Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          JWpqdQ8rtUBFJh4UuUL3gOwE1MHFzkqKqKoQLU4AhQs=
Subject key identifier:   B3:E2:94:DE:51:60:F1:FD:8F:94:87:50:74:88:3F:F4:21:39:C7:BD
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6C695A1E872BB607EE478B2CABDC6466FFDBFAA4
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa
Signing time:             Sat 13 Jul 2024 00:05:18 +0000
ROA not before:           Sat 13 Jul 2024 00:00:18 +0000
ROA not after:            Sat 12 Jul 2025 00:05:18 +0000
asID:                     211440
IP address blocks:        141.11.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:69:5a:1e:87:2b:b6:07:ee:47:8b:2c:ab:dc:64:66:ff:db:fa:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 13 00:00:18 2024 GMT
            Not After : Jul 12 00:05:18 2025 GMT
        Subject: CN=B3E294DE5160F1FD8F94875074883FF42139C7BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fd:e4:24:9d:80:70:e8:29:ed:b5:7f:02:fb:
                    d9:34:7c:f3:c4:77:a2:5e:6f:dc:b3:34:08:34:27:
                    d7:ee:8d:ef:c2:85:85:13:88:b9:fc:69:88:30:ef:
                    48:ad:11:30:47:de:6d:fe:29:6a:a9:ac:9c:de:e8:
                    cc:30:bf:42:6b:88:1d:c7:3f:36:04:27:d7:b6:66:
                    80:da:19:a4:99:fd:b7:db:de:49:d9:6b:a7:9b:1e:
                    de:91:fe:f7:9b:48:c5:79:96:c7:f4:0a:b3:25:76:
                    73:ac:64:a9:b8:7c:06:98:1b:36:8e:95:29:ec:80:
                    1d:25:e6:86:6c:66:ee:20:5b:51:03:87:da:50:4a:
                    5f:07:8e:84:41:9c:bb:db:8f:40:41:5d:aa:8a:d1:
                    cb:34:6a:b0:df:fa:96:3a:5a:75:91:db:04:4c:ca:
                    7e:25:ed:6f:9e:82:c4:bf:e9:6d:cd:64:41:93:c5:
                    70:07:0c:1e:ed:7c:aa:20:06:a5:3c:34:89:bb:7c:
                    95:96:25:d9:b5:e4:01:33:f1:7c:8d:7c:42:eb:1f:
                    53:27:18:bd:9c:1b:34:c7:c4:3d:f2:78:c5:0b:1f:
                    d7:64:0b:8e:30:cb:b9:77:33:f9:2d:c2:45:34:62:
                    4a:a7:e8:23:1f:3d:2f:73:b6:bc:de:69:61:2c:d6:
                    28:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:E2:94:DE:51:60:F1:FD:8F:94:87:50:74:88:3F:F4:21:39:C7:BD
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:47:38:69:3a:f3:ba:f3:e3:d8:34:56:0c:cc:99:51:fe:af:
         98:30:7c:ed:b4:20:53:30:c0:05:f6:2b:ab:2d:d9:92:b0:26:
         b8:5e:f1:f7:0f:f7:a0:b9:4a:85:6b:da:5d:39:c6:6b:e2:7e:
         d8:b9:36:0c:23:c0:c3:3d:95:8f:d4:38:e1:bb:1c:12:73:d9:
         8d:4e:a7:29:79:bf:1a:5a:6d:22:be:ee:ef:db:6e:cf:2d:03:
         ec:77:07:b9:57:14:cd:a5:11:4c:be:1a:de:40:77:f3:c9:db:
         cc:a4:02:28:14:6b:29:85:e3:c4:40:2c:19:3a:13:91:08:35:
         9f:1e:de:f1:c7:8a:97:7d:39:39:34:71:35:6e:d2:83:14:19:
         e6:c5:43:38:84:87:c6:82:59:00:e0:52:dd:a5:89:8f:f3:e9:
         24:1a:73:5a:2a:26:d3:eb:cf:5a:f0:e6:5f:96:e1:56:9b:8f:
         2d:34:a4:57:bd:d1:bc:32:ef:70:e1:46:d3:f6:37:93:3e:9c:
         24:6f:52:b1:61:33:41:8a:a0:7b:69:93:4b:47:96:de:42:29:
         b9:4e:bf:21:26:3d:3e:88:3b:ec:af:33:16:9d:5c:fd:1a:9c:
         b1:16:e2:18:a2:ee:6b:6d:23:70:ab:fc:93:d1:11:63:28:5f:
         f9:18:ed:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbGlaHocrtgfuR4ssq9xkZv/b+qQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA3MTMwMDAwMThaFw0yNTA3MTIwMDA1MThaMDMxMTAvBgNV
BAMTKEIzRTI5NERFNTE2MEYxRkQ4Rjk0ODc1MDc0ODgzRkY0MjEzOUM3QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt/eQknYBw6CnttX8C+9k0fPPE
d6Jeb9yzNAg0J9fuje/ChYUTiLn8aYgw70itETBH3m3+KWqprJze6Mwwv0JriB3H
PzYEJ9e2ZoDaGaSZ/bfb3knZa6ebHt6R/vebSMV5lsf0CrMldnOsZKm4fAaYGzaO
lSnsgB0l5oZsZu4gW1EDh9pQSl8HjoRBnLvbj0BBXaqK0cs0arDf+pY6WnWR2wRM
yn4l7W+egsS/6W3NZEGTxXAHDB7tfKogBqU8NIm7fJWWJdm15AEz8XyNfELrH1Mn
GL2cGzTHxD3yeMULH9dkC44wy7l3M/ktwkU0Ykqn6CMfPS9ztrzeaWEs1igTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUs+KU3lFg8f2PlIdQdIg/9CE5x70wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtj
MA0GCSqGSIb3DQEBCwUAA4IBAQC+RzhpOvO68+PYNFYMzJlR/q+YMHzttCBTMMAF
9iurLdmSsCa4XvH3D/eguUqFa9pdOcZr4n7YuTYMI8DDPZWP1DjhuxwSc9mNTqcp
eb8aWm0ivu7v227PLQPsdwe5VxTNpRFMvhreQHfzydvMpAIoFGsphePEQCwZOhOR
CDWfHt7xx4qXfTk5NHE1btKDFBnmxUM4hIfGglkA4FLdpYmP8+kkGnNaKibT689a
8OZfluFWm48tNKRXvdG8Mu9w4UbT9jeTPpwkb1KxYTNBiqB7aZNLR5beQim5Tr8h
Jj0+iDvsrzMWnVz9GpyxFuIYou5rbSNwq/yT0RFjKF/5GO2I
-----END CERTIFICATE-----