Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          h1v+VT124B7+MDaQaSiM0jMbK0Jhyzchz5phgYZ7xEY=
Subject key identifier:   C2:2F:F0:D3:EA:A2:0C:1A:65:D0:5E:24:FF:77:B3:9A:56:66:36:DA
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       60EC87E2A3EFC0690391C293778AC867D8DE4A8E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS20473.roa
Signing time:             Thu 09 Feb 2023 00:00:11 +0000
ROA not before:           Wed 08 Feb 2023 23:55:11 +0000
ROA not after:            Thu 08 Feb 2024 00:00:11 +0000
asID:                     20473
IP address blocks:        141.11.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 03:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:ec:87:e2:a3:ef:c0:69:03:91:c2:93:77:8a:c8:67:d8:de:4a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb  8 23:55:11 2023 GMT
            Not After : Feb  8 00:00:11 2024 GMT
        Subject: CN=C22FF0D3EAA20C1A65D05E24FF77B39A566636DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:86:ff:55:f5:20:7b:c6:fa:db:9f:4e:de:5b:
                    19:1e:ea:26:c1:ce:09:f9:a9:d1:74:7a:e5:43:71:
                    e9:1a:2a:38:85:fb:f8:cd:52:44:d5:70:06:5f:da:
                    91:d1:d0:1d:46:63:82:67:b4:e8:54:40:6f:ea:18:
                    62:58:32:78:0d:05:f6:96:1c:25:e0:b1:93:ca:aa:
                    2c:81:89:2e:02:15:d4:c9:2d:d2:15:e1:a9:12:c1:
                    cf:b2:40:b7:b8:5f:f3:51:e1:ee:ff:0b:cc:5f:9f:
                    b0:90:88:17:83:ff:0e:83:7b:0f:a4:3c:b1:8c:dd:
                    46:7d:4e:fa:bb:54:b0:dc:bd:10:a3:a4:76:50:98:
                    64:33:d5:15:1a:25:ad:d2:46:6e:45:8e:4e:5f:f1:
                    0b:e3:07:b1:f3:cc:4e:37:f3:39:44:43:5b:db:8e:
                    60:cb:4f:d9:bc:65:b3:52:a8:48:de:c9:ed:b1:ed:
                    8e:bc:ed:b0:26:55:39:56:fc:6d:e9:36:c8:47:98:
                    d8:0a:be:f2:ff:0b:21:d9:cc:e1:eb:b9:35:72:11:
                    90:64:5f:94:50:eb:74:36:89:40:58:2c:a8:9b:cf:
                    8c:78:90:af:5d:03:d8:a1:9a:54:78:fc:42:fa:b8:
                    b7:ef:fe:85:ae:a4:b0:3a:ec:35:df:ad:40:24:a4:
                    3f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                C2:2F:F0:D3:EA:A2:0C:1A:65:D0:5E:24:FF:77:B3:9A:56:66:36:DA
            X509v3 Authority Key Identifier: 
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:6d:a5:08:b3:11:60:49:3c:4a:61:be:c1:8a:e1:3d:53:e8:
         1f:45:41:4a:56:a6:4d:93:9b:f4:e7:63:d3:94:9f:d5:26:b8:
         b7:1c:b7:22:73:0d:ac:0d:a4:4a:0e:b0:6a:98:bc:33:b3:47:
         e8:20:25:b1:19:f6:f4:f0:90:bb:e0:22:09:bf:2b:84:42:ea:
         17:fc:2e:c8:15:da:5c:df:61:14:41:93:b6:8a:38:e7:52:fa:
         74:fd:c0:fd:d3:2f:80:f0:2a:bd:f3:bf:88:dd:9f:bb:90:3a:
         ab:cb:b1:1b:b1:58:47:f5:ba:60:e8:8c:da:06:8d:f8:a4:e9:
         bd:d0:58:3b:a6:ba:dd:5e:4d:7f:63:29:17:7b:ea:9d:c1:2e:
         56:27:91:dd:46:9c:92:04:ca:aa:0d:b4:42:44:b7:65:af:02:
         7b:c2:ba:0f:05:62:80:4d:50:b8:ab:a1:d9:31:d3:ec:d7:03:
         fe:e4:ce:a1:cf:30:ed:c4:a9:93:74:10:75:db:fe:64:ab:eb:
         19:6f:c0:02:69:8c:e2:17:b7:87:5a:3b:5d:ee:f4:2a:eb:a5:
         76:0c:5a:8b:53:d8:bc:68:25:90:62:10:1a:33:a7:9f:31:1f:
         d3:3b:c9:56:3f:ee:26:fd:1b:2b:9c:76:ee:96:b7:4e:ed:df:
         59:87:0f:97
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYOyH4qPvwGkDkcKTd4rIZ9jeSo4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzAyMDgyMzU1MTFaFw0yNDAyMDgwMDAwMTFaMDMxMTAvBgNV
BAMTKEMyMkZGMEQzRUFBMjBDMUE2NUQwNUUyNEZGNzdCMzlBNTY2NjM2REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnhv9V9SB7xvrbn07eWxke6ibB
zgn5qdF0euVDcekaKjiF+/jNUkTVcAZf2pHR0B1GY4JntOhUQG/qGGJYMngNBfaW
HCXgsZPKqiyBiS4CFdTJLdIV4akSwc+yQLe4X/NR4e7/C8xfn7CQiBeD/w6Dew+k
PLGM3UZ9Tvq7VLDcvRCjpHZQmGQz1RUaJa3SRm5Fjk5f8QvjB7HzzE438zlEQ1vb
jmDLT9m8ZbNSqEjeye2x7Y687bAmVTlW/G3pNshHmNgKvvL/CyHZzOHruTVyEZBk
X5RQ63Q2iUBYLKibz4x4kK9dA9ihmlR4/EL6uLfv/oWupLA67DXfrUAkpD8TAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwi/w0+qiDBpl0F4k/3ezmlZmNtowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC0Yw
DQYJKoZIhvcNAQELBQADggEBABdtpQizEWBJPEphvsGK4T1T6B9FQUpWpk2Tm/Tn
Y9OUn9UmuLcctyJzDawNpEoOsGqYvDOzR+ggJbEZ9vTwkLvgIgm/K4RC6hf8LsgV
2lzfYRRBk7aKOOdS+nT9wP3TL4DwKr3zv4jdn7uQOqvLsRuxWEf1umDojNoGjfik
6b3QWDumut1eTX9jKRd76p3BLlYnkd1GnJIEyqoNtEJEt2WvAnvCug8FYoBNULir
odkx0+zXA/7kzqHPMO3EqZN0EHXb/mSr6xlvwAJpjOIXt4daO13u9CrrpXYMWotT
2LxoJZBiEBozp58xH9M7yVY/7ib9Gyucdu6Wt07t31mHD5c=
-----END CERTIFICATE-----