Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199439.roa
File:                     AS199439.roa (raw, json)
Hash identifier:          DaBQwwWMJ/wBtTxR26vqfqqzFgGoIn0oqba1XH7Spx8=
Subject key identifier:   60:95:02:28:F7:8A:4F:65:F2:43:BB:F9:14:72:1D:E0:75:3D:55:F5
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       446DDC373CD3F0B9634BF0155F62D74E8EDA785C
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199439.roa
Signing time:             Thu 30 Nov 2023 15:50:42 +0000
ROA not before:           Thu 30 Nov 2023 15:45:42 +0000
ROA not after:            Thu 28 Nov 2024 15:50:42 +0000
asID:                     199439
IP address blocks:        141.11.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:6d:dc:37:3c:d3:f0:b9:63:4b:f0:15:5f:62:d7:4e:8e:da:78:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 30 15:45:42 2023 GMT
            Not After : Nov 28 15:50:42 2024 GMT
        Subject: CN=60950228F78A4F65F243BBF914721DE0753D55F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:2b:03:07:24:a2:8d:a8:42:84:8d:e7:67:97:
                    f4:ff:04:fe:06:1a:c3:5f:37:c4:21:6d:f1:5b:92:
                    8f:20:e9:4f:4a:d0:ed:0d:ff:2b:07:81:e8:76:03:
                    e6:72:07:f3:48:0b:fd:e7:79:5f:f7:01:a7:e4:99:
                    7e:26:d0:32:47:5a:08:f5:8e:ed:2e:a8:49:f0:cb:
                    95:cd:6f:c0:74:bd:fc:10:8f:39:da:16:d8:9d:91:
                    c0:67:d9:4c:1c:68:d3:16:be:a7:43:63:13:fe:df:
                    e3:45:06:57:ad:6d:f4:f0:c9:38:c2:8f:05:b8:bb:
                    3f:36:3d:83:cb:77:0b:ae:37:2f:82:dc:1b:6e:8b:
                    d4:07:e2:43:5c:f6:0b:56:1e:ce:9f:fb:99:79:f3:
                    97:ff:0e:98:1d:c9:02:26:9b:0d:77:0c:84:56:52:
                    ba:dd:57:19:00:06:b3:4d:96:bb:c7:f7:89:b0:8f:
                    d7:0b:01:79:86:09:93:42:14:b2:db:c1:e5:3c:26:
                    09:a1:c4:47:d2:a3:33:e2:f8:9c:af:61:d0:52:d0:
                    75:6f:29:79:cf:38:40:14:06:89:83:0a:c3:80:29:
                    97:d4:f9:59:28:cc:ce:56:37:d7:8c:23:31:06:b9:
                    11:97:3e:64:0b:6b:b1:ae:fc:43:9a:78:4d:ab:5d:
                    d3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:95:02:28:F7:8A:4F:65:F2:43:BB:F9:14:72:1D:E0:75:3D:55:F5
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:28:e5:4c:4a:58:e8:e8:15:4c:b7:e1:2c:74:f1:12:00:c9:
         1a:c0:e8:3c:82:db:12:3b:84:21:89:db:b9:7e:62:0a:e1:84:
         d4:d9:5d:40:1d:71:ec:f6:e4:22:fd:39:b1:65:e3:8c:e8:04:
         0d:01:42:f3:81:07:8c:27:d2:22:a6:03:00:3e:ac:96:4a:09:
         b9:ae:30:e1:bb:7f:26:ab:f8:bc:03:12:94:30:8f:dd:81:6c:
         22:58:08:1e:e6:07:be:19:da:00:52:d9:ae:f8:ee:87:78:9d:
         2a:40:f2:37:ae:52:05:80:5a:83:f2:6f:0c:89:24:6b:49:c2:
         0c:4a:af:1d:05:11:b7:a6:2c:26:b0:7a:e8:33:09:b3:50:b3:
         94:09:61:d2:32:98:f5:bd:e7:4a:1c:e7:e7:3f:ed:61:67:db:
         ce:69:ae:d3:72:85:f5:ca:e7:25:65:82:c8:c4:fd:50:b2:cb:
         8e:df:f2:2b:7a:a5:4a:2e:f7:63:7c:5c:94:5b:99:76:df:2e:
         ed:91:b9:b1:66:b0:05:14:81:cb:ee:88:9d:98:05:45:9d:d5:
         f4:68:61:d5:3a:70:b5:82:3e:c8:5e:aa:e5:32:13:93:7f:ff:
         4f:d3:75:3d:15:bc:c2:09:45:28:bc:fb:d7:5f:1e:17:8c:da:
         53:6e:92:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURG3cNzzT8LljS/AVX2LXTo7aeFwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMzAxNTQ1NDJaFw0yNDExMjgxNTUwNDJaMDMxMTAvBgNV
BAMTKDYwOTUwMjI4Rjc4QTRGNjVGMjQzQkJGOTE0NzIxREUwNzUzRDU1RjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyKwMHJKKNqEKEjednl/T/BP4G
GsNfN8QhbfFbko8g6U9K0O0N/ysHgeh2A+ZyB/NIC/3neV/3AafkmX4m0DJHWgj1
ju0uqEnwy5XNb8B0vfwQjznaFtidkcBn2UwcaNMWvqdDYxP+3+NFBletbfTwyTjC
jwW4uz82PYPLdwuuNy+C3Btui9QH4kNc9gtWHs6f+5l585f/DpgdyQImmw13DIRW
UrrdVxkABrNNlrvH94mwj9cLAXmGCZNCFLLbweU8JgmhxEfSozPi+JyvYdBS0HVv
KXnPOEAUBomDCsOAKZfU+VkozM5WN9eMIzEGuRGXPmQLa7Gu/EOaeE2rXdPDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYJUCKPeKT2XyQ7v5FHId4HU9VfUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk5NDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtm
MA0GCSqGSIb3DQEBCwUAA4IBAQA9KOVMSljo6BVMt+EsdPESAMkawOg8gtsSO4Qh
idu5fmIK4YTU2V1AHXHs9uQi/TmxZeOM6AQNAULzgQeMJ9IipgMAPqyWSgm5rjDh
u38mq/i8AxKUMI/dgWwiWAge5ge+GdoAUtmu+O6HeJ0qQPI3rlIFgFqD8m8MiSRr
ScIMSq8dBRG3piwmsHroMwmzULOUCWHSMpj1vedKHOfnP+1hZ9vOaa7TcoX1yucl
ZYLIxP1QssuO3/IreqVKLvdjfFyUW5l23y7tkbmxZrAFFIHL7oidmAVFndX0aGHV
OnC1gj7IXqrlMhOTf/9P03U9FbzCCUUovPvXXx4XjNpTbpK3
-----END CERTIFICATE-----