Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201120.roa
File:                     AS201120.roa (raw, json)
Hash identifier:          Cs3oYs7GRuQH1FST6v1/JR632Nbujid7+w0DllQl48k=
Subject key identifier:   B9:7D:B7:D0:81:A4:6D:B8:B8:E6:31:F9:D4:94:D0:77:1C:15:10:9C
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7F9D9667EA61E86780A4958D98B57C8A7A8CEBA2
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201120.roa
Signing time:             Tue 29 Oct 2024 15:43:25 +0000
ROA not before:           Tue 29 Oct 2024 15:38:25 +0000
ROA not after:            Tue 28 Oct 2025 15:43:25 +0000
asID:                     201120
IP address blocks:        141.11.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:9d:96:67:ea:61:e8:67:80:a4:95:8d:98:b5:7c:8a:7a:8c:eb:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:25 2024 GMT
            Not After : Oct 28 15:43:25 2025 GMT
        Subject: CN=B97DB7D081A46DB8B8E631F9D494D0771C15109C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5b:c2:f9:e9:3e:c2:af:4d:86:90:f4:08:fb:
                    bd:7a:50:86:65:6d:cb:02:a7:58:65:31:6b:8a:63:
                    dd:d1:29:ce:67:72:7d:49:1c:88:5f:bc:9a:93:66:
                    d9:5f:20:68:09:10:3b:e5:a8:04:71:15:c6:e2:a9:
                    db:a2:97:a2:5c:87:25:2b:2a:4f:fd:6c:61:a5:b4:
                    37:61:41:0a:43:7c:2d:b4:e3:39:57:6e:cc:ad:92:
                    f4:fb:37:78:69:1f:06:9c:bf:1c:b2:1e:76:6f:66:
                    c9:00:fc:1f:53:cf:7e:7a:d6:52:18:7e:60:c2:a2:
                    6d:dd:7e:0c:1a:21:2f:ea:60:00:59:8d:fb:a2:6d:
                    3a:99:2f:1a:20:bb:ed:f2:2b:0c:04:a6:9b:49:6b:
                    6e:9c:e4:d0:1f:6f:f4:b8:07:58:af:d9:6e:2b:e5:
                    f5:09:9b:8f:21:d9:84:ed:aa:ab:1f:4f:bb:c2:9b:
                    ae:b2:63:4e:3b:13:a0:d9:f9:2d:e6:92:11:1f:52:
                    38:72:c8:d6:9b:83:a5:7e:8f:19:0a:4d:67:2a:43:
                    1b:c6:fd:6f:e1:06:b8:53:ff:99:d9:a1:d2:3b:a0:
                    06:3a:f0:4b:6f:eb:fd:07:aa:ab:a4:3e:55:ab:57:
                    fa:9b:6a:b9:8a:a7:d3:df:24:bb:c5:e5:9f:18:00:
                    a7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7D:B7:D0:81:A4:6D:B8:B8:E6:31:F9:D4:94:D0:77:1C:15:10:9C
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201120.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:d9:f9:1a:f7:86:e3:6c:71:83:a3:15:2f:ef:9c:ea:5c:4c:
         03:50:98:94:1c:c7:fc:b7:d4:75:87:bd:51:e2:b2:8c:bd:b2:
         cb:92:69:cc:08:b2:cb:81:72:2f:5e:4b:3c:b7:d0:bd:08:13:
         3e:68:fe:76:c6:d6:9e:5d:46:06:a2:2d:bb:eb:99:79:b2:4a:
         63:5f:e5:89:3f:d9:6f:72:7a:f3:78:39:ad:73:a1:96:be:38:
         d7:0a:79:3d:a0:05:26:3b:8c:60:a9:57:d9:2c:29:01:23:60:
         74:da:cf:e7:9c:b2:da:21:40:1a:f8:ff:ec:de:79:2f:6a:68:
         e5:d8:45:a2:67:61:eb:36:43:e9:6a:b3:c4:e7:4b:7e:96:40:
         e0:65:61:a9:77:2c:54:2e:bb:ea:4d:ac:f4:24:e5:ef:c0:43:
         e3:5d:e4:94:53:f8:74:90:9e:f1:c5:a8:0c:2d:21:b6:7e:43:
         fb:5f:72:74:95:da:48:e0:fa:4d:4e:bc:11:16:80:e1:11:a8:
         96:96:ea:b7:e4:8f:28:07:67:dc:a4:9d:75:f8:c7:52:69:c1:
         16:41:a8:ac:16:57:f5:c1:82:2b:d9:45:fb:69:23:fb:ab:30:
         8a:5d:f6:f9:a6:3b:16:22:69:26:02:db:fe:e9:84:a3:19:dc:
         17:c7:34:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUf52WZ+ph6GeApJWNmLV8inqM66IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjVaFw0yNTEwMjgxNTQzMjVaMDMxMTAvBgNV
BAMTKEI5N0RCN0QwODFBNDZEQjhCOEU2MzFGOUQ0OTREMDc3MUMxNTEwOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzW8L56T7Cr02GkPQI+716UIZl
bcsCp1hlMWuKY93RKc5ncn1JHIhfvJqTZtlfIGgJEDvlqARxFcbiqduil6JchyUr
Kk/9bGGltDdhQQpDfC204zlXbsytkvT7N3hpHwacvxyyHnZvZskA/B9Tz3561lIY
fmDCom3dfgwaIS/qYABZjfuibTqZLxogu+3yKwwEpptJa26c5NAfb/S4B1iv2W4r
5fUJm48h2YTtqqsfT7vCm66yY047E6DZ+S3mkhEfUjhyyNabg6V+jxkKTWcqQxvG
/W/hBrhT/5nZodI7oAY68Etv6/0HqqukPlWrV/qbarmKp9PfJLvF5Z8YAKcTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuX230IGkbbi45jH51JTQdxwVEJwwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjAxMTIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvz
MA0GCSqGSIb3DQEBCwUAA4IBAQAN2fka94bjbHGDoxUv75zqXEwDUJiUHMf8t9R1
h71R4rKMvbLLkmnMCLLLgXIvXks8t9C9CBM+aP52xtaeXUYGoi2765l5skpjX+WJ
P9lvcnrzeDmtc6GWvjjXCnk9oAUmO4xgqVfZLCkBI2B02s/nnLLaIUAa+P/s3nkv
amjl2EWiZ2HrNkPparPE50t+lkDgZWGpdyxULrvqTaz0JOXvwEPjXeSUU/h0kJ7x
xagMLSG2fkP7X3J0ldpI4PpNTrwRFoDhEaiWluq35I8oB2fcpJ11+MdSacEWQais
Flf1wYIr2UX7aSP7qzCKXfb5pjsWImkmAtv+6YSjGdwXxzT9
-----END CERTIFICATE-----