Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS147293.roa
File:                     AS147293.roa (raw, json)
Hash identifier:          CMsY4BeQ43wgjQu15AzD+WG2iAn0mZHrvd71IGwH9zI=
Subject key identifier:   5A:EB:03:9E:71:F6:F9:97:17:99:09:89:CC:D7:63:D3:7F:62:AB:8B
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7E3F4A35F6366D61B8E229A9D7BA53B29514E2AE
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS147293.roa
Signing time:             Sun 09 Feb 2025 19:53:55 +0000
ROA not before:           Sun 09 Feb 2025 19:48:55 +0000
ROA not after:            Sun 08 Feb 2026 19:53:55 +0000
asID:                     147293
IP address blocks:        141.11.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:3f:4a:35:f6:36:6d:61:b8:e2:29:a9:d7:ba:53:b2:95:14:e2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb  9 19:48:55 2025 GMT
            Not After : Feb  8 19:53:55 2026 GMT
        Subject: CN=5AEB039E71F6F99717990989CCD763D37F62AB8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:50:1a:85:30:42:a1:84:6b:82:d3:a4:8c:e3:
                    5e:d1:0a:a0:88:af:db:06:fe:53:ac:3f:10:40:2f:
                    2c:2a:50:99:0b:84:4b:5b:c9:5d:54:2e:0e:aa:c7:
                    7c:98:5e:b5:33:68:7b:73:b2:06:b4:da:29:c3:e0:
                    4b:47:0c:31:93:9b:ac:24:4b:b6:0e:de:b5:af:d2:
                    28:69:e6:74:b4:8f:40:6f:d4:3e:40:46:95:6f:b3:
                    ed:b9:1c:3a:e5:08:f4:0b:96:f9:be:17:1c:32:7b:
                    2e:04:56:ff:fe:be:fd:0c:1d:b2:50:fb:bd:eb:ab:
                    4b:86:2e:c3:b6:b5:5d:39:ef:b5:fe:9d:c5:28:e9:
                    37:7c:31:c3:30:72:4f:9e:6c:f8:c5:33:06:9a:f9:
                    a1:1c:64:33:56:a7:2f:13:ef:5e:98:b4:33:2b:86:
                    59:01:1a:21:ae:ed:b8:aa:68:84:34:c2:89:df:7e:
                    e0:0f:db:4f:01:9b:ce:13:fd:3d:be:06:d4:9d:4e:
                    34:99:4a:d9:0f:56:11:f5:ac:e1:d2:5a:73:0e:32:
                    3a:c7:b4:d8:c9:3c:1f:b9:6f:ad:b3:54:39:9b:f0:
                    2a:a6:89:c9:00:ff:31:7c:ee:e7:02:e6:7c:79:92:
                    92:4a:4a:8d:95:62:71:b1:f9:67:b8:8e:d5:08:e4:
                    59:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:EB:03:9E:71:F6:F9:97:17:99:09:89:CC:D7:63:D3:7F:62:AB:8B
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS147293.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:56:4c:b5:2b:a2:75:4d:ea:f5:31:84:d5:33:e6:84:b5:6e:
         2d:3c:47:73:ac:27:92:12:96:19:04:9c:cf:ef:7a:87:b7:e2:
         f0:4d:0e:68:47:40:e4:f2:27:78:c6:9a:bc:49:fd:94:6a:c0:
         97:c7:72:b7:95:33:fa:f1:3a:ea:46:d7:44:e1:d0:af:93:52:
         fd:61:96:3d:8c:ee:c4:56:52:e6:bb:d5:e3:82:af:11:66:7f:
         3c:a8:20:90:ee:f9:25:40:bb:ec:45:92:9f:30:72:f7:d4:f4:
         d7:e1:2c:ef:c3:f3:30:91:78:3e:26:6a:f2:59:2a:11:61:d5:
         9f:a9:64:b8:0a:3f:1b:0a:1c:93:3a:e8:a3:11:11:4a:44:1b:
         61:a6:6d:af:d6:e9:75:c7:2e:8c:1b:78:a3:57:16:c1:aa:b7:
         1e:4e:9e:39:21:9b:bd:79:71:ad:88:74:02:90:5c:40:b3:c7:
         e3:c4:70:79:df:22:4a:3f:1e:b8:f8:46:84:fd:cc:d6:2d:6c:
         2f:11:66:67:df:fb:52:8b:15:50:ea:f2:9f:58:e2:82:f5:0c:
         a2:77:4b:4b:0f:e5:a4:44:7f:fe:f1:31:ec:8e:3a:80:35:6c:
         37:bc:b8:a9:98:29:f1:1e:27:1e:60:4d:9b:29:5e:f2:74:ab:
         1c:76:bb:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfj9KNfY2bWG44imp17pTspUU4q4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAyMDkxOTQ4NTVaFw0yNjAyMDgxOTUzNTVaMDMxMTAvBgNV
BAMTKDVBRUIwMzlFNzFGNkY5OTcxNzk5MDk4OUNDRDc2M0QzN0Y2MkFCOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMUBqFMEKhhGuC06SM417RCqCI
r9sG/lOsPxBALywqUJkLhEtbyV1ULg6qx3yYXrUzaHtzsga02inD4EtHDDGTm6wk
S7YO3rWv0ihp5nS0j0Bv1D5ARpVvs+25HDrlCPQLlvm+Fxwyey4EVv/+vv0MHbJQ
+73rq0uGLsO2tV0577X+ncUo6Td8McMwck+ebPjFMwaa+aEcZDNWpy8T716YtDMr
hlkBGiGu7biqaIQ0wonffuAP208Bm84T/T2+BtSdTjSZStkPVhH1rOHSWnMOMjrH
tNjJPB+5b62zVDmb8CqmickA/zF87ucC5nx5kpJKSo2VYnGx+We4jtUI5FmXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWusDnnH2+ZcXmQmJzNdj039iq4swHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQ3MjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsW
MA0GCSqGSIb3DQEBCwUAA4IBAQCoVky1K6J1Ter1MYTVM+aEtW4tPEdzrCeSEpYZ
BJzP73qHt+LwTQ5oR0Dk8id4xpq8Sf2UasCXx3K3lTP68TrqRtdE4dCvk1L9YZY9
jO7EVlLmu9Xjgq8RZn88qCCQ7vklQLvsRZKfMHL31PTX4Szvw/MwkXg+JmryWSoR
YdWfqWS4Cj8bChyTOuijERFKRBthpm2v1ul1xy6MG3ijVxbBqrceTp45IZu9eXGt
iHQCkFxAs8fjxHB53yJKPx64+EaE/czWLWwvEWZn3/tSixVQ6vKfWOKC9Qyid0tL
D+WkRH/+8THsjjqANWw3vLipmCnxHiceYE2bKV7ydKscdrsM
-----END CERTIFICATE-----