Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211936.roa
File:                     AS211936.roa (raw, json)
Hash identifier:          8wIU9ygsi2/rH32YvUl9akoKKOnMIJU6NTFMd0z/Ic0=
Subject key identifier:   67:94:56:16:B5:FC:32:97:A5:CF:77:54:B2:AC:65:B9:66:F7:CE:88
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6AFFEBA09FD03330F929129E7A2B585D6148299B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211936.roa
Signing time:             Wed 11 Sep 2024 00:05:20 +0000
ROA not before:           Wed 11 Sep 2024 00:00:20 +0000
ROA not after:            Wed 10 Sep 2025 00:05:20 +0000
asID:                     211936
IP address blocks:        141.11.222.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:ff:eb:a0:9f:d0:33:30:f9:29:12:9e:7a:2b:58:5d:61:48:29:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 11 00:00:20 2024 GMT
            Not After : Sep 10 00:05:20 2025 GMT
        Subject: CN=67945616B5FC3297A5CF7754B2AC65B966F7CE88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:db:66:a1:4c:cb:ec:34:90:6b:4f:da:fa:d1:
                    1c:aa:73:13:f8:87:1f:2d:cb:fd:1a:6b:b6:b7:35:
                    e1:b5:f7:7d:d6:1b:45:e2:0c:e2:f1:07:2c:3b:12:
                    f4:5e:9e:6f:3f:5b:7f:ca:24:5e:a1:d8:44:ca:a5:
                    4a:97:a9:97:aa:1e:21:5e:b5:c0:ac:3e:90:9f:fe:
                    ad:4b:cc:91:1e:84:58:4a:b9:73:80:e5:ca:c6:fc:
                    ce:ab:db:7d:09:1d:6f:52:d7:fc:59:f0:13:6e:e0:
                    ff:e5:36:ca:38:04:12:12:c8:b3:8e:15:d7:b7:4f:
                    20:b9:72:50:c2:74:ab:b9:73:58:44:39:e0:8f:a3:
                    b4:43:f8:b0:32:23:ae:af:45:39:7c:1c:c9:4a:d4:
                    10:b3:8c:83:b8:0a:fe:40:dd:57:a2:a0:c5:e0:ab:
                    9e:6d:04:cb:8c:1f:81:09:f1:a6:05:a9:db:6b:e0:
                    be:de:5f:b4:14:85:e5:96:66:85:63:da:8c:c6:d9:
                    6b:91:83:92:71:6b:45:c2:21:5f:7e:b2:b1:e6:d5:
                    98:d2:38:51:49:97:92:4b:f9:16:25:e6:25:2e:1d:
                    bc:d9:0d:fe:43:92:ed:c7:d9:e7:4e:dc:ee:bd:95:
                    ad:29:88:26:a1:92:ec:b8:7a:5c:47:a2:54:71:d2:
                    41:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:94:56:16:B5:FC:32:97:A5:CF:77:54:B2:AC:65:B9:66:F7:CE:88
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:d0:6d:88:84:0f:6d:ab:cd:d8:4a:3e:bc:56:a5:e1:31:5d:
         a4:62:d3:6d:b7:5c:c8:2f:99:93:b8:9b:2f:4f:4f:25:57:41:
         c6:8d:75:da:94:12:35:0b:82:01:4e:c3:37:ad:48:22:85:28:
         07:d1:48:8d:ec:31:17:fc:cb:8d:40:81:87:a7:38:d5:14:a0:
         7e:55:3a:86:75:ac:cf:29:01:5f:58:16:15:27:99:31:7f:58:
         e1:f6:d3:a7:bd:cc:2f:6a:48:4f:1f:0a:95:1a:7e:12:2a:4f:
         6f:08:fa:44:57:38:07:35:26:2a:cf:84:db:c5:ca:5f:60:0a:
         f4:99:d4:4c:9a:65:30:7f:ba:09:2c:74:97:04:d0:6f:34:3b:
         7c:2d:eb:60:f3:df:0f:b5:51:09:35:cc:d2:0e:8f:30:35:d3:
         00:04:76:df:72:ac:27:c0:b7:0c:9c:3c:08:35:bd:04:6e:9f:
         bc:9c:b4:35:9e:44:93:36:be:ed:3b:dc:af:a3:b4:95:0a:51:
         d5:38:08:18:34:a2:de:81:92:b5:fc:28:17:d7:5d:58:88:b1:
         5f:47:98:1a:43:df:ad:10:73:8e:80:79:44:db:81:1a:e1:d4:
         cf:98:23:fb:7f:8e:e1:ec:df:db:7c:2f:9c:62:84:40:8a:1a:
         07:13:56:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUav/roJ/QMzD5KRKeeitYXWFIKZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA5MTEwMDAwMjBaFw0yNTA5MTAwMDA1MjBaMDMxMTAvBgNV
BAMTKDY3OTQ1NjE2QjVGQzMyOTdBNUNGNzc1NEIyQUM2NUI5NjZGN0NFODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd22ahTMvsNJBrT9r60RyqcxP4
hx8ty/0aa7a3NeG1933WG0XiDOLxByw7EvRenm8/W3/KJF6h2ETKpUqXqZeqHiFe
tcCsPpCf/q1LzJEehFhKuXOA5crG/M6r230JHW9S1/xZ8BNu4P/lNso4BBISyLOO
Fde3TyC5clDCdKu5c1hEOeCPo7RD+LAyI66vRTl8HMlK1BCzjIO4Cv5A3VeioMXg
q55tBMuMH4EJ8aYFqdtr4L7eX7QUheWWZoVj2ozG2WuRg5Jxa0XCIV9+srHm1ZjS
OFFJl5JL+RYl5iUuHbzZDf5Dku3H2edO3O69la0piCahkuy4elxHolRx0kFpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZ5RWFrX8Mpelz3dUsqxluWb3zogwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExOTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQve
MA0GCSqGSIb3DQEBCwUAA4IBAQB70G2IhA9tq83YSj68VqXhMV2kYtNtt1zIL5mT
uJsvT08lV0HGjXXalBI1C4IBTsM3rUgihSgH0UiN7DEX/MuNQIGHpzjVFKB+VTqG
dazPKQFfWBYVJ5kxf1jh9tOnvcwvakhPHwqVGn4SKk9vCPpEVzgHNSYqz4Tbxcpf
YAr0mdRMmmUwf7oJLHSXBNBvNDt8Letg898PtVEJNczSDo8wNdMABHbfcqwnwLcM
nDwINb0Ebp+8nLQ1nkSTNr7tO9yvo7SVClHVOAgYNKLegZK1/CgX111YiLFfR5ga
Q9+tEHOOgHlE24Ea4dTPmCP7f47h7N/bfC+cYoRAihoHE1ZD
-----END CERTIFICATE-----