Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210893.roa
File:                     AS210893.roa (raw, json)
Hash identifier:          gKOYuwaf3nTRuXT4bGGrXRf3zU5bjbPvrNJGM3ejoV8=
Subject key identifier:   D8:29:BD:62:39:36:76:4B:40:DC:FA:3B:71:F3:46:D5:6A:67:F0:8A
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4B4FF34A9A5626181B1F5C7BA89AC47E91B24AD5
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210893.roa
Signing time:             Wed 20 Nov 2024 10:43:28 +0000
ROA not before:           Wed 20 Nov 2024 10:38:28 +0000
ROA not after:            Wed 19 Nov 2025 10:43:28 +0000
asID:                     210893
IP address blocks:        141.11.200.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:4f:f3:4a:9a:56:26:18:1b:1f:5c:7b:a8:9a:c4:7e:91:b2:4a:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 20 10:38:28 2024 GMT
            Not After : Nov 19 10:43:28 2025 GMT
        Subject: CN=D829BD623936764B40DCFA3B71F346D56A67F08A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d5:09:9f:26:9c:1f:e4:b8:19:ad:c3:30:3b:
                    6c:6e:55:38:7c:ab:de:67:d6:65:61:a8:a6:9b:02:
                    a2:71:d2:4c:7b:8d:d0:b1:1b:c2:36:bd:6f:08:1d:
                    ee:eb:a5:b1:a0:d4:c7:60:11:50:dc:2c:a5:29:5c:
                    a6:15:b2:06:6a:35:40:35:f5:fe:77:1f:3d:73:f4:
                    b0:aa:01:a5:5d:05:4e:25:c4:a4:27:6a:26:04:9a:
                    c3:79:37:61:21:a5:b8:00:67:ee:e3:34:a2:5c:f6:
                    49:12:5b:16:fd:2a:5e:53:d8:7c:39:1e:bb:ae:e4:
                    f1:48:07:cb:31:5f:d8:f7:b2:0c:44:41:a8:bd:32:
                    34:56:fd:2d:fd:8b:8d:b7:4e:5b:98:b9:58:72:36:
                    9e:75:1d:78:1d:0f:ab:a8:d5:39:ff:32:0e:3a:fd:
                    55:29:2b:16:91:f7:24:11:cf:c6:30:7e:0a:8a:9b:
                    f4:72:5e:80:fd:a8:4b:83:29:65:a5:23:42:df:95:
                    ba:17:db:b5:5d:a6:fd:d4:70:38:bb:05:6c:ac:6f:
                    69:40:8c:9d:16:d7:16:f3:44:42:a7:c6:ee:99:cb:
                    0a:c5:e4:e3:93:c6:6f:01:4f:f8:4d:fa:9f:ec:c5:
                    5f:85:51:51:33:d6:e3:69:44:45:26:e0:9f:c7:0e:
                    32:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:29:BD:62:39:36:76:4B:40:DC:FA:3B:71:F3:46:D5:6A:67:F0:8A
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210893.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:7c:4f:c6:b0:d5:09:7b:04:a2:55:58:89:1c:90:05:70:af:
         e1:3e:59:b0:9c:71:11:4c:51:86:6d:bd:20:aa:96:87:6b:13:
         7a:a2:78:e9:45:38:e7:17:18:e7:21:d1:c8:9c:00:e7:98:5a:
         ca:bf:66:6f:ee:c6:1f:f7:eb:23:a0:71:64:7a:75:ca:51:1f:
         6f:ae:57:42:dc:4e:c2:ae:e1:33:be:27:f1:86:a8:36:1a:76:
         91:65:d3:16:a5:b1:42:04:72:c2:ec:05:10:1a:d0:c4:68:e3:
         a5:ad:39:2a:d6:8c:fe:0c:c7:b9:d6:c2:92:1d:c0:a6:5f:d3:
         7c:07:9b:9a:bb:23:22:68:cc:96:69:be:2c:be:17:7f:b2:48:
         f8:e9:89:59:9d:f5:4f:12:c8:a8:b9:1d:02:5a:e8:85:a6:fd:
         6e:99:c0:b5:bd:99:e4:1e:18:1a:9b:2a:09:1a:9d:2d:2d:e6:
         a4:9d:73:42:f3:16:6a:44:84:3b:22:e2:d0:d8:81:7b:13:e0:
         a2:a6:b8:58:a1:8c:43:ae:eb:be:cd:1d:0a:22:c2:82:7f:ba:
         08:f3:6d:f2:60:ae:fe:36:fe:af:af:6f:cb:af:50:15:b5:ab:
         8b:0c:57:bd:63:ea:27:a0:43:7e:be:6e:05:5f:1c:ad:ca:65:
         0f:9e:f5:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS0/zSppWJhgbH1x7qJrEfpGyStUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMjAxMDM4MjhaFw0yNTExMTkxMDQzMjhaMDMxMTAvBgNV
BAMTKEQ4MjlCRDYyMzkzNjc2NEI0MERDRkEzQjcxRjM0NkQ1NkE2N0YwOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX1QmfJpwf5LgZrcMwO2xuVTh8
q95n1mVhqKabAqJx0kx7jdCxG8I2vW8IHe7rpbGg1MdgEVDcLKUpXKYVsgZqNUA1
9f53Hz1z9LCqAaVdBU4lxKQnaiYEmsN5N2EhpbgAZ+7jNKJc9kkSWxb9Kl5T2Hw5
Hruu5PFIB8sxX9j3sgxEQai9MjRW/S39i423TluYuVhyNp51HXgdD6uo1Tn/Mg46
/VUpKxaR9yQRz8YwfgqKm/RyXoD9qEuDKWWlI0LflboX27Vdpv3UcDi7BWysb2lA
jJ0W1xbzREKnxu6ZywrF5OOTxm8BT/hN+p/sxV+FUVEz1uNpREUm4J/HDjL3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2Cm9Yjk2dktA3Po7cfNG1Wpn8IowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEwODkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQvI
MA0GCSqGSIb3DQEBCwUAA4IBAQB/fE/GsNUJewSiVViJHJAFcK/hPlmwnHERTFGG
bb0gqpaHaxN6onjpRTjnFxjnIdHInADnmFrKv2Zv7sYf9+sjoHFkenXKUR9vrldC
3E7CruEzvifxhqg2GnaRZdMWpbFCBHLC7AUQGtDEaOOlrTkq1oz+DMe51sKSHcCm
X9N8B5uauyMiaMyWab4svhd/skj46YlZnfVPEsiouR0CWuiFpv1umcC1vZnkHhga
myoJGp0tLeaknXNC8xZqRIQ7IuLQ2IF7E+CiprhYoYxDruu+zR0KIsKCf7oI823y
YK7+Nv6vr2/Lr1AVtauLDFe9Y+onoEN+vm4FXxytymUPnvUI
-----END CERTIFICATE-----