Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          ZgNI+bp0mCN0NwkDfZyYSGklt20SfK5ZZz/4WWphZLg=
Subject key identifier:   34:AD:DD:C0:73:EB:A4:49:DA:1D:66:D8:FF:B0:1E:E1:A4:97:66:BD
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       318C30754EFF916F4DD44529427326B22606F455
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa
Signing time:             Sat 12 Aug 2023 00:00:14 +0000
ROA not before:           Fri 11 Aug 2023 23:55:14 +0000
ROA not after:            Sat 10 Aug 2024 00:00:14 +0000
asID:                     211440
IP address blocks:        141.11.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:8c:30:75:4e:ff:91:6f:4d:d4:45:29:42:73:26:b2:26:06:f4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 11 23:55:14 2023 GMT
            Not After : Aug 10 00:00:14 2024 GMT
        Subject: CN=34ADDDC073EBA449DA1D66D8FFB01EE1A49766BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c8:27:45:a1:fb:fd:f6:c3:1c:6a:21:49:78:
                    43:26:bc:7f:55:4b:c2:46:34:2f:55:95:e7:19:42:
                    be:7e:96:de:5e:1d:24:50:2c:f7:3c:24:da:b8:26:
                    a9:07:90:68:da:b9:e1:9c:5d:d7:16:0f:78:fe:74:
                    c5:4f:3f:c1:bb:ab:eb:41:88:16:df:d6:68:dc:cb:
                    c0:9e:c8:c4:77:5b:2a:a0:c2:b3:31:2a:37:af:f6:
                    43:42:be:45:a4:b6:ac:fa:4a:cd:08:06:0c:b1:4c:
                    36:87:13:b6:0f:ef:1f:2e:c0:01:d2:59:09:0f:96:
                    db:5b:5b:e5:78:c3:fd:66:4a:14:32:b0:27:7b:52:
                    ec:04:fa:f2:ea:b9:f6:6f:eb:ed:ee:07:3c:13:23:
                    7d:09:4c:32:03:af:42:a8:fa:d8:95:77:4c:d8:3b:
                    79:40:5a:7d:31:2a:cd:29:e0:a9:46:95:fc:03:00:
                    51:32:35:2a:ec:b8:e2:c6:92:ec:8a:cd:32:f6:2d:
                    fb:9e:d1:d9:5f:92:f0:dc:cc:59:82:82:0f:b5:82:
                    1f:69:68:ad:d2:4d:20:08:6a:f0:94:83:de:01:83:
                    e6:37:fc:6b:22:ec:51:80:c4:2f:16:f2:e3:5b:eb:
                    41:04:db:08:04:69:a5:5b:64:e7:f3:5f:93:29:f8:
                    00:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AD:DD:C0:73:EB:A4:49:DA:1D:66:D8:FF:B0:1E:E1:A4:97:66:BD
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:eb:b0:41:63:23:73:3a:2a:2b:79:6e:19:8e:ee:1d:ed:2a:
         64:40:2e:47:91:4f:ab:7f:92:ec:62:ab:7b:83:eb:0e:de:e7:
         d8:4e:b9:8f:aa:7f:0e:cb:09:3d:79:0b:0d:ad:c4:61:58:46:
         43:ff:4f:d4:47:9a:8c:bb:ce:14:85:12:f6:d7:19:5b:2a:dc:
         fa:5f:9a:28:44:73:0f:f2:f7:64:b1:54:20:e4:45:50:37:2d:
         ed:a1:71:49:ec:f6:41:c0:ef:a6:34:c9:92:2a:96:f5:73:8d:
         aa:a4:ee:e4:c3:82:03:a6:bf:bc:20:18:69:e9:89:6b:5d:8b:
         f8:59:82:5d:63:2d:f2:1e:a9:72:aa:1e:a2:bf:de:58:a1:db:
         5e:27:4d:77:71:3e:6e:42:25:24:22:36:c0:ee:9f:3b:9c:1d:
         96:b6:d1:fc:a8:db:e6:9d:61:e3:8b:83:d1:87:0f:55:95:98:
         49:b4:08:99:24:7c:eb:27:1b:1c:82:d6:6b:e5:1d:f2:dc:93:
         ac:83:85:0b:d9:2b:55:93:5c:79:06:3b:56:47:8f:b8:27:76:
         08:e1:21:92:00:a1:5e:64:47:02:ee:78:3d:ee:9e:08:38:97:
         07:b4:09:d3:10:59:3d:a1:cd:b2:52:d3:a6:d0:be:b9:40:c3:
         96:10:b6:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMYwwdU7/kW9N1EUpQnMmsiYG9FUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzA4MTEyMzU1MTRaFw0yNDA4MTAwMDAwMTRaMDMxMTAvBgNV
BAMTKDM0QUREREMwNzNFQkE0NDlEQTFENjZEOEZGQjAxRUUxQTQ5NzY2QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvyCdFofv99sMcaiFJeEMmvH9V
S8JGNC9VlecZQr5+lt5eHSRQLPc8JNq4JqkHkGjaueGcXdcWD3j+dMVPP8G7q+tB
iBbf1mjcy8CeyMR3WyqgwrMxKjev9kNCvkWktqz6Ss0IBgyxTDaHE7YP7x8uwAHS
WQkPlttbW+V4w/1mShQysCd7UuwE+vLqufZv6+3uBzwTI30JTDIDr0Ko+tiVd0zY
O3lAWn0xKs0p4KlGlfwDAFEyNSrsuOLGkuyKzTL2Lfue0dlfkvDczFmCgg+1gh9p
aK3STSAIavCUg94Bg+Y3/Gsi7FGAxC8W8uNb60EE2wgEaaVbZOfzX5Mp+AB9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNK3dwHPrpEnaHWbY/7Ae4aSXZr0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtj
MA0GCSqGSIb3DQEBCwUAA4IBAQCL67BBYyNzOioreW4Zju4d7SpkQC5HkU+rf5Ls
Yqt7g+sO3ufYTrmPqn8Oywk9eQsNrcRhWEZD/0/UR5qMu84UhRL21xlbKtz6X5oo
RHMP8vdksVQg5EVQNy3toXFJ7PZBwO+mNMmSKpb1c42qpO7kw4IDpr+8IBhp6Ylr
XYv4WYJdYy3yHqlyqh6iv95YodteJ013cT5uQiUkIjbA7p87nB2WttH8qNvmnWHj
i4PRhw9VlZhJtAiZJHzrJxscgtZr5R3y3JOsg4UL2StVk1x5BjtWR4+4J3YI4SGS
AKFeZEcC7ng97p4IOJcHtAnTEFk9oc2yUtOm0L65QMOWELYw
-----END CERTIFICATE-----