Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS146996.roa
File:                     AS146996.roa (raw, json)
Hash identifier:          YxMrmH+I+G+/hTi82hQpGluZ8Bo0Xz8pPCgbxewY1dA=
Subject key identifier:   34:75:AF:15:73:6E:A7:B8:65:E2:C9:60:D4:CF:3C:5A:F3:32:A7:64
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       019C2B22C0E506D3B7DC93C832D57A953B1A81DA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS146996.roa
Signing time:             Tue 29 Oct 2024 15:43:26 +0000
ROA not before:           Tue 29 Oct 2024 15:38:26 +0000
ROA not after:            Tue 28 Oct 2025 15:43:26 +0000
asID:                     146996
IP address blocks:        141.11.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2b:22:c0:e5:06:d3:b7:dc:93:c8:32:d5:7a:95:3b:1a:81:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:26 2024 GMT
            Not After : Oct 28 15:43:26 2025 GMT
        Subject: CN=3475AF15736EA7B865E2C960D4CF3C5AF332A764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:33:15:e6:33:7c:cf:8f:92:ce:ab:7c:d2:6c:
                    8e:08:27:ed:be:15:5b:d5:fb:e1:0e:c3:89:16:72:
                    13:c2:0f:7d:37:bc:b8:95:96:46:07:05:e0:e3:fd:
                    c0:e0:46:ff:84:3e:be:5c:83:fd:a4:19:a8:01:ea:
                    e0:a9:d5:ac:f7:fe:b0:9c:38:62:24:58:f6:9d:21:
                    82:3d:ab:3a:7b:80:8d:57:b3:1a:2a:03:3f:ea:9e:
                    b3:51:b6:19:dc:54:be:70:55:b3:f1:3b:7e:3e:fb:
                    38:ac:b7:62:24:cd:45:1d:ba:bf:74:64:9c:af:40:
                    b4:8d:d0:44:56:e8:0f:45:56:a9:e6:a6:03:7a:b9:
                    e7:52:21:7e:7f:72:df:e1:f9:6a:03:f2:70:ae:93:
                    31:8f:0e:f2:c2:aa:ac:18:5c:f3:a2:3c:c8:ff:46:
                    95:a2:bc:c5:da:c5:82:97:3b:4b:29:7f:1f:a6:59:
                    4d:2c:ef:a0:c5:fc:95:19:80:2f:6e:10:e5:6f:f2:
                    02:f9:15:bc:b2:84:0b:65:4e:e8:41:06:43:35:1e:
                    1d:dd:c3:ba:ac:49:d1:61:35:d2:3d:94:3a:f4:3c:
                    c0:d7:dc:8a:50:95:9c:37:bc:79:7d:08:39:d5:75:
                    73:ba:5e:81:35:45:25:1f:64:f2:fc:f3:5e:b3:c5:
                    10:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:75:AF:15:73:6E:A7:B8:65:E2:C9:60:D4:CF:3C:5A:F3:32:A7:64
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS146996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:53:52:da:54:04:c9:74:b2:b1:ca:8f:92:4c:92:57:35:fb:
         20:df:f1:ae:eb:26:a3:a8:72:14:5b:da:66:a9:00:17:1d:59:
         a0:3b:80:45:d4:11:e2:1c:e5:c6:be:c8:b7:32:57:94:b1:e0:
         82:18:fb:f2:2e:6a:55:73:ba:68:56:1c:79:38:51:2d:a9:7d:
         fb:51:2c:4c:13:7a:b8:af:63:3a:55:db:27:52:18:51:68:db:
         4d:27:60:12:66:7e:27:15:75:ec:3a:c3:51:b6:e7:f5:da:fd:
         56:0b:f7:43:3b:d5:8a:63:e3:0b:56:f8:0b:61:47:e5:70:f4:
         22:c8:c0:4c:73:1c:66:99:30:74:11:c1:ea:ef:c1:0e:4a:6f:
         ca:13:c3:0a:b8:41:06:bc:34:f1:d5:bf:c4:1e:5a:c5:5a:d4:
         00:19:54:e4:ad:d0:13:02:f6:2e:4a:ce:fd:7c:2d:75:45:94:
         99:b3:71:43:13:08:ab:f9:f4:cc:80:c6:f8:68:df:98:36:e7:
         29:47:e9:19:cb:93:15:af:8a:ac:67:06:54:4f:43:ce:e7:53:
         21:83:80:68:8e:61:fb:cd:b8:a4:dd:01:b1:99:15:d9:e0:82:
         c7:7c:ed:59:4d:ab:76:66:ff:e7:0c:f7:be:98:0e:76:6a:58:
         ea:b1:24:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAZwrIsDlBtO33JPIMtV6lTsagdowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjZaFw0yNTEwMjgxNTQzMjZaMDMxMTAvBgNV
BAMTKDM0NzVBRjE1NzM2RUE3Qjg2NUUyQzk2MEQ0Q0YzQzVBRjMzMkE3NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpMxXmM3zPj5LOq3zSbI4IJ+2+
FVvV++EOw4kWchPCD303vLiVlkYHBeDj/cDgRv+EPr5cg/2kGagB6uCp1az3/rCc
OGIkWPadIYI9qzp7gI1XsxoqAz/qnrNRthncVL5wVbPxO34++zist2IkzUUdur90
ZJyvQLSN0ERW6A9FVqnmpgN6uedSIX5/ct/h+WoD8nCukzGPDvLCqqwYXPOiPMj/
RpWivMXaxYKXO0spfx+mWU0s76DF/JUZgC9uEOVv8gL5FbyyhAtlTuhBBkM1Hh3d
w7qsSdFhNdI9lDr0PMDX3IpQlZw3vHl9CDnVdXO6XoE1RSUfZPL8816zxRA7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNHWvFXNup7hl4slg1M88WvMyp2QwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQ2OTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsh
MA0GCSqGSIb3DQEBCwUAA4IBAQCFU1LaVATJdLKxyo+STJJXNfsg3/Gu6yajqHIU
W9pmqQAXHVmgO4BF1BHiHOXGvsi3MleUseCCGPvyLmpVc7poVhx5OFEtqX37USxM
E3q4r2M6VdsnUhhRaNtNJ2ASZn4nFXXsOsNRtuf12v1WC/dDO9WKY+MLVvgLYUfl
cPQiyMBMcxxmmTB0EcHq78EOSm/KE8MKuEEGvDTx1b/EHlrFWtQAGVTkrdATAvYu
Ss79fC11RZSZs3FDEwir+fTMgMb4aN+YNucpR+kZy5MVr4qsZwZUT0PO51Mhg4Bo
jmH7zbik3QGxmRXZ4ILHfO1ZTat2Zv/nDPe+mA52aljqsSRd
-----END CERTIFICATE-----