Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2110.roa
File:                     AS2110.roa (raw, json)
Hash identifier:          hKOKTHh8a7vuYcslc4RKQeNc41q5HQa0PDPQ1reNmkM=
Subject key identifier:   AE:E4:59:DB:6D:48:0E:0E:5B:10:DB:F8:D9:AD:36:91:E7:C7:96:32
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       03494B25F96A1D1CB26F7DA35298842DD33CCC65
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2110.roa
Signing time:             Wed 28 Aug 2024 14:45:03 +0000
ROA not before:           Wed 28 Aug 2024 14:40:03 +0000
ROA not after:            Wed 27 Aug 2025 14:45:03 +0000
asID:                     2110
IP address blocks:        141.11.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:49:4b:25:f9:6a:1d:1c:b2:6f:7d:a3:52:98:84:2d:d3:3c:cc:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 28 14:40:03 2024 GMT
            Not After : Aug 27 14:45:03 2025 GMT
        Subject: CN=AEE459DB6D480E0E5B10DBF8D9AD3691E7C79632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c2:f5:99:ca:e6:42:1a:40:15:29:97:7c:7e:
                    75:ff:c0:4a:ee:96:cf:c7:b5:cf:6b:98:fc:e3:c3:
                    e3:21:cf:17:7a:63:49:a4:1e:b0:cd:d5:bb:40:15:
                    1c:3a:5d:f2:3c:c2:32:c3:19:26:25:fe:04:40:30:
                    5d:08:aa:32:d3:5e:13:88:91:0f:57:f4:cb:f9:5f:
                    a3:d9:56:4b:2f:fd:41:d0:5b:61:45:94:d4:84:66:
                    94:97:01:ce:8a:01:13:17:ce:4a:4f:57:84:9d:b6:
                    69:b6:da:48:05:84:8f:4c:7a:e8:04:48:f7:9b:c2:
                    3f:47:5a:6a:7e:65:17:16:39:1d:c8:e6:8d:23:65:
                    a6:eb:cd:f0:96:e1:39:80:86:1b:fc:c4:26:5f:3a:
                    05:59:0d:db:f1:0b:96:2e:6a:bc:c6:06:0a:e2:c6:
                    6c:f7:3c:d1:81:90:a4:0d:03:85:02:38:2f:75:6f:
                    ac:a8:94:c7:fe:21:f2:21:06:c1:03:e1:fa:e2:06:
                    b7:40:48:49:25:5d:96:96:97:4c:ef:02:89:17:e4:
                    5f:bd:c7:42:e0:60:d1:71:c9:80:21:d4:0e:36:23:
                    00:27:f5:a6:71:d9:7d:31:6a:66:b6:72:f1:18:d4:
                    53:7d:e5:25:00:63:d5:00:19:f1:6e:d8:6e:07:4e:
                    77:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:E4:59:DB:6D:48:0E:0E:5B:10:DB:F8:D9:AD:36:91:E7:C7:96:32
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2110.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b1:34:0a:b5:f6:32:d8:97:69:e7:70:ca:02:d4:dc:03:f5:
         1e:fd:32:5a:97:cd:76:7a:90:d0:ab:ec:c0:00:31:25:b0:4f:
         a7:68:0e:81:09:d8:45:5b:e7:45:6f:81:60:30:16:f5:bc:c1:
         73:98:20:20:cb:fb:80:5e:88:8e:69:39:2f:17:6d:44:c2:d1:
         80:a5:a8:0e:8e:54:28:e2:1d:4f:04:e2:77:24:b6:e9:22:b3:
         88:20:d0:e7:56:8e:d9:e8:57:3d:d9:27:5e:b2:92:d2:77:39:
         01:5c:33:a3:13:26:c9:da:12:c9:2b:e2:7a:55:fb:b4:e0:37:
         17:7b:1d:62:e6:62:b8:4e:d0:8b:0a:35:3d:a3:dc:cc:27:3e:
         bc:a2:92:26:30:d4:5f:fe:5d:97:d5:d5:77:0d:d9:45:c7:fb:
         2f:cc:c1:9b:2e:83:ef:87:bd:92:48:c1:dd:d6:b5:68:1b:f7:
         92:a0:f5:98:85:2b:1f:b1:51:6c:d3:50:0c:77:53:aa:67:a8:
         f3:b2:39:6b:67:2c:c2:57:f7:3c:d3:a4:cd:6e:63:41:28:47:
         67:dc:3c:77:c7:63:ed:19:20:72:43:73:7b:ea:45:81:77:d5:
         7e:ac:a4:01:9a:16:b9:20:3d:80:63:d7:50:98:92:a9:07:ed:
         18:9f:52:63
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUA0lLJflqHRyyb32jUpiELdM8zGUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA4MjgxNDQwMDNaFw0yNTA4MjcxNDQ1MDNaMDMxMTAvBgNV
BAMTKEFFRTQ1OURCNkQ0ODBFMEU1QjEwREJGOEQ5QUQzNjkxRTdDNzk2MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9wvWZyuZCGkAVKZd8fnX/wEru
ls/Htc9rmPzjw+Mhzxd6Y0mkHrDN1btAFRw6XfI8wjLDGSYl/gRAMF0IqjLTXhOI
kQ9X9Mv5X6PZVksv/UHQW2FFlNSEZpSXAc6KARMXzkpPV4Sdtmm22kgFhI9MeugE
SPebwj9HWmp+ZRcWOR3I5o0jZabrzfCW4TmAhhv8xCZfOgVZDdvxC5YuarzGBgri
xmz3PNGBkKQNA4UCOC91b6yolMf+IfIhBsED4friBrdASEklXZaWl0zvAokX5F+9
x0LgYNFxyYAh1A42IwAn9aZx2X0xama2cvEY1FN95SUAY9UAGfFu2G4HTncTAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUruRZ221IDg5bENv42a02kefHljIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI0L/TAN
BgkqhkiG9w0BAQsFAAOCAQEANrE0CrX2MtiXaedwygLU3AP1Hv0yWpfNdnqQ0Kvs
wAAxJbBPp2gOgQnYRVvnRW+BYDAW9bzBc5ggIMv7gF6Ijmk5LxdtRMLRgKWoDo5U
KOIdTwTidyS26SKziCDQ51aO2ehXPdknXrKS0nc5AVwzoxMmydoSySvielX7tOA3
F3sdYuZiuE7Qiwo1PaPczCc+vKKSJjDUX/5dl9XVdw3ZRcf7L8zBmy6D74e9kkjB
3da1aBv3kqD1mIUrH7FRbNNQDHdTqmeo87I5a2cswlf3PNOkzW5jQShHZ9w8d8dj
7RkgckNze+pFgXfVfqykAZoWuSA9gGPXUJiSqQftGJ9SYw==
-----END CERTIFICATE-----