Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS202662.roa
File:                     AS202662.roa (raw, json)
Hash identifier:          hDMqa38+m4RWPTcTWsFGDSbfmLdEFO7yIfIu8LNPCAM=
Subject key identifier:   E0:6F:77:46:C8:33:79:0E:08:27:A5:AD:BB:EF:DB:BE:24:73:97:67
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       142C91C34BA19662CE36CB11C50FF73C30594F5B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS202662.roa
Signing time:             Sat 17 Feb 2024 19:05:12 +0000
ROA not before:           Sat 17 Feb 2024 19:00:12 +0000
ROA not after:            Sat 15 Feb 2025 19:05:12 +0000
asID:                     202662
IP address blocks:        141.11.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:2c:91:c3:4b:a1:96:62:ce:36:cb:11:c5:0f:f7:3c:30:59:4f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 17 19:00:12 2024 GMT
            Not After : Feb 15 19:05:12 2025 GMT
        Subject: CN=E06F7746C833790E0827A5ADBBEFDBBE24739767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:17:f7:59:ea:c4:fc:18:52:31:58:8b:b1:0f:
                    f5:7a:0b:c9:3f:23:06:3a:87:67:76:7a:6f:17:42:
                    c8:62:11:f9:5e:33:66:51:44:22:dc:b8:77:aa:e5:
                    15:8c:35:6d:99:67:8c:63:89:f1:90:8d:32:f2:1f:
                    e5:9b:21:14:d8:e7:ca:66:d0:a3:80:4d:eb:17:aa:
                    cc:a8:52:cb:e4:ee:59:20:f8:36:d6:5f:bf:00:ec:
                    2f:76:c8:0c:97:54:ea:fa:57:db:38:0e:4c:41:62:
                    cc:23:b1:5c:02:d0:87:3b:6b:b8:05:61:87:aa:a4:
                    72:a1:5f:2b:71:84:e9:42:1a:a2:f9:a9:87:14:6f:
                    53:b1:33:a6:c7:40:e0:4f:68:48:54:1e:c9:10:3e:
                    37:18:43:56:c9:f2:33:b4:61:f8:86:bb:b3:aa:72:
                    ae:2d:3c:2e:ea:e8:42:cf:2f:f2:32:fd:21:42:78:
                    7f:35:20:58:32:b7:b4:7c:ea:3d:31:5e:af:7d:49:
                    d5:bb:cf:d3:d7:db:23:76:1d:30:35:f8:0b:24:37:
                    8e:6b:6d:7c:f4:d9:70:9e:d0:1a:ae:90:3f:4e:b9:
                    03:0f:b8:e7:79:f1:8e:78:f2:c4:5d:37:07:82:fa:
                    2e:8b:6c:63:dd:d4:b0:44:c6:28:19:d7:09:a9:b9:
                    3d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:6F:77:46:C8:33:79:0E:08:27:A5:AD:BB:EF:DB:BE:24:73:97:67
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS202662.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:aa:cf:da:dc:72:c0:79:79:08:11:d6:5b:21:b7:35:90:bc:
         b3:10:c2:de:c4:60:b5:20:80:44:68:b5:c2:c3:c7:38:8a:3c:
         48:3a:e5:af:f0:f7:a4:48:c2:23:cb:55:b3:a1:8f:dc:ee:3a:
         5e:ef:c2:bb:21:02:8f:ac:18:1f:90:22:db:3c:2c:dc:ef:0a:
         0f:d2:28:5e:ff:82:cb:16:7c:86:57:cf:8f:12:06:3a:fd:9f:
         68:74:cd:8d:f8:7d:df:8d:25:bb:3c:4e:86:80:00:00:5f:6c:
         03:e4:02:3f:d1:fd:37:39:30:78:a3:a3:74:14:85:80:ab:25:
         70:9a:e3:17:22:6b:c7:77:ad:ce:ab:d8:83:40:4d:a0:31:11:
         f2:c3:84:6e:ca:d2:5b:fb:fa:7b:7a:41:e7:fb:0b:d2:25:b1:
         f3:c1:6b:9a:06:70:d1:84:3e:6c:9e:6a:63:62:ba:ea:cf:57:
         5f:81:06:45:ee:96:66:32:7b:77:d7:48:63:2b:e8:61:6e:62:
         32:66:22:85:e8:5f:de:16:ad:7a:d7:40:3f:49:13:22:18:3f:
         ff:aa:54:4f:89:45:4c:ed:87:f3:ec:01:8f:74:fc:49:50:28:
         38:c8:86:ef:95:2c:45:79:f4:58:cc:9a:48:36:1a:61:74:2b:
         19:78:28:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFCyRw0uhlmLONssRxQ/3PDBZT1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAyMTcxOTAwMTJaFw0yNTAyMTUxOTA1MTJaMDMxMTAvBgNV
BAMTKEUwNkY3NzQ2QzgzMzc5MEUwODI3QTVBREJCRUZEQkJFMjQ3Mzk3NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBF/dZ6sT8GFIxWIuxD/V6C8k/
IwY6h2d2em8XQshiEfleM2ZRRCLcuHeq5RWMNW2ZZ4xjifGQjTLyH+WbIRTY58pm
0KOATesXqsyoUsvk7lkg+DbWX78A7C92yAyXVOr6V9s4DkxBYswjsVwC0Ic7a7gF
YYeqpHKhXytxhOlCGqL5qYcUb1OxM6bHQOBPaEhUHskQPjcYQ1bJ8jO0YfiGu7Oq
cq4tPC7q6ELPL/Iy/SFCeH81IFgyt7R86j0xXq99SdW7z9PX2yN2HTA1+AskN45r
bXz02XCe0BqukD9OuQMPuOd58Y548sRdNweC+i6LbGPd1LBExigZ1wmpuT35AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4G93RsgzeQ4IJ6Wtu+/bviRzl2cwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjAyNjYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt9
MA0GCSqGSIb3DQEBCwUAA4IBAQAuqs/a3HLAeXkIEdZbIbc1kLyzEMLexGC1IIBE
aLXCw8c4ijxIOuWv8PekSMIjy1WzoY/c7jpe78K7IQKPrBgfkCLbPCzc7woP0ihe
/4LLFnyGV8+PEgY6/Z9odM2N+H3fjSW7PE6GgAAAX2wD5AI/0f03OTB4o6N0FIWA
qyVwmuMXImvHd63Oq9iDQE2gMRHyw4RuytJb+/p7ekHn+wvSJbHzwWuaBnDRhD5s
nmpjYrrqz1dfgQZF7pZmMnt310hjK+hhbmIyZiKF6F/eFq1610A/SRMiGD//qlRP
iUVM7Yfz7AGPdPxJUCg4yIbvlSxFefRYzJpINhphdCsZeChj
-----END CERTIFICATE-----