Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211975.roa
File:                     AS211975.roa (raw, json)
Hash identifier:          IH4StDG8sojhLSC3thGUnVcg160H7Vrl6/9lQfkmhHg=
Subject key identifier:   DF:9E:E9:45:EC:87:9B:D0:19:41:E0:69:55:32:6B:AE:54:E4:8E:7F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3F30DF6CD57E6C00A266AFCF8B724383B50FD79E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211975.roa
Signing time:             Tue 24 Oct 2023 15:12:15 +0000
ROA not before:           Tue 24 Oct 2023 15:07:15 +0000
ROA not after:            Tue 22 Oct 2024 15:12:15 +0000
asID:                     211975
IP address blocks:        141.11.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:30:df:6c:d5:7e:6c:00:a2:66:af:cf:8b:72:43:83:b5:0f:d7:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 24 15:07:15 2023 GMT
            Not After : Oct 22 15:12:15 2024 GMT
        Subject: CN=DF9EE945EC879BD01941E06955326BAE54E48E7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:9d:e4:c1:6b:fa:db:97:e3:2d:e9:34:4c:d9:
                    31:0d:2a:f1:7f:e5:48:6e:a9:44:b4:e5:9a:dd:bb:
                    bb:d5:9e:93:68:23:d3:4f:c7:96:46:96:55:19:83:
                    67:ff:f1:b1:6e:6a:c7:ed:98:fe:de:f4:e1:b3:8c:
                    a6:a7:ed:7d:2f:8b:bb:dc:85:7c:66:ea:05:47:21:
                    7e:b3:6f:3f:a1:b9:e7:ee:46:f7:71:8c:61:e1:f9:
                    49:17:a7:8c:c4:b1:4c:e1:58:77:f9:33:1e:9c:94:
                    c2:6f:22:5b:c4:20:a6:43:20:ad:06:82:f7:e5:f3:
                    eb:0d:31:1f:92:8d:37:51:5b:b8:01:d7:ae:1f:10:
                    e0:e9:62:a9:f6:40:a2:3e:c6:cf:35:6c:28:de:94:
                    29:eb:a7:19:5d:b9:68:a4:f8:bf:f0:58:70:9d:e6:
                    b5:65:e2:d8:fb:18:a9:08:76:94:ba:3a:2c:fd:30:
                    22:eb:ce:09:a0:39:76:f9:ea:ea:0f:5e:93:e9:47:
                    6e:f2:4b:09:7e:d9:b5:d1:94:5b:a3:ef:37:eb:fb:
                    fa:c8:e9:dc:d9:ca:1a:8f:1a:dc:3f:4b:a5:e3:ba:
                    04:6f:82:b4:51:c4:b2:35:f5:14:eb:ae:a8:25:75:
                    85:e0:d0:fc:89:86:6d:4f:ff:e1:e3:c7:81:eb:8e:
                    b0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9E:E9:45:EC:87:9B:D0:19:41:E0:69:55:32:6B:AE:54:E4:8E:7F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211975.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:3d:59:55:77:01:49:f5:0d:22:91:42:cd:77:71:f3:9a:4d:
         f5:11:2d:16:0b:e3:60:ac:6e:24:43:b9:9d:cc:84:cd:f6:a5:
         6e:6e:2f:be:c1:ee:3b:0b:29:07:03:45:ba:7d:76:9b:ec:03:
         72:96:81:5c:7c:c7:83:d6:32:54:7e:d7:11:b2:39:82:68:6e:
         be:f7:f5:16:d5:68:08:8e:df:34:f8:fc:ce:41:3a:b0:e8:0b:
         a9:d9:fc:3a:f0:11:ed:b2:1a:67:41:f1:a6:74:4b:05:24:47:
         26:d1:77:d6:42:3c:77:7c:d7:2d:d1:24:5b:97:73:c5:5b:4f:
         ed:13:5f:d8:e2:d7:7f:48:e8:ca:95:f3:0a:b0:38:4b:8c:57:
         0b:17:97:30:4c:87:3f:e1:0f:83:bb:93:ae:4b:7f:ad:d1:6e:
         1a:68:19:5d:f7:43:2e:91:40:d8:e9:94:b6:71:b9:70:31:ad:
         1e:6e:1c:f0:b1:e0:87:11:9f:5a:a4:17:a4:c5:9b:3a:8c:6b:
         b3:41:b2:33:63:16:3b:e3:0e:6b:5d:cf:19:fc:50:2f:c1:77:
         04:f6:ea:51:bf:86:db:7d:e3:91:57:24:4b:c4:3d:0e:47:4d:
         cd:af:84:95:a4:03:dd:73:53:5c:10:3a:8f:7c:54:98:c8:b5:
         3a:aa:81:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPzDfbNV+bACiZq/Pi3JDg7UP154wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEwMjQxNTA3MTVaFw0yNDEwMjIxNTEyMTVaMDMxMTAvBgNV
BAMTKERGOUVFOTQ1RUM4NzlCRDAxOTQxRTA2OTU1MzI2QkFFNTRFNDhFN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4neTBa/rbl+Mt6TRM2TENKvF/
5UhuqUS05Zrdu7vVnpNoI9NPx5ZGllUZg2f/8bFuasftmP7e9OGzjKan7X0vi7vc
hXxm6gVHIX6zbz+huefuRvdxjGHh+UkXp4zEsUzhWHf5Mx6clMJvIlvEIKZDIK0G
gvfl8+sNMR+SjTdRW7gB164fEODpYqn2QKI+xs81bCjelCnrpxlduWik+L/wWHCd
5rVl4tj7GKkIdpS6Oiz9MCLrzgmgOXb56uoPXpPpR27ySwl+2bXRlFuj7zfr+/rI
6dzZyhqPGtw/S6XjugRvgrRRxLI19RTrrqgldYXg0PyJhm1P/+Hjx4HrjrB9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU357pReyHm9AZQeBpVTJrrlTkjn8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExOTc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt8
MA0GCSqGSIb3DQEBCwUAA4IBAQB3PVlVdwFJ9Q0ikULNd3Hzmk31ES0WC+NgrG4k
Q7mdzITN9qVubi++we47CykHA0W6fXab7ANyloFcfMeD1jJUftcRsjmCaG6+9/UW
1WgIjt80+PzOQTqw6Aup2fw68BHtshpnQfGmdEsFJEcm0XfWQjx3fNct0SRbl3PF
W0/tE1/Y4td/SOjKlfMKsDhLjFcLF5cwTIc/4Q+Du5OuS3+t0W4aaBld90MukUDY
6ZS2cblwMa0ebhzwseCHEZ9apBekxZs6jGuzQbIzYxY74w5rXc8Z/FAvwXcE9upR
v4bbfeORVyRLxD0OR03Nr4SVpAPdc1NcEDqPfFSYyLU6qoEi
-----END CERTIFICATE-----