:03:87:3c:
         74:c8:4a:6c:2c:63:3d:ec:80:82:99:8f:57:a4:be:f1:3f:bc:
         1f:1c:55:b2:50:35:3e:9f:45:21:69:7b:78:f1:a2:17:f6:98:
         8d:a6:bc:db:bd:36:db:d9:6a:94:d5:fe:10:40:a4:18:7a:36:
         37:9c:89:fe:0f:2f:92:12:0b:7c:dd:83:84:d3:9e:97:3e:d8:
         39:a2:49:e4:e1:69:cb:6f:43:35:14:55:42:3b:f9:8f:95:70:
         61:1c:d6:fb:d2:e1:d8:42:27:54:fe:86:c6:34:b8:2f:77:26:
         38:b4:93:58:7d:f0:4d:47:8b:7a:e2:96:b8:40:73:78:7e:bf:
         d2:52:8e:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUH7ElxJN8SH0tBIr13xCWDwsUC50wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKDJBMjg0OEZDRTMwRTM0NjhGQjFDRjIyNzNGMTNCMDMwMkZEOEYxRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWyRbj0K0sYQLGx4lI5rHt7Cxk
b1rDufmf5ogmmtR+6GHttIRf1rDmLeDjmt/aL4nd/T6HOVR4zsWWlMRscwXHQa7D
W72jcUQHAKXtQmhCyb4f09SMbSLk8ORDWAgGWlLjnQbkIQUo8Wr7oOhFlpc6gYoN
wcXbapQ4yAuQfulI0bzAXgrsqqWmxsjbrOyyQviFNQGQaVwnmshxiBP2UvSFlCc+
epRBNf7e+/bEb3lhYiZxqJNRyl2RzrW6XGtOQgyOqH3dFISNTIsbot6p3APhq+/8
pVMpwtbJ/cJ/H9D/5dx1LIkw0DucGQwd8dgYMlf7SqJgVZlRlGyIKRkTZxdrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKihI/OMONGj7HPInPxOwMC/Y8dAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQ2OTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsh
MA0GCSqGSIb3DQEBCwUAA4IBAQBXE+j0im37XZCs8s6jRhB2it3tlXFlkDc9hNa2
g8RF1JWQBINc8SdVyKTIbC53txfCHDuG1LQ0eGeJM8h/3y5jOlkgoBwTEeN3ldiZ
ORcN6LkK4yGvEt36sGNR28OlFK7hoGZk/snFEg6nOji7fj7tCRqQtcpHOG88V10D
hzx0yEpsLGM97ICCmY9XpL7xP7wfHFWyUDU+n0UhaXt48aIX9piNprzbvTbb2WqU
1f4QQKQYejY3nIn+Dy+SEgt83YOE056XPtg5oknk4WnLb0M1FFVCO/mPlXBhHNb7
0uHYQidU/obGNLgvdyY4tJNYffBNR4t64pa4QHN4fr/SUo6u
-----END CERTIFICATE-----