Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199414.roa
File:                     AS199414.roa (raw, json)
Hash identifier:          Nc6KS9zV79Qj75Lw8G2c0mV4Kd/MV9jboPNh3ldHRss=
Subject key identifier:   FE:D5:B5:B6:F4:77:CD:E8:F0:B1:D8:AB:83:9F:FB:D1:FF:EE:80:F3
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4E9E3E88E4D23B95CBC18291519DF20D07E869E6
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199414.roa
Signing time:             Mon 01 Jan 2024 18:00:27 +0000
ROA not before:           Mon 01 Jan 2024 17:55:27 +0000
ROA not after:            Mon 30 Dec 2024 18:00:27 +0000
asID:                     199414
IP address blocks:        141.11.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:9e:3e:88:e4:d2:3b:95:cb:c1:82:91:51:9d:f2:0d:07:e8:69:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan  1 17:55:27 2024 GMT
            Not After : Dec 30 18:00:27 2024 GMT
        Subject: CN=FED5B5B6F477CDE8F0B1D8AB839FFBD1FFEE80F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:28:ed:8d:84:4d:42:72:9d:be:8c:4b:f8:5a:
                    69:59:fb:e0:73:f8:55:c5:0d:ed:ea:4d:28:b1:1a:
                    a0:f5:03:ba:b0:48:1a:66:57:d4:c9:35:ec:f3:f4:
                    8e:91:25:c2:17:2c:a8:ca:a6:c9:a7:21:fb:2a:08:
                    c3:05:b2:8c:f7:d2:52:74:33:35:e3:ec:33:aa:e0:
                    78:a0:78:40:0a:bc:cd:3b:41:53:8d:b0:43:19:8b:
                    81:34:e8:4a:46:c6:03:35:c9:7c:23:d1:a2:ce:55:
                    95:72:ed:fc:77:31:5f:d6:03:e8:45:e7:c7:90:7d:
                    05:0e:50:10:c5:3f:58:60:6b:fe:68:9d:3b:19:48:
                    04:8f:e9:42:64:4a:16:eb:21:f1:b8:42:a8:e6:d9:
                    be:84:9a:4a:06:3b:b3:00:39:c6:7e:72:bc:bf:08:
                    53:bd:38:25:84:88:71:cc:10:16:b9:24:1e:39:ae:
                    50:c9:6d:67:da:d5:45:a9:cd:5a:c6:35:9f:87:2e:
                    13:ad:bf:72:d6:8e:1a:c3:7a:3d:cf:a1:2d:a5:a9:
                    af:01:ca:ca:eb:4c:e0:ce:ba:14:b3:1c:69:4b:89:
                    e2:0b:9f:2d:16:45:dd:17:93:4e:fd:08:d6:89:84:
                    34:c2:e7:95:dc:e5:03:e1:72:37:65:f7:8a:3e:52:
                    07:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D5:B5:B6:F4:77:CD:E8:F0:B1:D8:AB:83:9F:FB:D1:FF:EE:80:F3
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:d3:8f:08:0a:35:a9:31:79:e2:45:62:fe:6d:14:32:84:38:
         e0:c6:72:40:41:4b:d4:58:9b:4b:06:7c:c8:55:de:c8:e9:8f:
         d3:74:d6:c4:33:78:6e:5b:b4:11:d3:eb:32:b5:44:ad:48:26:
         a8:97:8b:f0:9e:7f:55:03:56:3b:a7:bd:7c:3d:98:df:fa:0f:
         26:90:aa:a8:a8:cf:e2:00:f6:cd:67:64:0b:38:63:b9:2e:d9:
         97:4f:95:7a:f3:1a:ae:e0:b0:a2:15:ee:cf:f1:47:e4:ec:d6:
         26:bc:39:0a:1a:82:d9:aa:c4:23:65:55:22:1f:29:11:5c:44:
         1d:46:ac:35:10:13:ee:db:da:e5:86:fa:56:ed:28:3f:69:cd:
         1f:53:07:5c:e3:c7:ad:0b:a7:c8:2b:15:86:65:33:f6:5f:14:
         70:a1:31:0c:95:0a:b7:cf:59:3c:61:a0:9f:ab:d8:a5:d2:89:
         65:09:3b:fa:22:d6:b7:fd:b1:ab:30:e4:e6:95:b2:7f:87:ac:
         4d:6e:76:9d:65:a8:96:8b:85:f6:6f:f3:59:1c:cd:7c:40:1f:
         35:27:4a:df:f4:1c:75:05:a7:ca:ce:0c:26:80:63:6d:22:db:
         fa:f3:f0:8a:dc:61:05:23:53:18:a4:2e:21:d3:b8:51:f2:d2:
         e4:10:29:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTp4+iOTSO5XLwYKRUZ3yDQfoaeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAxMDExNzU1MjdaFw0yNDEyMzAxODAwMjdaMDMxMTAvBgNV
BAMTKEZFRDVCNUI2RjQ3N0NERThGMEIxRDhBQjgzOUZGQkQxRkZFRTgwRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0KO2NhE1Ccp2+jEv4WmlZ++Bz
+FXFDe3qTSixGqD1A7qwSBpmV9TJNezz9I6RJcIXLKjKpsmnIfsqCMMFsoz30lJ0
MzXj7DOq4HigeEAKvM07QVONsEMZi4E06EpGxgM1yXwj0aLOVZVy7fx3MV/WA+hF
58eQfQUOUBDFP1hga/5onTsZSASP6UJkShbrIfG4Qqjm2b6EmkoGO7MAOcZ+cry/
CFO9OCWEiHHMEBa5JB45rlDJbWfa1UWpzVrGNZ+HLhOtv3LWjhrDej3PoS2lqa8B
ysrrTODOuhSzHGlLieILny0WRd0Xk079CNaJhDTC55Xc5QPhcjdl94o+UgfXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/tW1tvR3zejwsdirg5/70f/ugPMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk5NDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsi
MA0GCSqGSIb3DQEBCwUAA4IBAQBT048ICjWpMXniRWL+bRQyhDjgxnJAQUvUWJtL
BnzIVd7I6Y/TdNbEM3huW7QR0+sytUStSCaol4vwnn9VA1Y7p718PZjf+g8mkKqo
qM/iAPbNZ2QLOGO5LtmXT5V68xqu4LCiFe7P8Ufk7NYmvDkKGoLZqsQjZVUiHykR
XEQdRqw1EBPu29rlhvpW7Sg/ac0fUwdc48etC6fIKxWGZTP2XxRwoTEMlQq3z1k8
YaCfq9il0ollCTv6Ita3/bGrMOTmlbJ/h6xNbnadZaiWi4X2b/NZHM18QB81J0rf
9Bx1BafKzgwmgGNtItv68/CK3GEFI1MYpC4h07hR8tLkECl6
-----END CERTIFICATE-----