Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151338.roa
File:                     AS151338.roa (raw, json)
Hash identifier:          x6Cb2FeCiFS+v44p0FqjsryNcO1NkzxE6sRhHJBURVA=
Subject key identifier:   D6:67:1C:37:AD:BE:0F:11:74:15:62:D7:84:36:47:8F:17:5A:28:98
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       786843B69702A12E09F7CC673FB6D5DB71F741A3
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151338.roa
Signing time:             Thu 22 Aug 2024 12:18:03 +0000
ROA not before:           Thu 22 Aug 2024 12:13:03 +0000
ROA not after:            Thu 21 Aug 2025 12:18:03 +0000
asID:                     151338
IP address blocks:        141.11.132.0/23 maxlen: 24
                          141.11.140.0/23 maxlen: 24
                          141.11.238.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:68:43:b6:97:02:a1:2e:09:f7:cc:67:3f:b6:d5:db:71:f7:41:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 22 12:13:03 2024 GMT
            Not After : Aug 21 12:18:03 2025 GMT
        Subject: CN=D6671C37ADBE0F11741562D78436478F175A2898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5a:95:d7:b3:49:08:ad:dc:50:52:c6:5d:41:
                    91:20:b2:75:2e:c7:4c:97:fc:ca:c4:68:11:74:d8:
                    02:4e:55:2e:dd:eb:43:ac:b3:b9:3d:bc:d8:8b:84:
                    04:14:9b:fc:7a:25:02:db:c0:05:68:6d:77:5e:36:
                    87:f1:44:65:1d:48:66:1f:ab:c2:21:da:a5:7f:67:
                    4f:f9:de:16:10:83:f3:d1:d6:10:30:29:5a:02:f0:
                    02:df:a4:33:7e:72:e0:3e:a2:c3:8e:02:28:0d:5c:
                    4b:b3:7b:7f:40:4b:f6:b1:3f:dc:c5:e5:50:67:35:
                    21:e2:9b:09:f8:5c:51:ff:07:9d:72:92:15:48:f6:
                    36:6d:63:44:d9:81:4c:b3:bf:7b:d0:67:d3:4e:f9:
                    c7:00:95:5f:76:03:67:fb:e0:bc:f3:bd:42:1d:3d:
                    5a:66:b0:49:89:60:96:98:f9:cb:e1:b0:49:4a:d3:
                    97:3c:83:10:0d:28:1b:f4:1d:a7:54:c3:a1:2b:4a:
                    3d:51:ae:6f:ab:0d:64:3c:02:fc:a9:e0:23:e7:22:
                    6f:f4:90:0a:e1:b4:da:0e:59:61:3e:18:f7:cb:24:
                    1b:34:81:f4:47:2d:73:f8:03:49:a6:1c:21:9f:07:
                    74:1b:5e:17:82:fd:e5:ef:4d:9c:2d:da:25:1a:e3:
                    5d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:67:1C:37:AD:BE:0F:11:74:15:62:D7:84:36:47:8F:17:5A:28:98
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS151338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.132.0/23
                  141.11.140.0/23
                  141.11.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:f9:3a:3e:64:32:8e:43:ac:22:00:f7:97:3b:37:bb:51:d8:
         69:6a:d5:ec:d5:34:34:ad:98:67:54:c4:09:4f:aa:e4:e0:dc:
         09:be:62:9c:a6:86:f9:a1:de:a2:d5:c9:5f:cc:bd:d5:70:df:
         62:19:a5:1e:ae:a3:94:6c:e6:be:59:cc:2b:3f:46:4c:ca:9d:
         c0:a3:bc:39:66:e6:f3:72:be:ed:cd:d3:0f:97:34:19:ea:dd:
         08:3c:61:24:66:af:19:fb:b6:79:52:24:dc:ba:07:a3:31:c2:
         f1:ba:ab:64:f6:fe:cf:d3:3e:1b:f5:cd:bc:ee:f9:4d:52:b6:
         b9:fa:d7:68:c8:e0:45:d8:61:0f:4d:40:83:55:eb:ef:ab:d9:
         bb:dd:62:2a:fc:9f:48:62:da:c5:83:d5:92:b1:48:ca:00:5a:
         be:30:1f:c1:a3:1d:f2:d0:88:a0:04:33:23:e9:38:d9:84:3a:
         b0:b0:60:85:f7:46:ab:67:85:90:81:03:a9:30:b0:90:94:63:
         1c:6e:03:a0:02:da:0b:7a:5e:6d:b7:72:8c:6c:95:f6:c3:d8:
         76:7e:c2:ec:a5:ee:3f:b2:34:32:64:3c:a8:38:73:65:08:4c:
         a8:0b:f2:9d:1a:8a:8d:ea:90:50:50:b0:00:bb:cb:a0:b9:b4:
         53:df:37:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUeGhDtpcCoS4J98xnP7bV23H3QaMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA4MjIxMjEzMDNaFw0yNTA4MjExMjE4MDNaMDMxMTAvBgNV
BAMTKEQ2NjcxQzM3QURCRTBGMTE3NDE1NjJENzg0MzY0NzhGMTc1QTI4OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8WpXXs0kIrdxQUsZdQZEgsnUu
x0yX/MrEaBF02AJOVS7d60Oss7k9vNiLhAQUm/x6JQLbwAVobXdeNofxRGUdSGYf
q8Ih2qV/Z0/53hYQg/PR1hAwKVoC8ALfpDN+cuA+osOOAigNXEuze39AS/axP9zF
5VBnNSHimwn4XFH/B51ykhVI9jZtY0TZgUyzv3vQZ9NO+ccAlV92A2f74LzzvUId
PVpmsEmJYJaY+cvhsElK05c8gxANKBv0HadUw6ErSj1Rrm+rDWQ8Avyp4CPnIm/0
kArhtNoOWWE+GPfLJBs0gfRHLXP4A0mmHCGfB3QbXheC/eXvTZwt2iUa413PAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU1mccN62+DxF0FWLXhDZHjxdaKJgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUxMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBjQuE
AwQBjQuMAwQBjQvuMA0GCSqGSIb3DQEBCwUAA4IBAQBZ+To+ZDKOQ6wiAPeXOze7
UdhpatXs1TQ0rZhnVMQJT6rk4NwJvmKcpob5od6i1clfzL3VcN9iGaUerqOUbOa+
WcwrP0ZMyp3Ao7w5Zubzcr7tzdMPlzQZ6t0IPGEkZq8Z+7Z5UiTcugejMcLxuqtk
9v7P0z4b9c287vlNUra5+tdoyOBF2GEPTUCDVevvq9m73WIq/J9IYtrFg9WSsUjK
AFq+MB/Box3y0IigBDMj6TjZhDqwsGCF90arZ4WQgQOpMLCQlGMcbgOgAtoLel5t
t3KMbJX2w9h2fsLspe4/sjQyZDyoOHNlCEyoC/KdGoqN6pBQULAAu8ugubRT3zcO
-----END CERTIFICATE-----