Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS203058.roa
File:                     AS203058.roa (raw, json)
Hash identifier:          F6jMWN2lr7pZ4TBAwgyEHiqFA5aIQ6VoQ9eGLtqIcbE=
Subject key identifier:   93:7C:3A:9C:5B:85:38:DB:90:E3:65:FF:56:7A:DD:E5:58:05:D5:E2
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       625C8CF37C7C4F5BB6D45DA01065BAC84C7BD53B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS203058.roa
Signing time:             Thu 27 Feb 2025 08:58:05 +0000
ROA not before:           Thu 27 Feb 2025 08:53:05 +0000
ROA not after:            Thu 26 Feb 2026 08:58:05 +0000
asID:                     203058
IP address blocks:        141.11.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:5c:8c:f3:7c:7c:4f:5b:b6:d4:5d:a0:10:65:ba:c8:4c:7b:d5:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 27 08:53:05 2025 GMT
            Not After : Feb 26 08:58:05 2026 GMT
        Subject: CN=937C3A9C5B8538DB90E365FF567ADDE55805D5E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e6:a8:59:51:d2:ba:cb:ba:c8:e6:f4:c9:93:
                    69:3d:ba:f3:1d:f9:63:1f:7a:5e:d1:40:3c:13:f6:
                    ba:22:b0:a2:21:b2:1c:8e:75:90:94:f5:8e:4b:4b:
                    f9:81:51:42:ce:2b:00:e6:b2:04:16:85:b2:84:ac:
                    f9:6c:21:22:d9:54:d6:88:ad:a8:03:5a:cf:60:64:
                    50:be:23:58:d9:f1:87:32:aa:dc:21:24:89:6e:14:
                    75:ee:cb:3b:8e:e4:b7:b4:15:8c:84:e4:56:fd:d0:
                    11:64:be:35:7d:a3:3b:fb:3d:7f:c9:23:39:d6:e1:
                    71:04:fd:96:78:ff:00:58:d5:d5:33:d7:d5:3d:3c:
                    94:87:6f:ab:3b:95:52:4a:87:4c:f4:76:4e:50:1d:
                    7e:e1:8d:f8:43:71:b0:0a:37:96:04:51:3c:50:96:
                    6e:88:86:96:4c:ae:f4:17:f9:fd:2c:68:bb:fe:06:
                    ce:17:7e:84:7e:b7:e1:bc:d5:70:fa:1a:a6:87:eb:
                    d0:5d:79:e6:35:92:5d:d8:dc:93:a6:55:ca:f6:b9:
                    f6:b7:2a:15:32:31:24:0e:0a:be:f9:6e:a4:2b:25:
                    c1:68:8f:a6:0b:79:34:6a:ba:5a:89:d7:17:65:00:
                    bd:8d:73:42:9c:7f:2b:cc:92:8f:c6:b6:68:c1:21:
                    5e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:7C:3A:9C:5B:85:38:DB:90:E3:65:FF:56:7A:DD:E5:58:05:D5:E2
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS203058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:cb:24:8f:e3:50:23:b7:dc:18:ee:a5:4a:6c:86:df:39:0a:
         41:8a:8b:59:66:39:1c:c6:33:fb:e1:a4:23:aa:cb:35:fe:db:
         83:65:bc:99:32:48:40:ce:06:e5:04:77:6d:48:37:df:af:14:
         bf:4a:76:a8:51:61:36:24:31:9c:a6:00:05:ae:7c:3a:42:ec:
         12:0d:10:22:55:d1:06:b0:07:74:67:70:74:05:fa:91:45:8c:
         7e:5a:db:ac:e0:cf:66:81:96:7c:1d:b9:96:9c:0d:3d:90:21:
         78:2c:b7:28:90:0d:1e:ae:a6:17:26:2f:7b:e1:02:20:74:5a:
         b6:a9:bc:76:b8:61:50:c6:8a:80:e2:d2:38:27:29:c6:34:45:
         b9:f6:da:b0:6e:a7:70:7f:fc:96:ba:13:f3:9e:f1:be:e0:8e:
         8e:bb:48:0c:1e:06:1a:25:02:db:33:75:34:f0:0f:6d:ad:0a:
         be:ab:27:70:7f:f1:0f:55:d6:51:ea:d8:5c:01:66:50:a6:bb:
         53:3b:69:66:cd:ae:0b:b9:13:66:fa:f5:48:9e:6f:4e:51:ce:
         07:fd:70:e1:49:fc:82:24:34:ca:1c:70:cd:e9:f1:58:6a:8e:
         2f:07:eb:a5:be:39:3c:82:73:54:9b:a1:83:71:ff:3b:b4:37:
         b0:4c:24:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYlyM83x8T1u21F2gEGW6yEx71TswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAyMjcwODUzMDVaFw0yNjAyMjYwODU4MDVaMDMxMTAvBgNV
BAMTKDkzN0MzQTlDNUI4NTM4REI5MEUzNjVGRjU2N0FEREU1NTgwNUQ1RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC45qhZUdK6y7rI5vTJk2k9uvMd
+WMfel7RQDwT9roisKIhshyOdZCU9Y5LS/mBUULOKwDmsgQWhbKErPlsISLZVNaI
ragDWs9gZFC+I1jZ8YcyqtwhJIluFHXuyzuO5Le0FYyE5Fb90BFkvjV9ozv7PX/J
IznW4XEE/ZZ4/wBY1dUz19U9PJSHb6s7lVJKh0z0dk5QHX7hjfhDcbAKN5YEUTxQ
lm6IhpZMrvQX+f0saLv+Bs4XfoR+t+G81XD6GqaH69BdeeY1kl3Y3JOmVcr2ufa3
KhUyMSQOCr75bqQrJcFoj6YLeTRqulqJ1xdlAL2Nc0KcfyvMko/GtmjBIV5DAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUk3w6nFuFONuQ42X/Vnrd5VgF1eIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjAzMDU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQua
MA0GCSqGSIb3DQEBCwUAA4IBAQC4yySP41Ajt9wY7qVKbIbfOQpBiotZZjkcxjP7
4aQjqss1/tuDZbyZMkhAzgblBHdtSDffrxS/SnaoUWE2JDGcpgAFrnw6QuwSDRAi
VdEGsAd0Z3B0BfqRRYx+Wtus4M9mgZZ8HbmWnA09kCF4LLcokA0erqYXJi974QIg
dFq2qbx2uGFQxoqA4tI4JynGNEW59tqwbqdwf/yWuhPznvG+4I6Ou0gMHgYaJQLb
M3U08A9trQq+qydwf/EPVdZR6thcAWZQprtTO2lmza4LuRNm+vVInm9OUc4H/XDh
SfyCJDTKHHDN6fFYao4vB+ulvjk8gnNUm6GDcf87tDewTCQl
-----END CERTIFICATE-----