Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201120.roa
File:                     AS201120.roa (raw, json)
Hash identifier:          4Bp3Rbe90jpq+knW60fQbEnRAboZ7F3gTrBfNjIrTCc=
Subject key identifier:   97:0A:DB:91:FB:AB:AF:F9:8E:69:61:6E:8C:0D:99:55:F2:55:9B:F6
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5CD1CA8EA2AA4B8901C3EF2B60C24A235D1FCCB7
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201120.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     201120
IP address blocks:        141.11.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:d1:ca:8e:a2:aa:4b:89:01:c3:ef:2b:60:c2:4a:23:5d:1f:cc:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=970ADB91FBABAFF98E69616E8C0D9955F2559BF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:88:a8:55:80:4e:34:f7:58:ca:d4:bb:42:74:
                    bb:d0:ef:11:54:9c:eb:63:49:64:07:b7:73:2e:70:
                    d0:40:40:2a:6e:e9:c6:1f:32:db:be:38:1c:8f:38:
                    fb:bd:fe:9c:7d:c6:c3:9f:de:ff:bb:c1:bc:ab:8b:
                    2d:ca:ea:3a:ab:29:52:13:f2:19:0a:bc:c7:ba:f5:
                    db:df:ba:a9:c2:b4:0b:c0:18:d9:64:88:ec:50:27:
                    5e:81:d5:f5:f0:1c:12:bb:dd:10:7a:fb:51:d9:50:
                    f8:e8:71:03:2b:b0:ad:e1:f4:40:22:37:0e:b9:e2:
                    03:d5:0d:1d:f9:b2:ed:47:26:e1:2a:51:15:30:b9:
                    67:b3:6a:1f:60:63:fc:96:8d:04:0a:3f:08:0c:ff:
                    d5:ce:f1:64:fb:5b:88:0a:67:d9:fd:08:99:18:d4:
                    14:df:54:9b:cf:72:61:b3:49:6b:eb:01:73:fd:db:
                    6e:14:79:db:c8:f2:47:29:80:7c:76:0c:d4:f0:fa:
                    82:ac:2f:7a:ac:c5:03:8d:0f:7b:ed:40:9c:34:77:
                    26:82:2d:06:48:de:41:74:b2:d0:95:b2:c3:32:99:
                    41:0b:da:0f:32:5f:68:23:60:7f:19:8b:81:b6:9a:
                    2a:36:ec:cb:1b:ec:f7:64:79:54:89:dd:06:e5:f2:
                    eb:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:0A:DB:91:FB:AB:AF:F9:8E:69:61:6E:8C:0D:99:55:F2:55:9B:F6
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201120.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:e3:d8:d0:77:1d:cf:c6:d4:14:b4:0d:85:47:81:ac:16:9c:
         9c:49:54:5f:21:46:70:c3:80:11:a0:91:7c:36:43:f8:0f:4a:
         66:58:6a:be:00:b6:85:76:f6:23:db:32:62:0a:22:e9:a7:78:
         e7:64:d2:14:92:82:bc:5b:a1:38:bd:82:e4:a1:c6:c7:ec:74:
         a7:7f:41:ec:ad:83:0e:eb:9f:69:08:50:01:73:42:e4:30:dc:
         d7:12:31:24:49:53:fb:51:62:5b:c9:cf:c1:15:7f:41:07:3d:
         3c:2a:55:aa:46:92:34:7a:b9:3a:d9:de:c4:a8:01:64:ec:3a:
         0c:38:55:f1:5b:5c:cc:d0:6d:41:7c:df:3d:06:73:7c:22:4a:
         01:be:a5:2b:44:4b:ee:9e:88:40:10:2b:bc:d5:70:27:ae:2b:
         66:24:bb:f5:3e:89:bb:c2:75:0b:a7:0f:a8:44:fc:4e:20:90:
         b4:f3:c6:5f:95:b1:d2:a0:ce:19:75:3f:ed:5f:f6:39:38:50:
         ad:f1:d8:11:be:b5:34:5f:c4:ef:2f:72:2c:35:b5:81:c7:8a:
         9f:c7:e5:e2:6b:23:69:c2:d7:b5:2c:35:76:9a:bf:04:83:68:
         9d:0d:a3:4b:76:1b:0b:9f:10:ce:63:7b:34:08:e6:1c:d8:33:
         e9:23:e3:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXNHKjqKqS4kBw+8rYMJKI10fzLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKDk3MEFEQjkxRkJBQkFGRjk4RTY5NjE2RThDMEQ5OTU1RjI1NTlCRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5iKhVgE4091jK1LtCdLvQ7xFU
nOtjSWQHt3MucNBAQCpu6cYfMtu+OByPOPu9/px9xsOf3v+7wbyriy3K6jqrKVIT
8hkKvMe69dvfuqnCtAvAGNlkiOxQJ16B1fXwHBK73RB6+1HZUPjocQMrsK3h9EAi
Nw654gPVDR35su1HJuEqURUwuWezah9gY/yWjQQKPwgM/9XO8WT7W4gKZ9n9CJkY
1BTfVJvPcmGzSWvrAXP9224UedvI8kcpgHx2DNTw+oKsL3qsxQOND3vtQJw0dyaC
LQZI3kF0stCVssMymUEL2g8yX2gjYH8Zi4G2mio27Msb7PdkeVSJ3Qbl8usxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlwrbkfurr/mOaWFujA2ZVfJVm/YwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjAxMTIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvz
MA0GCSqGSIb3DQEBCwUAA4IBAQBH49jQdx3PxtQUtA2FR4GsFpycSVRfIUZww4AR
oJF8NkP4D0pmWGq+ALaFdvYj2zJiCiLpp3jnZNIUkoK8W6E4vYLkocbH7HSnf0Hs
rYMO659pCFABc0LkMNzXEjEkSVP7UWJbyc/BFX9BBz08KlWqRpI0erk62d7EqAFk
7DoMOFXxW1zM0G1BfN89BnN8IkoBvqUrREvunohAECu81XAnritmJLv1Pom7wnUL
pw+oRPxOIJC088ZflbHSoM4ZdT/tX/Y5OFCt8dgRvrU0X8TvL3IsNbWBx4qfx+Xi
ayNpwte1LDV2mr8Eg2idDaNLdhsLnxDOY3s0COYc2DPpI+PC
-----END CERTIFICATE-----