Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201670.roa
File:                     AS201670.roa (raw, json)
Hash identifier:          cK3DC+wrM4A4zZWCuLtUDZavBvLAWoMLga9e6ufTxsM=
Subject key identifier:   08:D7:90:05:11:81:19:01:88:59:A1:88:46:CC:6C:23:D2:0E:11:0F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       48EBC28DB2672E2A9220E241898C35088122D74F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201670.roa
Signing time:             Wed 10 Apr 2024 14:22:17 +0000
ROA not before:           Wed 10 Apr 2024 14:17:17 +0000
ROA not after:            Wed 09 Apr 2025 14:22:17 +0000
asID:                     201670
IP address blocks:        141.11.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:eb:c2:8d:b2:67:2e:2a:92:20:e2:41:89:8c:35:08:81:22:d7:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 10 14:17:17 2024 GMT
            Not After : Apr  9 14:22:17 2025 GMT
        Subject: CN=08D79005118119018859A18846CC6C23D20E110F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1d:6a:46:c4:9b:80:4b:2c:a6:fc:9c:a9:b3:
                    c8:1c:72:35:5a:f7:5b:bb:c7:fc:1c:6a:dc:31:c4:
                    87:a7:0a:7b:52:3d:59:90:e3:65:ef:b0:67:59:cf:
                    92:ef:56:c0:2b:be:3d:0f:43:2b:16:c3:0c:21:b5:
                    2a:0f:dd:0c:a4:c5:f3:5c:11:cc:80:05:8b:30:28:
                    7f:7f:b6:40:41:a0:d3:f9:61:7a:da:bd:2f:dd:fc:
                    af:1c:36:3f:01:6c:d5:3d:2e:9a:af:5b:9a:a5:9e:
                    23:11:15:2b:df:64:e4:f7:c4:92:f1:ce:0c:5c:c4:
                    d1:80:37:4a:37:22:aa:7b:ac:1b:bb:11:70:24:ad:
                    60:8b:76:19:64:47:75:fe:99:02:0c:a4:4d:9b:37:
                    33:6b:93:9f:3c:05:22:73:c0:c5:1e:28:e8:e1:5d:
                    c7:af:0c:a3:c2:05:85:4d:39:be:fa:51:f8:61:cb:
                    5c:6b:fc:cb:48:6c:a6:9b:bd:b2:98:8f:d7:0d:2c:
                    d3:03:f6:87:d1:46:6d:92:d0:8e:fc:1e:09:0d:96:
                    1d:7a:b2:f0:17:c4:2f:fb:91:7a:8b:6e:d9:41:5e:
                    59:91:55:72:fc:7b:a3:29:4e:5a:31:a7:a4:7f:77:
                    69:b4:76:d4:68:57:2c:3d:8a:0b:1f:6b:90:3f:1c:
                    4a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D7:90:05:11:81:19:01:88:59:A1:88:46:CC:6C:23:D2:0E:11:0F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS201670.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:d0:93:2a:52:bd:4c:09:2f:c8:ca:33:c6:ba:31:8c:73:2b:
         68:1d:86:61:da:de:6b:2d:95:61:88:94:69:0e:e9:b5:33:d8:
         0b:43:b6:42:42:94:8d:01:b4:af:bf:54:e3:ee:76:27:0d:f4:
         b7:68:a1:14:18:ff:43:75:6b:44:fc:69:ea:b7:fd:aa:d8:6c:
         c2:aa:45:79:f5:65:af:d6:a1:9a:bc:9f:ae:0e:56:d4:b0:8f:
         25:ee:1c:a5:0b:4c:95:c2:e1:f8:06:ec:35:93:9b:31:99:34:
         c6:89:e6:5e:4a:f5:be:14:18:69:10:ba:4f:fb:7e:d3:ac:37:
         50:27:2c:6f:fc:3f:72:c8:6d:55:b6:06:12:5b:70:00:17:8a:
         4b:34:f0:8a:e9:9d:0c:cf:3a:1a:f1:04:01:bc:72:aa:e9:05:
         fe:81:f0:d1:b5:f0:51:ac:01:be:27:ec:cd:c5:fb:bf:49:a3:
         d9:eb:80:62:8b:2e:d4:12:e3:80:17:09:00:c7:8e:f7:2f:b4:
         07:19:90:43:03:3c:bb:24:03:46:e4:8c:84:a7:19:8b:35:ea:
         e8:87:1a:f3:8f:1d:72:28:68:ce:1b:0b:f0:ae:96:16:d5:aa:
         83:c8:44:1f:16:97:31:d0:69:e1:46:dc:ba:2d:c7:b9:3a:ea:
         b5:16:72:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSOvCjbJnLiqSIOJBiYw1CIEi108wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA0MTAxNDE3MTdaFw0yNTA0MDkxNDIyMTdaMDMxMTAvBgNV
BAMTKDA4RDc5MDA1MTE4MTE5MDE4ODU5QTE4ODQ2Q0M2QzIzRDIwRTExMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUHWpGxJuASyym/Jyps8gccjVa
91u7x/wcatwxxIenCntSPVmQ42XvsGdZz5LvVsArvj0PQysWwwwhtSoP3QykxfNc
EcyABYswKH9/tkBBoNP5YXravS/d/K8cNj8BbNU9LpqvW5qlniMRFSvfZOT3xJLx
zgxcxNGAN0o3Iqp7rBu7EXAkrWCLdhlkR3X+mQIMpE2bNzNrk588BSJzwMUeKOjh
XcevDKPCBYVNOb76Ufhhy1xr/MtIbKabvbKYj9cNLNMD9ofRRm2S0I78HgkNlh16
svAXxC/7kXqLbtlBXlmRVXL8e6MpTloxp6R/d2m0dtRoVyw9igsfa5A/HErxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCNeQBRGBGQGIWaGIRsxsI9IOEQ8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjAxNjcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsq
MA0GCSqGSIb3DQEBCwUAA4IBAQAl0JMqUr1MCS/IyjPGujGMcytoHYZh2t5rLZVh
iJRpDum1M9gLQ7ZCQpSNAbSvv1Tj7nYnDfS3aKEUGP9DdWtE/Gnqt/2q2GzCqkV5
9WWv1qGavJ+uDlbUsI8l7hylC0yVwuH4Buw1k5sxmTTGieZeSvW+FBhpELpP+37T
rDdQJyxv/D9yyG1VtgYSW3AAF4pLNPCK6Z0Mzzoa8QQBvHKq6QX+gfDRtfBRrAG+
J+zNxfu/SaPZ64Biiy7UEuOAFwkAx473L7QHGZBDAzy7JANG5IyEpxmLNerohxrz
jx1yKGjOGwvwrpYW1aqDyEQfFpcx0GnhRty6Lce5Ouq1FnIN
-----END CERTIFICATE-----