Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211936.roa
File:                     AS211936.roa (raw, json)
Hash identifier:          EVxAPhTwAfA7OIU1h4th4ELiFUkznlLY1E7SUkBk9c4=
Subject key identifier:   D7:86:FF:CD:0F:4E:31:DB:A9:ED:55:25:2F:04:76:3A:4B:21:42:F4
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3952A1013CD7496A59238EACDF117462ED89C563
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211936.roa
Signing time:             Tue 10 Oct 2023 23:36:19 +0000
ROA not before:           Tue 10 Oct 2023 23:31:19 +0000
ROA not after:            Tue 08 Oct 2024 23:36:19 +0000
asID:                     211936
IP address blocks:        141.11.222.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:52:a1:01:3c:d7:49:6a:59:23:8e:ac:df:11:74:62:ed:89:c5:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 10 23:31:19 2023 GMT
            Not After : Oct  8 23:36:19 2024 GMT
        Subject: CN=D786FFCD0F4E31DBA9ED55252F04763A4B2142F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d7:b4:f5:b8:63:65:c9:0f:c5:93:58:7c:84:
                    58:79:91:5a:e9:4b:3a:ed:80:b2:85:5a:27:62:8d:
                    b2:8e:48:b6:fd:d3:93:0e:2a:46:84:8e:a1:2c:ed:
                    fb:3c:51:df:1c:69:26:0e:72:b4:31:3d:ca:25:24:
                    98:e0:7d:c9:a9:58:64:61:10:9a:14:0d:ba:53:29:
                    c3:fd:99:23:cc:46:31:85:90:28:5b:d7:0a:5e:9d:
                    df:ac:65:18:f5:76:0f:43:52:ad:88:3c:4f:20:64:
                    67:b1:31:c9:cd:b4:43:48:c7:43:80:94:23:48:9c:
                    31:1c:d8:42:e1:b0:51:e7:9a:9e:8d:9f:af:ef:95:
                    b0:40:58:b2:a4:7c:04:32:e3:2c:de:3d:99:39:c1:
                    8f:93:93:44:9c:4a:e7:df:f0:b9:1b:ee:0f:22:a5:
                    ad:37:91:3b:32:14:c4:2c:65:17:13:cc:f2:cf:d9:
                    d0:e6:cd:31:dc:06:3d:a3:1c:e4:73:d6:6e:6b:df:
                    f7:1f:26:4f:8f:7c:45:29:bc:85:af:50:df:a6:2d:
                    70:34:0c:db:0b:3f:31:73:91:8e:0b:aa:7d:e8:5b:
                    4b:04:4f:e3:c9:df:59:9c:7b:2c:dc:15:6f:ed:d3:
                    32:94:e0:47:03:57:18:2c:a5:be:91:c3:25:b9:90:
                    b5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:86:FF:CD:0F:4E:31:DB:A9:ED:55:25:2F:04:76:3A:4B:21:42:F4
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ce:86:db:ca:1f:9d:fa:4c:76:21:3c:24:19:6f:c5:9b:1b:02:
         21:1b:59:27:86:69:bb:05:63:b0:7f:a4:e4:a3:f5:ca:4d:35:
         18:59:08:58:5b:90:30:95:1b:c8:61:0f:25:33:9e:ee:57:66:
         71:67:36:60:95:85:a9:c5:18:28:ef:96:d1:c2:20:e4:28:6e:
         a0:17:6b:f4:53:57:7a:3e:e6:65:39:ef:09:c2:d9:9f:50:4f:
         c9:43:a6:7b:c7:a1:7c:63:eb:e2:0e:3c:98:ab:48:29:eb:ae:
         96:63:a3:0b:58:b4:d7:13:73:31:4b:dd:20:6b:88:ff:ee:e5:
         5e:c7:c9:05:47:29:0d:4d:bd:8c:76:54:59:f1:0c:27:0f:a4:
         c8:81:09:4a:f8:f4:a9:20:08:bc:43:fe:05:d0:b8:39:f0:47:
         d0:86:62:99:15:01:af:41:23:50:be:61:67:a5:b9:f5:a7:bc:
         9b:24:26:cc:62:e5:26:b5:08:7a:a1:72:ac:55:46:db:29:0e:
         26:d1:92:72:90:a9:cd:d3:6f:79:c4:7f:37:61:2f:fa:39:4d:
         dc:76:1f:5f:00:dc:3f:c4:a8:49:05:77:1d:d5:cc:81:01:10:
         e7:d2:9a:d2:18:c9:ec:7a:56:9f:2e:16:25:35:b8:d6:18:d2:
         ab:04:e0:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOVKhATzXSWpZI46s3xF0Yu2JxWMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEwMTAyMzMxMTlaFw0yNDEwMDgyMzM2MTlaMDMxMTAvBgNV
BAMTKEQ3ODZGRkNEMEY0RTMxREJBOUVENTUyNTJGMDQ3NjNBNEIyMTQyRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy17T1uGNlyQ/Fk1h8hFh5kVrp
SzrtgLKFWidijbKOSLb905MOKkaEjqEs7fs8Ud8caSYOcrQxPcolJJjgfcmpWGRh
EJoUDbpTKcP9mSPMRjGFkChb1wpend+sZRj1dg9DUq2IPE8gZGexMcnNtENIx0OA
lCNInDEc2ELhsFHnmp6Nn6/vlbBAWLKkfAQy4yzePZk5wY+Tk0ScSuff8Lkb7g8i
pa03kTsyFMQsZRcTzPLP2dDmzTHcBj2jHORz1m5r3/cfJk+PfEUpvIWvUN+mLXA0
DNsLPzFzkY4Lqn3oW0sET+PJ31mceyzcFW/t0zKU4EcDVxgspb6RwyW5kLW/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU14b/zQ9OMdup7VUlLwR2OkshQvQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExOTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQve
MA0GCSqGSIb3DQEBCwUAA4IBAQDOhtvKH536THYhPCQZb8WbGwIhG1knhmm7BWOw
f6Tko/XKTTUYWQhYW5AwlRvIYQ8lM57uV2ZxZzZglYWpxRgo75bRwiDkKG6gF2v0
U1d6PuZlOe8JwtmfUE/JQ6Z7x6F8Y+viDjyYq0gp666WY6MLWLTXE3MxS90ga4j/
7uVex8kFRykNTb2MdlRZ8QwnD6TIgQlK+PSpIAi8Q/4F0Lg58EfQhmKZFQGvQSNQ
vmFnpbn1p7ybJCbMYuUmtQh6oXKsVUbbKQ4m0ZJykKnN0295xH83YS/6OU3cdh9f
ANw/xKhJBXcd1cyBARDn0prSGMnselafLhYlNbjWGNKrBOBO
-----END CERTIFICATE-----