Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210893.roa
File:                     AS210893.roa (raw, json)
Hash identifier:          L+z658jqaBP0Tem6T/IV76XUmPtzt1G4qFQaL3ZnYJU=
Subject key identifier:   C9:BA:03:D4:2A:DC:F9:FB:BA:A8:87:D0:FC:40:23:C6:A6:8A:23:38
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2013CF5D1B41D6997051E51CB972BC1DCD201696
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210893.roa
Signing time:             Wed 20 Dec 2023 10:03:38 +0000
ROA not before:           Wed 20 Dec 2023 09:58:38 +0000
ROA not after:            Wed 18 Dec 2024 10:03:38 +0000
asID:                     210893
IP address blocks:        141.11.200.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:13:cf:5d:1b:41:d6:99:70:51:e5:1c:b9:72:bc:1d:cd:20:16:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec 20 09:58:38 2023 GMT
            Not After : Dec 18 10:03:38 2024 GMT
        Subject: CN=C9BA03D42ADCF9FBBAA887D0FC4023C6A68A2338
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0d:ed:fa:46:83:8e:13:3a:24:3d:26:54:c1:
                    a0:c1:0c:9e:3a:0b:4d:af:65:33:7e:4a:09:2a:d1:
                    90:fe:df:bb:5c:cd:2e:48:3c:87:a3:1d:34:de:71:
                    c0:d0:8a:ea:9a:a0:0c:8f:b3:c9:18:53:ff:fd:ef:
                    a0:22:e6:20:b1:1c:24:d8:66:0b:b0:45:33:ba:bb:
                    bc:d0:7a:15:37:19:47:18:7e:10:5e:e2:60:77:bc:
                    d1:6b:b5:78:80:c8:a9:6d:09:08:71:ac:46:a3:df:
                    21:ad:f6:1e:5d:40:79:4f:9f:a2:7c:46:de:f3:47:
                    56:fe:0f:00:3d:d4:d6:65:3d:cd:45:c3:5e:8e:64:
                    21:10:e3:0f:69:d0:e0:d2:c2:7b:7e:3c:2c:8a:da:
                    b2:e8:b5:22:ee:7e:28:d7:63:4a:61:3c:4d:2b:48:
                    f5:24:18:e3:ca:49:b9:69:f4:b5:23:6b:cb:ee:de:
                    19:56:1c:84:2a:d2:06:50:5d:94:50:95:9a:18:15:
                    66:7a:f6:08:9f:81:8a:8f:2d:1e:98:86:0e:f6:cd:
                    56:38:31:a3:13:3c:f5:3c:cd:4b:00:6d:8e:56:d9:
                    9d:ac:7e:89:60:b2:90:0e:90:b3:20:cb:87:b1:77:
                    b5:0a:d5:3b:a0:c4:85:56:10:ee:7b:58:c8:5a:aa:
                    9e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:BA:03:D4:2A:DC:F9:FB:BA:A8:87:D0:FC:40:23:C6:A6:8A:23:38
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210893.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:16:bb:8c:fa:15:45:92:e0:1f:d2:cb:bf:c0:b9:19:90:fe:
         07:ac:84:45:24:13:d1:65:ae:c9:1f:46:12:fc:c0:a7:0a:66:
         eb:98:a9:4e:66:18:f7:ae:aa:2c:18:2c:ff:e6:e7:bc:b1:b1:
         be:7a:13:f9:a1:e0:1d:38:9f:a1:f5:10:7e:77:a5:02:47:a4:
         10:35:9a:a5:59:fc:4c:b2:57:77:89:0d:bb:d3:28:de:34:da:
         48:7d:8e:30:0a:f1:af:ff:49:fa:05:ad:7c:9d:31:a3:e3:7a:
         52:e2:63:ab:13:b5:81:eb:de:f1:cf:01:00:6f:92:7f:5c:9b:
         81:20:10:eb:a9:f9:cb:dd:af:9a:a8:06:00:d3:0e:90:34:4f:
         2b:b7:9a:cc:1e:83:dd:91:64:07:f8:47:8a:8e:86:c0:9b:2a:
         b5:13:9c:bb:0c:49:5c:e0:6e:89:7d:85:26:74:b9:a0:9e:2c:
         32:ac:6f:83:a1:c9:29:8a:1a:25:f7:11:80:91:8a:db:6a:f0:
         4d:4f:2f:70:ba:3c:78:b2:fb:bd:a3:50:53:8f:39:99:10:9d:
         7c:83:ce:d1:20:d7:83:54:c2:fb:0d:18:8f:6b:ba:b7:99:1e:
         ae:70:da:bc:ae:a3:77:58:44:07:52:82:d0:35:1d:18:0c:15:
         a6:fc:3c:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIBPPXRtB1plwUeUcuXK8Hc0gFpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEyMjAwOTU4MzhaFw0yNDEyMTgxMDAzMzhaMDMxMTAvBgNV
BAMTKEM5QkEwM0Q0MkFEQ0Y5RkJCQUE4ODdEMEZDNDAyM0M2QTY4QTIzMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjDe36RoOOEzokPSZUwaDBDJ46
C02vZTN+Sgkq0ZD+37tczS5IPIejHTTeccDQiuqaoAyPs8kYU//976Ai5iCxHCTY
ZguwRTO6u7zQehU3GUcYfhBe4mB3vNFrtXiAyKltCQhxrEaj3yGt9h5dQHlPn6J8
Rt7zR1b+DwA91NZlPc1Fw16OZCEQ4w9p0ODSwnt+PCyK2rLotSLufijXY0phPE0r
SPUkGOPKSblp9LUja8vu3hlWHIQq0gZQXZRQlZoYFWZ69gifgYqPLR6Yhg72zVY4
MaMTPPU8zUsAbY5W2Z2sfolgspAOkLMgy4exd7UK1TugxIVWEO57WMhaqp6tAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyboD1Crc+fu6qIfQ/EAjxqaKIzgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEwODkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQvI
MA0GCSqGSIb3DQEBCwUAA4IBAQB+FruM+hVFkuAf0su/wLkZkP4HrIRFJBPRZa7J
H0YS/MCnCmbrmKlOZhj3rqosGCz/5ue8sbG+ehP5oeAdOJ+h9RB+d6UCR6QQNZql
WfxMsld3iQ270yjeNNpIfY4wCvGv/0n6Ba18nTGj43pS4mOrE7WB697xzwEAb5J/
XJuBIBDrqfnL3a+aqAYA0w6QNE8rt5rMHoPdkWQH+EeKjobAmyq1E5y7DElc4G6J
fYUmdLmgniwyrG+Dockpihol9xGAkYrbavBNTy9wujx4svu9o1BTjzmZEJ18g87R
INeDVML7DRiPa7q3mR6ucNq8rqN3WEQHUoLQNR0YDBWm/Dyb
-----END CERTIFICATE-----