Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199439.roa
File:                     AS199439.roa (raw, json)
Hash identifier:          S0CdyR6Yhg2Hym86JNubpNXN/g2kIbR/3e+RbppDtrI=
Subject key identifier:   75:6D:BD:84:7A:23:87:3F:9D:01:37:CC:BE:C4:B4:39:8A:75:A0:5D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6163E3C9560CCB361679CC9CE94971C3EDA86AFC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199439.roa
Signing time:             Thu 31 Oct 2024 16:43:27 +0000
ROA not before:           Thu 31 Oct 2024 16:38:27 +0000
ROA not after:            Thu 30 Oct 2025 16:43:27 +0000
asID:                     199439
IP address blocks:        141.11.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:63:e3:c9:56:0c:cb:36:16:79:cc:9c:e9:49:71:c3:ed:a8:6a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 31 16:38:27 2024 GMT
            Not After : Oct 30 16:43:27 2025 GMT
        Subject: CN=756DBD847A23873F9D0137CCBEC4B4398A75A05D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:10:02:94:98:c9:d9:ef:09:8b:36:c9:f3:25:
                    04:d2:65:7b:f3:70:c4:11:68:03:4b:3e:ce:01:f8:
                    83:e4:dc:55:4b:5a:11:85:b6:00:80:f5:3a:cc:81:
                    84:39:b5:f0:a7:62:1c:be:c8:8b:4b:f6:d9:27:4d:
                    a6:37:8f:01:ec:07:c4:cf:a2:7e:ae:e4:e1:64:5e:
                    2a:fa:b1:1b:4b:5e:b9:4f:8d:99:02:cb:94:74:5c:
                    e3:4e:fe:1c:c0:77:ed:b4:8c:de:af:a1:40:9b:47:
                    8b:68:9d:40:79:56:95:6e:3c:85:37:35:af:2f:33:
                    f1:e5:c5:0a:e7:20:33:3a:75:c2:11:72:a3:b7:97:
                    ae:ef:17:63:b0:c3:a0:15:83:fd:8e:ca:fa:37:dc:
                    c8:a7:63:0f:cb:e9:c9:ad:19:cb:47:d4:4f:0e:89:
                    ac:14:cc:56:7e:15:e7:8d:d1:68:7f:1f:6b:9d:2d:
                    2b:c7:05:d2:32:6b:78:73:83:d8:79:ed:1f:37:d8:
                    a8:1c:e7:eb:ee:2f:df:7d:12:03:3f:01:78:1e:43:
                    06:bf:97:85:bb:14:b1:84:d6:ba:ed:f0:f4:a9:60:
                    5e:aa:83:4f:e5:58:fb:cb:58:bd:1a:0e:de:0e:2f:
                    3d:98:bd:6f:82:5a:eb:16:28:b7:09:c3:c9:2a:6c:
                    a9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:6D:BD:84:7A:23:87:3F:9D:01:37:CC:BE:C4:B4:39:8A:75:A0:5D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:47:37:f1:41:df:26:05:4e:b5:c5:b2:e5:91:99:b7:36:2e:
         96:06:37:5f:4a:8e:7b:25:ac:62:1e:d4:a6:31:25:0a:af:20:
         1e:15:60:df:ed:f0:81:f6:2f:6c:e3:2d:e0:b0:35:48:9f:26:
         e3:fc:b6:b0:02:df:f0:3b:33:58:7f:40:c7:e8:35:c7:b6:4a:
         8d:70:a3:c5:75:dd:14:e9:c8:37:65:2e:65:f8:fc:e7:c1:97:
         2f:f5:6e:de:67:cf:6c:c0:89:2d:cb:17:b0:10:cb:13:90:6e:
         bd:81:dd:b0:89:0d:2a:17:69:ba:84:ab:24:5d:3f:50:ff:b6:
         70:e3:bf:c3:bf:2e:91:9c:0a:0e:86:d1:dc:43:40:60:5a:b4:
         92:7a:d3:c0:dd:10:de:37:44:b5:df:17:94:b8:3a:02:5c:ff:
         8a:92:6f:57:c7:7a:bf:cb:1e:b2:d6:04:e9:e4:44:4e:ba:b5:
         ce:9a:46:36:79:8c:a1:72:aa:ee:87:a6:37:97:6d:52:bc:4a:
         ea:95:48:af:c4:d3:30:95:9d:70:6c:1c:b8:fe:ef:24:33:a6:
         2a:8b:f2:b0:e4:8a:7f:94:a2:8c:78:fc:94:50:76:23:f9:fc:
         69:6c:ef:fc:ed:14:37:20:bc:96:27:fc:cd:07:a7:8c:0d:e8:
         51:96:e7:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYWPjyVYMyzYWecyc6Ulxw+2oavwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMzExNjM4MjdaFw0yNTEwMzAxNjQzMjdaMDMxMTAvBgNV
BAMTKDc1NkRCRDg0N0EyMzg3M0Y5RDAxMzdDQ0JFQzRCNDM5OEE3NUEwNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZEAKUmMnZ7wmLNsnzJQTSZXvz
cMQRaANLPs4B+IPk3FVLWhGFtgCA9TrMgYQ5tfCnYhy+yItL9tknTaY3jwHsB8TP
on6u5OFkXir6sRtLXrlPjZkCy5R0XONO/hzAd+20jN6voUCbR4tonUB5VpVuPIU3
Na8vM/HlxQrnIDM6dcIRcqO3l67vF2Oww6AVg/2Oyvo33MinYw/L6cmtGctH1E8O
iawUzFZ+FeeN0Wh/H2udLSvHBdIya3hzg9h57R832Kgc5+vuL999EgM/AXgeQwa/
l4W7FLGE1rrt8PSpYF6qg0/lWPvLWL0aDt4OLz2YvW+CWusWKLcJw8kqbKlbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdW29hHojhz+dATfMvsS0OYp1oF0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk5NDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtm
MA0GCSqGSIb3DQEBCwUAA4IBAQCtRzfxQd8mBU61xbLlkZm3Ni6WBjdfSo57Jaxi
HtSmMSUKryAeFWDf7fCB9i9s4y3gsDVInybj/LawAt/wOzNYf0DH6DXHtkqNcKPF
dd0U6cg3ZS5l+PznwZcv9W7eZ89swIktyxewEMsTkG69gd2wiQ0qF2m6hKskXT9Q
/7Zw47/Dvy6RnAoOhtHcQ0BgWrSSetPA3RDeN0S13xeUuDoCXP+Kkm9Xx3q/yx6y
1gTp5EROurXOmkY2eYyhcqruh6Y3l21SvErqlUivxNMwlZ1wbBy4/u8kM6Yqi/Kw
5Ip/lKKMePyUUHYj+fxpbO/87RQ3ILyWJ/zNB6eMDehRludw
-----END CERTIFICATE-----