Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          vaIhks39ZSyfoHxHfRX52K+wOneTEYC7Sq36tEuuDfY=
Subject key identifier:   34:3C:28:FF:12:5C:0D:47:2E:B6:47:EB:92:FD:0B:0B:63:BD:49:02
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4E2B127859867568AB001061E6CB6F1E7F6B6AC0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS20473.roa
Signing time:             Wed 31 Jan 2024 00:00:08 +0000
ROA not before:           Tue 30 Jan 2024 23:55:08 +0000
ROA not after:            Wed 29 Jan 2025 00:00:08 +0000
asID:                     20473
IP address blocks:        141.11.70.0/24 maxlen: 24
                          141.11.154.0/23 maxlen: 24
                          141.11.236.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 11:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:2b:12:78:59:86:75:68:ab:00:10:61:e6:cb:6f:1e:7f:6b:6a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan 30 23:55:08 2024 GMT
            Not After : Jan 29 00:00:08 2025 GMT
        Subject: CN=343C28FF125C0D472EB647EB92FD0B0B63BD4902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3d:56:7a:22:69:8e:ef:51:65:8a:aa:47:d5:
                    46:49:d7:ea:3a:3f:c3:04:07:83:35:17:42:7b:41:
                    a6:c6:01:1f:02:76:92:9c:5b:0c:b0:92:be:35:b6:
                    12:f1:fc:00:9c:6d:24:ea:4e:69:33:82:77:bd:6e:
                    ad:3e:cf:1f:c5:14:33:6b:93:61:ad:6c:3c:e0:d0:
                    89:53:6c:d8:62:3a:1a:a2:3f:61:7f:e3:58:fb:6d:
                    e3:90:97:78:a4:87:7c:f2:bd:a8:81:29:db:19:9d:
                    a7:8b:68:94:ef:02:b5:43:ea:47:ec:bf:c0:66:10:
                    e8:8d:a1:23:94:81:fd:cc:c2:f7:63:7f:bd:e2:ad:
                    2d:34:13:08:e3:9a:d7:8c:78:f7:bd:dc:9e:68:7b:
                    55:7e:3f:74:23:0d:b6:f1:8a:84:99:5b:49:d2:4d:
                    7e:87:8f:7c:d5:53:7b:93:0a:f3:cd:44:77:7f:65:
                    1d:bf:7f:f7:60:d6:a6:3e:cc:21:78:65:2a:51:14:
                    dc:59:be:75:f8:8e:a0:01:2e:22:82:b7:8f:08:5f:
                    b6:42:82:84:a7:a7:ea:bd:1a:43:82:a6:fc:53:c0:
                    2c:58:25:90:ed:9a:1e:0f:b3:b2:13:c0:ed:af:6b:
                    44:6a:ff:4d:cb:a2:52:77:83:fa:d5:73:26:18:79:
                    fe:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:3C:28:FF:12:5C:0D:47:2E:B6:47:EB:92:FD:0B:0B:63:BD:49:02
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.70.0/24
                  141.11.154.0/23
                  141.11.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:59:be:b4:54:f2:32:0c:90:94:b1:b9:0c:89:99:c8:05:98:
         90:e8:fa:5f:ce:b1:2e:82:fe:3b:89:64:3f:94:6d:a1:6a:a4:
         a4:7f:b7:92:ca:53:31:15:89:19:3d:76:95:da:54:83:9f:68:
         3d:32:3f:ba:8e:80:85:7f:75:70:80:35:47:cb:b4:ee:9c:3e:
         cb:27:ee:f2:2d:41:d0:4f:13:c7:7c:82:04:33:f2:fe:f3:64:
         78:28:9a:2a:09:44:58:27:87:5b:5b:9d:8b:31:99:b8:60:91:
         6c:73:ba:89:5e:5e:7c:60:21:7e:b3:8f:99:39:45:c2:89:d4:
         0d:cb:64:41:47:64:ac:cc:1a:1e:35:01:ea:3a:05:9f:c0:ff:
         90:a4:bf:90:23:02:dc:ab:4e:f9:13:ac:08:a6:3b:f7:5d:7c:
         b2:86:88:90:37:72:ba:30:7e:13:2a:a5:b8:4a:58:2c:63:93:
         ee:9e:c4:b3:af:0f:dd:d8:8e:9d:9c:a2:59:88:dd:16:0b:55:
         1d:10:03:ec:d6:34:08:7a:3d:d0:43:7e:72:95:9b:3a:d4:56:
         24:e0:74:b6:0e:5a:aa:5b:43:2c:16:42:bc:d0:f1:a3:20:e3:
         13:4b:9d:97:61:cf:9b:c6:5a:0a:32:9e:ba:8f:13:ca:97:f2:
         eb:c3:9e:6e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUTisSeFmGdWirABBh5stvHn9rasAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAxMzAyMzU1MDhaFw0yNTAxMjkwMDAwMDhaMDMxMTAvBgNV
BAMTKDM0M0MyOEZGMTI1QzBENDcyRUI2NDdFQjkyRkQwQjBCNjNCRDQ5MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcPVZ6ImmO71FliqpH1UZJ1+o6
P8MEB4M1F0J7QabGAR8CdpKcWwywkr41thLx/ACcbSTqTmkzgne9bq0+zx/FFDNr
k2GtbDzg0IlTbNhiOhqiP2F/41j7beOQl3ikh3zyvaiBKdsZnaeLaJTvArVD6kfs
v8BmEOiNoSOUgf3Mwvdjf73irS00EwjjmteMePe93J5oe1V+P3QjDbbxioSZW0nS
TX6Hj3zVU3uTCvPNRHd/ZR2/f/dg1qY+zCF4ZSpRFNxZvnX4jqABLiKCt48IX7ZC
goSnp+q9GkOCpvxTwCxYJZDtmh4Ps7ITwO2va0Rq/03LolJ3g/rVcyYYef5FAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUNDwo/xJcDUcutkfrkv0LC2O9SQIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACNC0YD
BAGNC5oDBAGNC+wwDQYJKoZIhvcNAQELBQADggEBALRZvrRU8jIMkJSxuQyJmcgF
mJDo+l/OsS6C/juJZD+UbaFqpKR/t5LKUzEViRk9dpXaVIOfaD0yP7qOgIV/dXCA
NUfLtO6cPssn7vItQdBPE8d8ggQz8v7zZHgomioJRFgnh1tbnYsxmbhgkWxzuole
XnxgIX6zj5k5RcKJ1A3LZEFHZKzMGh41Aeo6BZ/A/5Ckv5AjAtyrTvkTrAimO/dd
fLKGiJA3crowfhMqpbhKWCxjk+6exLOvD93Yjp2colmI3RYLVR0QA+zWNAh6PdBD
fnKVmzrUViTgdLYOWqpbQywWQrzQ8aMg4xNLnZdhz5vGWgoynrqPE8qX8uvDnm4=
-----END CERTIFICATE-----
Generated at Sat Apr 20 18:40:54 2024 by rpki-client on console-fra.rpki-client.org