Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210937.roa
File:                     AS210937.roa (raw, json)
Hash identifier:          a3eUbGzQ+8IP4NRPcTz97ZQHTXKC7Embdt2RfRXQMm8=
Subject key identifier:   7A:94:CC:27:E8:FF:BA:50:7C:69:74:B6:D1:56:20:D0:4F:27:A5:86
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4B305EA0B9245DE6E8098C2E678D4B30837D4937
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210937.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     210937
IP address blocks:        141.11.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:30:5e:a0:b9:24:5d:e6:e8:09:8c:2e:67:8d:4b:30:83:7d:49:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=7A94CC27E8FFBA507C6974B6D15620D04F27A586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2f:3e:5e:8c:10:15:5c:af:d7:60:a2:25:81:
                    c4:8b:8f:dd:48:94:4a:f4:30:d2:17:e3:a6:d1:87:
                    d6:1e:9e:f7:5e:e4:47:13:7c:d6:09:02:f7:43:2e:
                    ba:75:58:4f:23:dc:1f:2d:ed:b3:e2:91:ad:9d:c6:
                    23:99:ea:7f:dd:1b:3d:b6:ac:ba:5c:f2:3b:fd:b9:
                    06:26:f0:a8:0f:01:a1:e4:c4:9b:04:82:38:30:bc:
                    33:94:b0:a2:c9:d3:af:0b:c8:53:67:60:d5:2f:67:
                    d9:23:00:01:72:68:26:02:6a:3e:57:b0:da:f5:e2:
                    5b:db:b4:f4:71:5d:c6:2c:68:54:fa:cc:ce:53:23:
                    3c:66:8b:e7:6a:cf:06:72:e1:63:54:cf:3c:9c:c8:
                    31:f5:ea:d2:17:e0:b1:de:89:b4:ca:aa:5c:9b:04:
                    69:c9:cf:f5:7a:0b:89:e9:31:54:00:f5:1c:15:9d:
                    64:4f:19:33:69:f7:19:bd:b1:47:2d:ae:a6:b0:ba:
                    74:4b:23:fc:19:26:5f:77:e6:86:dc:21:d9:0f:1f:
                    b0:e2:13:67:c4:c8:93:f4:ff:0f:3c:54:58:5a:1e:
                    d9:9a:00:85:65:ad:90:75:72:5d:5d:4c:47:8c:d7:
                    aa:6d:93:86:67:5c:e3:d0:97:9a:1c:cd:8c:05:37:
                    44:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:94:CC:27:E8:FF:BA:50:7C:69:74:B6:D1:56:20:D0:4F:27:A5:86
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:fa:8d:1d:73:51:40:80:93:e9:af:e3:11:9b:97:d1:03:1e:
         ec:86:47:fc:9e:6b:90:35:65:ef:41:5e:b2:37:fd:59:24:57:
         28:76:3b:b7:26:66:82:d2:9b:56:50:33:48:8f:0d:4e:6d:3f:
         a5:d8:5a:7b:f8:96:cf:2c:2d:bf:b0:b9:59:6b:60:67:00:b7:
         0e:c6:78:e4:97:2f:ad:c8:f2:76:28:6c:4c:ba:44:9d:e4:ff:
         02:75:96:fc:c4:bb:58:54:05:69:04:f4:ec:2f:7d:fd:31:dc:
         2f:fc:5d:66:e4:f5:d3:6f:02:4c:aa:3f:83:4f:15:46:89:48:
         06:b9:14:4b:d9:52:86:53:1a:ab:37:6c:aa:d8:79:c1:41:69:
         31:29:50:da:43:6e:a9:cb:e8:b0:0e:fb:a1:e1:99:f2:d9:de:
         4d:54:78:40:8e:5f:ec:44:3b:11:d5:16:d2:6f:9a:75:47:b5:
         71:d2:31:03:c0:57:08:98:61:03:5e:43:47:8e:8e:75:d2:bb:
         2e:bb:f3:66:bf:87:6b:0c:6d:1a:35:1d:03:5f:57:62:c5:5e:
         df:51:b7:3b:e9:f8:bb:01:d4:80:e8:1e:76:b4:06:35:05:4a:
         a0:49:a7:94:ea:e1:59:d2:8d:96:59:93:6d:09:0b:a5:8f:83:
         df:cc:3b:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSzBeoLkkXeboCYwuZ41LMIN9STcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKDdBOTRDQzI3RThGRkJBNTA3QzY5NzRCNkQxNTYyMEQwNEYyN0E1ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8Lz5ejBAVXK/XYKIlgcSLj91I
lEr0MNIX46bRh9Yenvde5EcTfNYJAvdDLrp1WE8j3B8t7bPika2dxiOZ6n/dGz22
rLpc8jv9uQYm8KgPAaHkxJsEgjgwvDOUsKLJ068LyFNnYNUvZ9kjAAFyaCYCaj5X
sNr14lvbtPRxXcYsaFT6zM5TIzxmi+dqzwZy4WNUzzycyDH16tIX4LHeibTKqlyb
BGnJz/V6C4npMVQA9RwVnWRPGTNp9xm9sUctrqawunRLI/wZJl935obcIdkPH7Di
E2fEyJP0/w88VFhaHtmaAIVlrZB1cl1dTEeM16ptk4ZnXOPQl5oczYwFN0THAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUepTMJ+j/ulB8aXS20VYg0E8npYYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEwOTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsL
MA0GCSqGSIb3DQEBCwUAA4IBAQCn+o0dc1FAgJPpr+MRm5fRAx7shkf8nmuQNWXv
QV6yN/1ZJFcodju3JmaC0ptWUDNIjw1ObT+l2Fp7+JbPLC2/sLlZa2BnALcOxnjk
ly+tyPJ2KGxMukSd5P8CdZb8xLtYVAVpBPTsL339Mdwv/F1m5PXTbwJMqj+DTxVG
iUgGuRRL2VKGUxqrN2yq2HnBQWkxKVDaQ26py+iwDvuh4Zny2d5NVHhAjl/sRDsR
1RbSb5p1R7Vx0jEDwFcImGEDXkNHjo510rsuu/Nmv4drDG0aNR0DX1dixV7fUbc7
6fi7AdSA6B52tAY1BUqgSaeU6uFZ0o2WWZNtCQulj4PfzDux
-----END CERTIFICATE-----