Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS147293.roa
File:                     AS147293.roa (raw, json)
Hash identifier:          aS95q3C150sh2Aw6oB2/ccEdN8q9GNEQW8vDzI5MHZ4=
Subject key identifier:   78:2D:9F:06:EA:4E:30:3C:4F:57:4C:91:B7:10:F8:CB:A8:8C:90:13
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       707DEA31490BDEDE776FF8B90DE84395F92D21EB
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS147293.roa
Signing time:             Sun 10 Mar 2024 19:05:14 +0000
ROA not before:           Sun 10 Mar 2024 19:00:14 +0000
ROA not after:            Sun 09 Mar 2025 19:05:14 +0000
asID:                     147293
IP address blocks:        141.11.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:7d:ea:31:49:0b:de:de:77:6f:f8:b9:0d:e8:43:95:f9:2d:21:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 10 19:00:14 2024 GMT
            Not After : Mar  9 19:05:14 2025 GMT
        Subject: CN=782D9F06EA4E303C4F574C91B710F8CBA88C9013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0d:a1:0e:d4:80:56:34:fe:66:f1:b5:f9:b5:
                    84:e6:12:39:25:6c:b5:01:b4:21:81:bb:67:fc:f1:
                    13:65:42:13:43:b2:a0:95:42:1e:59:c2:67:ab:f8:
                    c6:f6:58:da:57:54:9b:c6:ee:31:93:c2:ea:44:a4:
                    25:4a:60:56:f1:37:2c:2f:b2:b6:bd:92:a2:0e:e7:
                    13:c1:81:0f:be:4b:ab:c2:8e:51:17:e3:e3:c7:77:
                    ed:c2:ec:78:2c:86:e0:cf:4b:84:1e:0e:c9:3f:76:
                    12:e0:4d:49:b4:ea:09:95:64:7d:82:7a:56:b4:7b:
                    e2:1f:ef:f7:5a:40:26:c9:01:6c:41:bd:bc:10:c2:
                    04:28:ad:37:c6:0b:96:58:a6:83:82:3e:90:22:fd:
                    aa:35:4b:fc:93:d4:f0:d4:47:a9:57:91:69:c5:ae:
                    48:95:71:44:ec:04:05:a9:94:47:05:2c:c2:44:d7:
                    42:aa:6d:2d:8d:0e:cf:9f:49:64:c7:e6:90:1b:96:
                    a6:c2:74:8e:61:5b:52:0f:b1:d4:2a:00:50:eb:bf:
                    de:c3:cd:bb:88:31:a0:0d:d3:7a:7b:6d:37:35:a2:
                    86:31:e7:3f:0c:23:bf:ce:5c:c0:e1:c6:0d:be:15:
                    4e:d0:5f:53:5b:bb:0f:83:99:f1:b5:a5:52:af:69:
                    c2:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:2D:9F:06:EA:4E:30:3C:4F:57:4C:91:B7:10:F8:CB:A8:8C:90:13
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS147293.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:8b:0e:53:b1:2e:92:fa:a8:55:60:de:4e:33:4c:88:28:7e:
         a5:e6:3c:fc:7f:dd:0a:a3:63:5b:c4:25:7a:01:8f:b7:6f:e5:
         e5:69:7d:e3:a1:5f:fe:59:82:bd:2b:c3:df:9c:a9:31:b7:3d:
         80:4c:df:99:4c:a4:d5:54:84:78:8b:64:f2:61:51:73:1b:47:
         2a:2b:ff:f9:6a:ad:dc:30:aa:9c:b3:d2:4f:7f:b4:87:2f:42:
         8c:51:80:65:57:c8:11:74:af:85:31:c1:66:2b:53:bb:9d:f8:
         f6:12:8b:d4:23:04:03:aa:cd:38:3c:40:27:82:0b:7e:91:a1:
         48:1e:c1:e7:fa:bf:7c:c3:b0:df:64:19:6d:14:ed:f7:ed:6f:
         c1:a6:fe:73:a3:2d:7d:17:0a:8e:3e:83:b6:25:a7:ca:b7:d7:
         2d:9f:f1:17:0a:3e:02:fa:45:c9:4e:6c:62:b5:a9:6b:a2:b1:
         76:90:46:30:b8:b1:39:b4:6d:6a:af:1e:d6:72:ca:07:21:54:
         f7:b1:07:ce:05:0f:3a:8a:f7:35:7d:25:d2:de:0f:33:0a:b4:
         52:4b:16:23:a3:fb:cf:5e:d0:9b:4d:47:89:c4:f8:e0:a0:e6:
         3d:c2:62:fe:d1:e9:2e:c8:96:28:d6:e9:7d:6a:8e:15:b3:29:
         77:8b:1f:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcH3qMUkL3t53b/i5DehDlfktIeswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAzMTAxOTAwMTRaFw0yNTAzMDkxOTA1MTRaMDMxMTAvBgNV
BAMTKDc4MkQ5RjA2RUE0RTMwM0M0RjU3NEM5MUI3MTBGOENCQTg4QzkwMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1DaEO1IBWNP5m8bX5tYTmEjkl
bLUBtCGBu2f88RNlQhNDsqCVQh5Zwmer+Mb2WNpXVJvG7jGTwupEpCVKYFbxNywv
sra9kqIO5xPBgQ++S6vCjlEX4+PHd+3C7HgshuDPS4QeDsk/dhLgTUm06gmVZH2C
ela0e+If7/daQCbJAWxBvbwQwgQorTfGC5ZYpoOCPpAi/ao1S/yT1PDUR6lXkWnF
rkiVcUTsBAWplEcFLMJE10KqbS2NDs+fSWTH5pAblqbCdI5hW1IPsdQqAFDrv97D
zbuIMaAN03p7bTc1ooYx5z8MI7/OXMDhxg2+FU7QX1Nbuw+DmfG1pVKvacKtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeC2fBupOMDxPV0yRtxD4y6iMkBMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQ3MjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsW
MA0GCSqGSIb3DQEBCwUAA4IBAQAYiw5TsS6S+qhVYN5OM0yIKH6l5jz8f90Ko2Nb
xCV6AY+3b+XlaX3joV/+WYK9K8PfnKkxtz2ATN+ZTKTVVIR4i2TyYVFzG0cqK//5
aq3cMKqcs9JPf7SHL0KMUYBlV8gRdK+FMcFmK1O7nfj2EovUIwQDqs04PEAnggt+
kaFIHsHn+r98w7DfZBltFO337W/Bpv5zoy19FwqOPoO2JafKt9ctn/EXCj4C+kXJ
TmxitalrorF2kEYwuLE5tG1qrx7WcsoHIVT3sQfOBQ86ivc1fSXS3g8zCrRSSxYj
o/vPXtCbTUeJxPjgoOY9wmL+0ekuyJYo1ul9ao4Vsyl3ix/z
-----END CERTIFICATE-----