Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210570.roa
File:                     AS210570.roa (raw, json)
Hash identifier:          zbBlQZWlUxsIThSw2vS0pMTPiTU8HF4PauGvzu9viHE=
Subject key identifier:   4B:05:A7:33:62:C5:39:46:00:D6:BA:A6:6E:66:BB:C9:8E:CB:A6:A4
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3C3D1A81009A779615F44F10AE64EA3E0C0992F1
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210570.roa
Signing time:             Thu 14 Mar 2024 13:07:00 +0000
ROA not before:           Thu 14 Mar 2024 13:02:00 +0000
ROA not after:            Thu 13 Mar 2025 13:07:00 +0000
asID:                     210570
IP address blocks:        141.11.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:3d:1a:81:00:9a:77:96:15:f4:4f:10:ae:64:ea:3e:0c:09:92:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 14 13:02:00 2024 GMT
            Not After : Mar 13 13:07:00 2025 GMT
        Subject: CN=4B05A73362C5394600D6BAA66E66BBC98ECBA6A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b9:c7:78:60:8a:be:c5:52:6e:9a:fd:76:2c:
                    99:e4:e0:b1:4f:2d:8d:05:4d:39:d9:75:db:3a:1d:
                    8d:b9:51:2a:87:49:71:3c:78:63:b0:ff:61:ac:c0:
                    ee:62:f8:de:71:6e:b6:f5:86:1e:28:17:f3:e3:b9:
                    7a:a3:ba:62:ed:40:ae:38:cc:93:af:9c:df:42:e5:
                    6d:63:4a:a6:3a:3d:24:1e:c2:8a:6c:a6:7f:4d:d4:
                    c8:a3:e5:c5:83:ad:49:44:c1:06:ef:0f:e8:d4:c2:
                    98:e9:76:34:c9:45:4f:3c:e2:c3:9c:42:3a:89:b0:
                    e2:dd:41:72:3b:9d:55:d6:fd:fe:45:ba:9b:83:04:
                    d4:27:00:2d:58:2c:73:d1:fd:94:91:ef:23:34:2b:
                    67:48:fd:52:53:4d:35:c0:09:f7:94:94:a5:8e:32:
                    1e:13:11:a2:61:22:fe:0b:15:8d:58:5e:dd:2a:7e:
                    c8:44:32:3a:2b:81:52:2e:78:f8:c1:7e:fd:65:16:
                    d7:70:03:67:1c:cb:34:2d:ae:46:64:bf:85:43:b7:
                    33:7c:bf:66:3d:8a:fe:17:9d:60:40:88:45:33:cd:
                    a0:14:b8:35:29:b6:dd:3d:67:37:2a:1c:4e:e7:aa:
                    62:2e:8b:d5:8e:de:6b:1f:3b:7c:d1:ed:c7:c9:37:
                    cf:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:05:A7:33:62:C5:39:46:00:D6:BA:A6:6E:66:BB:C9:8E:CB:A6:A4
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210570.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:8f:a3:be:de:ee:d2:fc:e3:d1:ad:de:e5:b1:20:f3:74:85:
         d2:b5:30:39:bf:c0:ef:7f:72:fb:2b:df:9f:07:16:b6:68:f9:
         10:53:94:f5:48:fd:4d:ee:69:10:ec:34:08:0b:c3:f7:f7:89:
         8f:36:05:0e:be:e6:7c:8c:0c:f8:f8:e4:80:58:6c:cc:84:5d:
         81:d1:c1:df:81:d4:1c:ad:63:80:6a:7e:c4:4d:76:91:65:ac:
         28:05:b9:f9:e4:a5:30:e8:d7:5d:06:fd:c3:27:ca:4b:83:b4:
         b8:55:10:12:58:c1:f7:df:76:95:ac:56:a4:b8:bf:b7:4a:d3:
         36:63:a8:92:c5:48:61:0a:55:5f:d6:f9:db:7c:86:9d:38:00:
         26:76:db:31:45:85:9b:90:ee:34:05:cd:9d:41:6c:e3:95:2a:
         37:ef:a9:69:b0:0e:f5:e4:0d:c5:b0:3d:5f:80:af:84:55:c3:
         81:c3:a4:4f:54:4a:ff:7c:f6:f4:ce:7e:17:61:1c:ad:bb:8c:
         cc:2d:07:96:dc:6e:75:e1:bd:ec:fe:9d:d8:82:be:4c:8c:65:
         c9:20:4a:36:c8:61:dd:51:03:a9:07:c2:02:23:02:d4:27:1c:
         ab:2f:99:50:81:44:e0:7c:f6:9d:c8:2e:12:cc:ab:52:59:a6:
         5d:a8:95:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPD0agQCad5YV9E8QrmTqPgwJkvEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAzMTQxMzAyMDBaFw0yNTAzMTMxMzA3MDBaMDMxMTAvBgNV
BAMTKDRCMDVBNzMzNjJDNTM5NDYwMEQ2QkFBNjZFNjZCQkM5OEVDQkE2QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6ucd4YIq+xVJumv12LJnk4LFP
LY0FTTnZdds6HY25USqHSXE8eGOw/2GswO5i+N5xbrb1hh4oF/PjuXqjumLtQK44
zJOvnN9C5W1jSqY6PSQewopspn9N1Mij5cWDrUlEwQbvD+jUwpjpdjTJRU884sOc
QjqJsOLdQXI7nVXW/f5FupuDBNQnAC1YLHPR/ZSR7yM0K2dI/VJTTTXACfeUlKWO
Mh4TEaJhIv4LFY1YXt0qfshEMjorgVIuePjBfv1lFtdwA2ccyzQtrkZkv4VDtzN8
v2Y9iv4XnWBAiEUzzaAUuDUptt09ZzcqHE7nqmIui9WO3msfO3zR7cfJN89FAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUSwWnM2LFOUYA1rqmbma7yY7LpqQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEwNTcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtw
MA0GCSqGSIb3DQEBCwUAA4IBAQBYj6O+3u7S/OPRrd7lsSDzdIXStTA5v8Dvf3L7
K9+fBxa2aPkQU5T1SP1N7mkQ7DQIC8P394mPNgUOvuZ8jAz4+OSAWGzMhF2B0cHf
gdQcrWOAan7ETXaRZawoBbn55KUw6NddBv3DJ8pLg7S4VRASWMH333aVrFakuL+3
StM2Y6iSxUhhClVf1vnbfIadOAAmdtsxRYWbkO40Bc2dQWzjlSo376lpsA715A3F
sD1fgK+EVcOBw6RPVEr/fPb0zn4XYRytu4zMLQeW3G514b3s/p3Ygr5MjGXJIEo2
yGHdUQOpB8ICIwLUJxyrL5lQgUTgfPadyC4SzKtSWaZdqJWS
-----END CERTIFICATE-----