Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198831.roa
File:                     AS198831.roa (raw, json)
Hash identifier:          9Z8fuXGS/zmzZuK/ExINu3z2mFQsLPbLB4Pj9Jdr6Rk=
Subject key identifier:   45:B5:FF:AC:4F:8B:64:45:33:32:23:FA:1C:2C:4E:3D:9A:D7:D7:6C
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4F705F0CA6B35645469640033A413F7E5361EEBD
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198831.roa
Signing time:             Tue 09 Apr 2024 13:06:40 +0000
ROA not before:           Tue 09 Apr 2024 13:01:40 +0000
ROA not after:            Tue 08 Apr 2025 13:06:40 +0000
asID:                     198831
IP address blocks:        141.11.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:70:5f:0c:a6:b3:56:45:46:96:40:03:3a:41:3f:7e:53:61:ee:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr  9 13:01:40 2024 GMT
            Not After : Apr  8 13:06:40 2025 GMT
        Subject: CN=45B5FFAC4F8B6445333223FA1C2C4E3D9AD7D76C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:16:63:9d:c4:1b:27:ca:1e:b1:50:58:10:21:
                    ad:8c:64:ad:a5:41:83:ab:5f:3a:27:c3:21:35:8e:
                    ad:7c:f1:c9:97:ab:04:83:2c:b5:0e:ec:6f:76:3e:
                    2e:ac:1a:16:e1:11:77:2f:d8:b8:42:ae:74:0f:c1:
                    b2:42:d6:87:15:eb:8b:b8:78:c8:62:2e:84:14:6f:
                    66:76:85:1b:c2:f5:98:23:c5:3e:d4:4a:de:89:59:
                    b3:d7:a6:ab:13:2f:8a:e8:c8:51:ea:f6:6f:03:8c:
                    bd:36:0c:8c:aa:dc:db:33:98:74:df:84:be:38:03:
                    4d:65:3e:d4:3d:12:a2:f2:ca:36:88:16:22:27:0f:
                    aa:d8:9c:29:dc:0a:83:1e:56:23:e9:f2:66:55:ad:
                    62:ab:20:b2:69:df:e9:0a:6b:b6:b2:9c:31:3d:da:
                    53:a1:c4:56:fa:39:75:89:01:cc:35:d5:42:2c:09:
                    da:1d:57:78:d2:4c:6e:8a:53:70:f7:b0:f1:44:f3:
                    ab:73:5e:ee:5f:50:f3:ba:31:e3:56:b0:64:49:16:
                    63:e0:f0:7c:b8:2d:b7:bb:de:90:b6:bf:ab:09:a9:
                    9f:c3:57:d3:94:04:62:e5:71:f2:41:00:d4:71:3a:
                    82:61:55:0c:61:10:95:8f:21:87:af:7b:35:68:4f:
                    12:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:B5:FF:AC:4F:8B:64:45:33:32:23:FA:1C:2C:4E:3D:9A:D7:D7:6C
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:3c:2d:4e:a2:63:04:90:0c:41:90:04:23:ee:24:2f:a2:17:
         d6:ed:79:36:03:3c:99:bf:62:16:fd:fb:72:f1:f4:4f:dc:91:
         47:fd:9d:be:ad:76:bc:8f:51:59:f8:2f:ea:bf:96:f5:7f:70:
         5b:53:36:57:4f:66:f1:a2:c4:42:63:af:11:9b:f4:41:55:97:
         57:77:ce:53:c8:3f:a0:38:b8:e4:ca:d1:8c:fd:50:cd:df:c9:
         7a:5f:9e:cf:93:84:af:a0:62:d2:69:c8:43:15:29:21:21:93:
         86:b8:eb:40:7a:1f:63:7d:c1:b1:da:46:fd:7b:29:d5:88:94:
         07:00:1a:0b:fc:31:94:c1:1e:08:ee:d2:8f:57:df:98:3e:d7:
         96:31:5f:1f:06:a2:34:78:19:ed:0a:04:07:eb:e3:91:1d:6d:
         b0:7c:c4:2d:bc:d7:76:a6:9f:0d:09:87:57:b5:26:38:5b:b6:
         ca:94:f8:2e:65:49:13:8e:1e:77:4f:a1:cd:c7:df:c6:06:27:
         d7:12:6b:47:8f:50:25:e5:82:d1:a5:b3:02:1f:a5:fd:02:63:
         9a:2b:83:ce:d9:fb:9a:d5:44:e0:a4:75:12:4e:51:f8:b4:b0:
         2b:94:f1:61:42:f8:c1:28:62:0a:73:e2:43:95:ef:6c:c5:2e:
         9d:20:3c:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUT3BfDKazVkVGlkADOkE/flNh7r0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA0MDkxMzAxNDBaFw0yNTA0MDgxMzA2NDBaMDMxMTAvBgNV
BAMTKDQ1QjVGRkFDNEY4QjY0NDUzMzMyMjNGQTFDMkM0RTNEOUFEN0Q3NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtFmOdxBsnyh6xUFgQIa2MZK2l
QYOrXzonwyE1jq188cmXqwSDLLUO7G92Pi6sGhbhEXcv2LhCrnQPwbJC1ocV64u4
eMhiLoQUb2Z2hRvC9ZgjxT7USt6JWbPXpqsTL4royFHq9m8DjL02DIyq3NszmHTf
hL44A01lPtQ9EqLyyjaIFiInD6rYnCncCoMeViPp8mZVrWKrILJp3+kKa7aynDE9
2lOhxFb6OXWJAcw11UIsCdodV3jSTG6KU3D3sPFE86tzXu5fUPO6MeNWsGRJFmPg
8Hy4Lbe73pC2v6sJqZ/DV9OUBGLlcfJBANRxOoJhVQxhEJWPIYevezVoTxK7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQURbX/rE+LZEUzMiP6HCxOPZrX12wwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk4ODMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtx
MA0GCSqGSIb3DQEBCwUAA4IBAQAuPC1OomMEkAxBkAQj7iQvohfW7Xk2AzyZv2IW
/fty8fRP3JFH/Z2+rXa8j1FZ+C/qv5b1f3BbUzZXT2bxosRCY68Rm/RBVZdXd85T
yD+gOLjkytGM/VDN38l6X57Pk4SvoGLSachDFSkhIZOGuOtAeh9jfcGx2kb9eynV
iJQHABoL/DGUwR4I7tKPV9+YPteWMV8fBqI0eBntCgQH6+ORHW2wfMQtvNd2pp8N
CYdXtSY4W7bKlPguZUkTjh53T6HNx9/GBifXEmtHj1Al5YLRpbMCH6X9AmOaK4PO
2fua1UTgpHUSTlH4tLArlPFhQvjBKGIKc+JDle9sxS6dIDyQ
-----END CERTIFICATE-----