Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS150654.roa
File:                     AS150654.roa (raw, json)
Hash identifier:          ovwG2Z0xDHmqfMSYY5qk81p+vLfgk3+a+ADNWrFhrbM=
Subject key identifier:   1C:04:52:66:36:27:C5:E8:F7:37:88:1E:3D:FD:CF:4D:FE:51:E8:54
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2AF5B9DC6D79A5CFC2F8D0F89A1FF53BED8708AD
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS150654.roa
Signing time:             Thu 21 Nov 2024 06:52:58 +0000
ROA not before:           Thu 21 Nov 2024 06:47:58 +0000
ROA not after:            Thu 20 Nov 2025 06:52:58 +0000
asID:                     150654
IP address blocks:        141.11.172.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:f5:b9:dc:6d:79:a5:cf:c2:f8:d0:f8:9a:1f:f5:3b:ed:87:08:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 21 06:47:58 2024 GMT
            Not After : Nov 20 06:52:58 2025 GMT
        Subject: CN=1C0452663627C5E8F737881E3DFDCF4DFE51E854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9b:66:64:49:94:0f:bd:d2:35:c2:7b:71:be:
                    4f:e9:b2:d0:32:d1:be:ee:23:38:72:66:f7:0f:fa:
                    62:29:c3:3d:db:5a:32:56:fc:c1:bb:46:72:34:c8:
                    5d:58:c1:9c:06:ad:37:3a:7e:3b:c1:16:b4:b6:31:
                    a1:b2:93:cf:08:aa:d7:b4:5b:69:53:b4:43:e0:92:
                    db:dd:dd:1c:f3:40:ae:20:2f:e5:0a:fc:0c:cc:c3:
                    63:57:b2:a1:8e:1c:81:c3:30:c4:87:cd:4a:0f:1c:
                    a0:58:ef:58:8b:62:77:41:96:99:ca:c5:03:9e:36:
                    aa:94:cb:82:ad:3d:74:2b:34:2b:c7:14:6e:46:a1:
                    5f:fd:8d:76:af:6d:d5:d7:ac:0c:97:47:c3:79:0e:
                    6d:73:33:52:50:71:5e:c5:7a:c9:11:6d:f3:c6:cd:
                    d9:32:e0:d0:87:12:93:8b:00:15:c2:dd:b5:ca:32:
                    11:4a:5c:b8:c7:5d:95:02:a6:83:b6:a2:e2:e5:d1:
                    83:d7:b9:3a:88:68:d4:d5:8e:22:e9:a3:7c:f7:32:
                    cb:b5:9c:7a:92:b1:da:95:95:90:5f:00:8d:24:c7:
                    c8:2a:08:ba:de:e8:54:e1:76:19:31:47:67:cd:92:
                    cb:0d:8f:b9:ff:f5:e6:54:f2:9b:be:97:92:1f:e5:
                    a8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:04:52:66:36:27:C5:E8:F7:37:88:1E:3D:FD:CF:4D:FE:51:E8:54
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS150654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c1:ad:73:4c:87:53:19:6b:f0:9d:94:d3:26:d4:58:a9:0a:3a:
         e0:2a:b8:80:01:8e:ac:aa:ab:66:8e:7f:05:c7:5e:6d:98:13:
         c7:9e:55:ea:72:ff:be:32:50:35:ce:75:58:ff:09:47:a3:be:
         13:43:d7:67:fc:9f:6a:50:fc:80:e1:52:8b:14:3a:d8:44:89:
         d9:2e:38:82:b3:31:36:c7:b5:ab:b7:0c:2f:2e:cb:92:d9:19:
         19:2a:4a:a9:83:19:25:2c:3c:db:ee:8d:87:31:98:83:22:9f:
         da:a2:bd:a2:a7:25:b8:66:30:e1:24:f6:cf:0c:ac:b6:bd:b2:
         f3:53:0f:15:be:07:35:98:7b:2c:83:24:11:a4:58:eb:b9:72:
         a2:fe:7d:de:dd:d8:9e:ea:a6:f2:97:34:c8:d4:6b:96:11:63:
         11:a2:b0:38:53:99:1b:33:64:61:d3:77:45:30:f0:5c:c9:06:
         f8:f1:4b:4c:ae:e7:94:4b:e3:e3:7a:a4:de:8c:33:81:c3:01:
         f8:b2:74:d0:c1:b8:15:be:c2:b3:36:2f:10:d9:8f:dd:54:f8:
         90:67:0e:bf:4f:99:1f:c8:de:36:07:15:17:ff:5c:3c:7f:78:
         ac:ae:82:80:0a:0a:92:12:92:2f:41:f1:c7:f8:0d:84:0f:52:
         02:68:66:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKvW53G15pc/C+ND4mh/1O+2HCK0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMjEwNjQ3NThaFw0yNTExMjAwNjUyNThaMDMxMTAvBgNV
BAMTKDFDMDQ1MjY2MzYyN0M1RThGNzM3ODgxRTNERkRDRjRERkU1MUU4NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDim2ZkSZQPvdI1wntxvk/pstAy
0b7uIzhyZvcP+mIpwz3bWjJW/MG7RnI0yF1YwZwGrTc6fjvBFrS2MaGyk88Iqte0
W2lTtEPgktvd3RzzQK4gL+UK/AzMw2NXsqGOHIHDMMSHzUoPHKBY71iLYndBlpnK
xQOeNqqUy4KtPXQrNCvHFG5GoV/9jXavbdXXrAyXR8N5Dm1zM1JQcV7FeskRbfPG
zdky4NCHEpOLABXC3bXKMhFKXLjHXZUCpoO2ouLl0YPXuTqIaNTVjiLpo3z3Msu1
nHqSsdqVlZBfAI0kx8gqCLre6FThdhkxR2fNkssNj7n/9eZU8pu+l5If5ajhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHARSZjYnxej3N4gePf3PTf5R6FQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUwNjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQus
MA0GCSqGSIb3DQEBCwUAA4IBAQDBrXNMh1MZa/CdlNMm1FipCjrgKriAAY6sqqtm
jn8Fx15tmBPHnlXqcv++MlA1znVY/wlHo74TQ9dn/J9qUPyA4VKLFDrYRInZLjiC
szE2x7WrtwwvLsuS2RkZKkqpgxklLDzb7o2HMZiDIp/aor2ipyW4ZjDhJPbPDKy2
vbLzUw8Vvgc1mHssgyQRpFjruXKi/n3e3die6qbylzTI1GuWEWMRorA4U5kbM2Rh
03dFMPBcyQb48UtMrueUS+PjeqTejDOBwwH4snTQwbgVvsKzNi8Q2Y/dVPiQZw6/
T5kfyN42BxUX/1w8f3isroKACgqSEpIvQfHH+A2ED1ICaGY5
-----END CERTIFICATE-----