Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210937.roa
File:                     AS210937.roa (raw, json)
Hash identifier:          8oKXlIwBTfgGo9XtUxm/ewgnBWCGK1nnVfxW+ZrOTAs=
Subject key identifier:   1B:A7:B3:BC:E3:9D:B7:ED:9C:E2:4B:03:85:BB:A5:DA:52:D0:CB:81
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3EDA95E4723E957BC182B874D5C9C1C2331E66E0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210937.roa
Signing time:             Tue 29 Oct 2024 15:43:26 +0000
ROA not before:           Tue 29 Oct 2024 15:38:26 +0000
ROA not after:            Tue 28 Oct 2025 15:43:26 +0000
asID:                     210937
IP address blocks:        141.11.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:da:95:e4:72:3e:95:7b:c1:82:b8:74:d5:c9:c1:c2:33:1e:66:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:26 2024 GMT
            Not After : Oct 28 15:43:26 2025 GMT
        Subject: CN=1BA7B3BCE39DB7ED9CE24B0385BBA5DA52D0CB81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5b:fa:54:40:83:c5:98:76:bc:6c:a7:d6:54:
                    9f:5d:ac:a1:23:02:c8:e8:82:d1:a6:0a:2e:74:e0:
                    c4:d1:32:24:52:aa:e6:9b:b5:0e:2b:73:f3:f7:c9:
                    17:36:e6:96:ea:e3:b4:89:d9:81:63:e2:4d:eb:ad:
                    e1:68:72:31:a1:e8:3a:ca:06:c8:a8:ec:45:51:2e:
                    b5:28:0c:07:f1:ab:f2:5b:7d:35:0b:40:dc:2a:44:
                    ca:1a:1d:20:3d:55:1e:b7:f5:33:df:15:ea:37:bf:
                    5b:90:1a:75:63:b8:d1:ff:8b:30:3c:99:fb:9b:6b:
                    07:b1:cf:18:1a:78:82:45:c5:45:0d:13:d2:3b:d5:
                    88:e7:44:b7:fa:02:8c:24:0e:67:69:62:9f:59:89:
                    1d:0f:49:fe:c7:71:2e:81:b4:cc:dd:8b:af:3d:b6:
                    ef:40:0a:b7:f6:0f:0d:9b:9d:ee:bf:79:7c:05:19:
                    18:c5:76:a0:57:6d:9a:30:0a:32:ab:8c:c3:2f:1e:
                    d6:85:1c:38:13:c9:ba:16:d7:80:3f:f1:b1:d3:f8:
                    28:77:26:e3:ed:fe:7d:1e:91:3d:80:60:f0:b9:02:
                    2d:32:f0:be:dd:4a:ab:8c:3a:0a:3a:97:68:1a:ac:
                    60:d0:67:f5:52:38:6f:e7:4c:97:eb:ed:6f:a8:60:
                    54:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:A7:B3:BC:E3:9D:B7:ED:9C:E2:4B:03:85:BB:A5:DA:52:D0:CB:81
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:96:23:72:f7:7d:3b:39:01:91:38:a2:51:d0:48:bc:b1:b2:
         8b:31:f0:30:a4:58:20:42:29:fa:68:cc:56:29:8a:61:13:75:
         d5:f0:80:b1:d6:9f:79:89:94:e6:0c:ff:a4:1e:ef:0a:d4:65:
         73:f6:24:26:82:f7:6b:75:db:a8:22:10:3a:ed:a4:be:e8:8c:
         2c:f8:bd:08:12:3e:55:64:f6:38:8d:53:42:b6:5a:48:6b:bc:
         0a:6d:61:64:93:7c:c5:2e:62:17:49:c9:f5:67:97:8f:e8:a2:
         c4:82:f0:33:f7:cf:ff:49:1b:43:d8:97:a8:99:98:24:dc:23:
         88:07:f5:d9:43:f6:56:57:b8:17:16:9b:21:b9:ef:72:8d:8f:
         ea:35:99:77:d4:3f:3a:aa:1a:6b:7a:71:94:16:8a:18:8c:4d:
         2b:82:bd:29:55:d4:80:88:df:07:68:b1:b6:3e:7a:47:fd:94:
         b8:d4:0e:fc:7f:bb:7f:5d:89:c5:1b:5a:58:17:84:07:79:bc:
         48:fa:ec:89:73:09:38:27:82:a6:44:c0:37:3c:86:ed:a1:38:
         31:83:e2:42:22:54:a7:08:38:07:c7:85:15:dc:c8:29:d7:42:
         73:56:c4:a0:cb:d0:39:07:35:e9:cc:4a:a9:cc:47:40:37:2a:
         52:4f:09:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPtqV5HI+lXvBgrh01cnBwjMeZuAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjZaFw0yNTEwMjgxNTQzMjZaMDMxMTAvBgNV
BAMTKDFCQTdCM0JDRTM5REI3RUQ5Q0UyNEIwMzg1QkJBNURBNTJEMENCODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqW/pUQIPFmHa8bKfWVJ9drKEj
AsjogtGmCi504MTRMiRSquabtQ4rc/P3yRc25pbq47SJ2YFj4k3rreFocjGh6DrK
Bsio7EVRLrUoDAfxq/JbfTULQNwqRMoaHSA9VR639TPfFeo3v1uQGnVjuNH/izA8
mfubawexzxgaeIJFxUUNE9I71YjnRLf6AowkDmdpYp9ZiR0PSf7HcS6BtMzdi689
tu9ACrf2Dw2bne6/eXwFGRjFdqBXbZowCjKrjMMvHtaFHDgTyboW14A/8bHT+Ch3
JuPt/n0ekT2AYPC5Ai0y8L7dSquMOgo6l2garGDQZ/VSOG/nTJfr7W+oYFQBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUG6ezvOOdt+2c4ksDhbul2lLQy4EwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEwOTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsL
MA0GCSqGSIb3DQEBCwUAA4IBAQCHliNy9307OQGROKJR0Ei8sbKLMfAwpFggQin6
aMxWKYphE3XV8ICx1p95iZTmDP+kHu8K1GVz9iQmgvdrdduoIhA67aS+6Iws+L0I
Ej5VZPY4jVNCtlpIa7wKbWFkk3zFLmIXScn1Z5eP6KLEgvAz98//SRtD2JeomZgk
3COIB/XZQ/ZWV7gXFpshue9yjY/qNZl31D86qhprenGUFooYjE0rgr0pVdSAiN8H
aLG2PnpH/ZS41A78f7t/XYnFG1pYF4QHebxI+uyJcwk4J4KmRMA3PIbtoTgxg+JC
IlSnCDgHx4UV3Mgp10JzVsSgy9A5BzXpzEqpzEdANypSTwnf
-----END CERTIFICATE-----