Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152911.roa
File:                     AS152911.roa (raw, json)
Hash identifier:          7pUq+Z8NKdnfYPToJnHpLsQktekzUXv59r9ranlFNTo=
Subject key identifier:   09:A0:AF:68:B0:5D:BB:C9:B8:95:DD:E7:09:91:22:CD:F5:3F:92:E8
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0B1F11889CD7C9CE606BB71167335DD4E45A83A8
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152911.roa
Signing time:             Fri 14 Jun 2024 10:36:39 +0000
ROA not before:           Fri 14 Jun 2024 10:31:39 +0000
ROA not after:            Fri 13 Jun 2025 10:36:39 +0000
asID:                     152911
IP address blocks:        141.11.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:1f:11:88:9c:d7:c9:ce:60:6b:b7:11:67:33:5d:d4:e4:5a:83:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 14 10:31:39 2024 GMT
            Not After : Jun 13 10:36:39 2025 GMT
        Subject: CN=09A0AF68B05DBBC9B895DDE7099122CDF53F92E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:28:d5:e4:29:d4:27:c5:e7:12:1c:b3:47:67:
                    27:8c:34:c0:62:85:9c:98:e9:e5:12:05:d1:0a:c2:
                    0d:95:a8:d5:d3:24:11:12:3e:e8:61:ab:c6:04:bc:
                    d8:60:b9:0b:8b:75:e7:74:30:37:8d:1d:8c:97:e7:
                    70:f9:1b:a8:cd:42:a4:db:71:fa:ad:a6:d3:ea:17:
                    91:14:c1:1a:19:df:bb:65:d9:fc:dc:28:22:93:66:
                    e2:76:89:b2:85:8b:bc:33:3b:48:56:a4:11:87:e0:
                    b1:01:54:8f:c9:b5:18:82:46:93:a5:1f:0a:b6:87:
                    71:42:84:03:6f:ae:2c:19:16:dd:59:01:1e:f9:3b:
                    ae:26:f0:ca:35:4e:99:bb:81:5a:31:12:d7:2c:cb:
                    36:28:10:88:37:9b:da:74:03:c0:1d:75:0e:5f:b3:
                    e1:d0:21:c9:73:44:b7:4b:56:0a:97:93:b2:1d:c0:
                    01:84:a4:45:ae:91:43:43:65:b3:c5:1f:6a:6b:67:
                    50:a8:4a:23:3b:f7:28:59:2a:a0:aa:86:0f:0f:5a:
                    f9:52:17:cb:b2:e3:02:1d:2a:d6:48:1e:44:b1:26:
                    0f:e2:08:b1:9c:bb:20:34:1f:83:b6:db:c6:77:c6:
                    7f:ca:2c:02:00:de:90:1f:bb:ec:32:82:47:7b:37:
                    7f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A0:AF:68:B0:5D:BB:C9:B8:95:DD:E7:09:91:22:CD:F5:3F:92:E8
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS152911.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:89:a9:1c:d6:ef:a7:d6:16:74:bd:f4:fc:93:43:3b:bd:d0:
         f1:e1:1e:ab:74:73:1f:8e:e4:43:e2:24:d9:1b:b3:b7:f1:54:
         cd:f4:59:c9:54:e9:7b:a9:a8:20:1f:a7:7e:ce:ea:9a:f9:5c:
         cd:bd:a8:85:58:a5:ce:eb:79:68:4f:73:e4:57:0d:fa:e9:f7:
         7e:c5:98:47:10:b3:ca:74:3f:de:dd:8b:9d:73:0a:58:01:bf:
         e6:74:fb:f6:6b:58:1a:00:a1:93:2c:b7:77:5c:85:37:5f:1c:
         4e:59:17:de:0e:f7:59:23:d2:f1:c3:f3:5d:df:53:28:d7:58:
         4c:72:96:93:7e:42:ed:4d:d2:21:13:e5:78:54:1b:c7:05:4f:
         a2:ca:69:b8:bb:d6:00:40:18:85:dd:b4:83:77:16:42:2a:bf:
         be:0c:9f:7d:16:e8:fc:f9:1f:b9:6c:a7:20:9c:8b:ca:7a:6e:
         1f:7d:4a:75:dc:8e:df:e8:ed:1e:82:d9:c1:96:94:c2:52:0c:
         e0:a6:ad:fe:53:39:74:30:43:66:e1:94:12:cf:d2:ed:70:71:
         8d:94:d4:39:e7:48:82:40:3c:4c:42:bf:56:ed:f6:9d:bd:bd:
         c0:0b:ab:11:10:a3:d0:a8:f1:00:00:24:2e:bc:f9:d5:5f:d1:
         ac:2d:50:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCx8RiJzXyc5ga7cRZzNd1ORag6gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA2MTQxMDMxMzlaFw0yNTA2MTMxMDM2MzlaMDMxMTAvBgNV
BAMTKDA5QTBBRjY4QjA1REJCQzlCODk1RERFNzA5OTEyMkNERjUzRjkyRTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDKNXkKdQnxecSHLNHZyeMNMBi
hZyY6eUSBdEKwg2VqNXTJBESPuhhq8YEvNhguQuLded0MDeNHYyX53D5G6jNQqTb
cfqtptPqF5EUwRoZ37tl2fzcKCKTZuJ2ibKFi7wzO0hWpBGH4LEBVI/JtRiCRpOl
Hwq2h3FChANvriwZFt1ZAR75O64m8Mo1Tpm7gVoxEtcsyzYoEIg3m9p0A8AddQ5f
s+HQIclzRLdLVgqXk7IdwAGEpEWukUNDZbPFH2prZ1CoSiM79yhZKqCqhg8PWvlS
F8uy4wIdKtZIHkSxJg/iCLGcuyA0H4O228Z3xn/KLAIA3pAfu+wygkd7N39RAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCaCvaLBdu8m4ld3nCZEizfU/kugwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTUyOTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBAiakc1u+n1hZ0vfT8k0M7vdDx4R6rdHMfjuRD
4iTZG7O38VTN9FnJVOl7qaggH6d+zuqa+VzNvaiFWKXO63loT3PkVw366fd+xZhH
ELPKdD/e3YudcwpYAb/mdPv2a1gaAKGTLLd3XIU3XxxOWRfeDvdZI9Lxw/Nd31Mo
11hMcpaTfkLtTdIhE+V4VBvHBU+iymm4u9YAQBiF3bSDdxZCKr++DJ99Fuj8+R+5
bKcgnIvKem4ffUp13I7f6O0egtnBlpTCUgzgpq3+Uzl0MENm4ZQSz9LtcHGNlNQ5
50iCQDxMQr9W7fadvb3AC6sREKPQqPEAACQuvPnVX9GsLVDs
-----END CERTIFICATE-----