Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211318.roa
File:                     AS211318.roa (raw, json)
Hash identifier:          kCvJhzSf1Gs6Mypgzixs67BdI9mEHnhGGHwqljXGrtg=
Subject key identifier:   95:B3:8D:61:98:DD:31:C1:FB:52:DB:00:DA:22:9E:21:90:3A:46:B9
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       522148FEA63FFC1FA12AEC6CAFA028F1EBC0AE33
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211318.roa
Signing time:             Wed 22 May 2024 10:16:23 +0000
ROA not before:           Wed 22 May 2024 10:11:23 +0000
ROA not after:            Wed 21 May 2025 10:16:23 +0000
asID:                     211318
IP address blocks:        141.11.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:21:48:fe:a6:3f:fc:1f:a1:2a:ec:6c:af:a0:28:f1:eb:c0:ae:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 22 10:11:23 2024 GMT
            Not After : May 21 10:16:23 2025 GMT
        Subject: CN=95B38D6198DD31C1FB52DB00DA229E21903A46B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d4:d5:bf:ff:bc:db:a7:f9:c8:46:4d:1d:63:
                    c3:3c:34:b0:4d:f9:4d:a9:64:7c:10:a7:9d:9f:73:
                    36:cc:b6:3b:9a:11:d2:4b:58:7a:5b:bd:af:f5:12:
                    cb:f4:c8:49:ef:c8:36:f4:e7:27:56:54:8d:db:80:
                    b8:33:a2:7e:8d:3a:0d:82:1d:1d:96:c3:17:60:e9:
                    87:e9:d8:83:30:ee:cc:9b:45:97:84:5f:e3:1a:c1:
                    89:47:75:c1:6e:74:50:a7:0b:79:78:2f:3b:bc:0d:
                    07:93:7b:c2:53:b7:63:71:a3:bc:bf:5c:c1:89:7f:
                    66:2a:84:81:7c:5f:56:25:bc:d9:bc:78:df:d8:6f:
                    2e:48:4d:07:95:9b:07:92:7e:a5:bb:4f:3f:6e:33:
                    73:bf:60:a4:99:64:22:55:83:d4:44:86:81:87:3e:
                    68:25:03:00:a3:fe:21:72:18:34:f3:2d:2b:60:18:
                    1a:16:61:9b:f8:14:3e:ca:d4:a4:c9:b7:f9:d2:f8:
                    64:f5:a1:74:f8:08:d5:a6:64:2b:09:25:ba:44:cc:
                    f2:dc:66:07:fd:48:c8:23:ee:58:42:60:f1:dc:b4:
                    9b:98:b0:fe:86:87:38:1e:27:e0:79:30:04:1d:65:
                    9e:76:52:2b:03:78:46:a8:38:dc:dd:44:b1:9b:1d:
                    d0:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B3:8D:61:98:DD:31:C1:FB:52:DB:00:DA:22:9E:21:90:3A:46:B9
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211318.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:cb:81:89:22:64:92:c0:81:1a:fe:fb:8d:83:03:e6:f5:1f:
         9b:7c:aa:ac:b7:88:3f:36:ce:55:e8:09:23:5e:d8:fe:20:0c:
         ad:45:5f:ac:7b:1f:26:bc:77:07:c0:26:10:58:33:73:9c:45:
         47:85:df:83:22:c6:56:f3:28:3d:08:2c:7a:f1:d5:1f:a3:85:
         32:44:af:b6:3a:cd:20:ef:eb:e5:72:8a:e1:74:8c:be:db:16:
         d2:bc:ae:40:f4:be:75:6a:be:c8:98:28:11:2e:5a:85:68:c9:
         82:47:b1:68:6b:5d:02:0d:f7:c0:a0:a3:07:0b:fe:d9:c0:43:
         a5:f9:42:85:4b:02:da:39:23:2b:59:39:2b:08:1b:ef:ab:36:
         5a:b3:b8:32:53:8a:69:9a:ef:45:21:21:d2:10:3b:ca:7e:36:
         d3:25:74:62:25:05:76:a0:34:5e:f2:70:89:ec:32:67:c2:c2:
         7c:30:ce:55:90:1c:a6:4f:1e:3e:6a:7e:49:61:9c:df:25:3c:
         6c:d5:b6:74:f0:2b:d9:a2:41:e5:06:16:d1:9f:4e:2e:54:64:
         72:a3:b1:73:94:b2:ba:71:bd:79:bb:c1:9b:88:fb:cf:54:cc:
         98:bc:9d:97:3c:f4:57:ae:62:b1:80:f1:59:52:b5:4a:e4:4e:
         ba:ce:34:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUiFI/qY//B+hKuxsr6Ao8evArjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MjIxMDExMjNaFw0yNTA1MjExMDE2MjNaMDMxMTAvBgNV
BAMTKDk1QjM4RDYxOThERDMxQzFGQjUyREIwMERBMjI5RTIxOTAzQTQ2QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ1NW//7zbp/nIRk0dY8M8NLBN
+U2pZHwQp52fczbMtjuaEdJLWHpbva/1Esv0yEnvyDb05ydWVI3bgLgzon6NOg2C
HR2Wwxdg6Yfp2IMw7sybRZeEX+MawYlHdcFudFCnC3l4Lzu8DQeTe8JTt2Nxo7y/
XMGJf2YqhIF8X1YlvNm8eN/Yby5ITQeVmweSfqW7Tz9uM3O/YKSZZCJVg9REhoGH
PmglAwCj/iFyGDTzLStgGBoWYZv4FD7K1KTJt/nS+GT1oXT4CNWmZCsJJbpEzPLc
Zgf9SMgj7lhCYPHctJuYsP6GhzgeJ+B5MAQdZZ52UisDeEaoONzdRLGbHdD9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlbONYZjdMcH7UtsA2iKeIZA6RrkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExMzE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsY
MA0GCSqGSIb3DQEBCwUAA4IBAQCoy4GJImSSwIEa/vuNgwPm9R+bfKqst4g/Ns5V
6AkjXtj+IAytRV+sex8mvHcHwCYQWDNznEVHhd+DIsZW8yg9CCx68dUfo4UyRK+2
Os0g7+vlcorhdIy+2xbSvK5A9L51ar7ImCgRLlqFaMmCR7Foa10CDffAoKMHC/7Z
wEOl+UKFSwLaOSMrWTkrCBvvqzZas7gyU4ppmu9FISHSEDvKfjbTJXRiJQV2oDRe
8nCJ7DJnwsJ8MM5VkBymTx4+an5JYZzfJTxs1bZ08CvZokHlBhbRn04uVGRyo7Fz
lLK6cb15u8GbiPvPVMyYvJ2XPPRXrmKxgPFZUrVK5E66zjTa
-----END CERTIFICATE-----