Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          /muwi9Xqg0W9eqPuuwKRW+j7bEyb4mMSHZa8Ijf0WSY=
Subject key identifier:   4C:CE:96:7D:CC:F6:8A:32:0B:32:BA:89:77:CF:B7:6E:82:41:7B:45
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5922F0E7823AD41E67DD576CA752778FADF05BFE
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
Signing time:             Thu 03 Apr 2025 15:17:16 +0000
ROA not before:           Thu 03 Apr 2025 15:12:16 +0000
ROA not after:            Thu 02 Apr 2026 15:17:16 +0000
asID:                     212238
IP address blocks:        141.11.68.0/24 maxlen: 24
                          141.11.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:22:f0:e7:82:3a:d4:1e:67:dd:57:6c:a7:52:77:8f:ad:f0:5b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr  3 15:12:16 2025 GMT
            Not After : Apr  2 15:17:16 2026 GMT
        Subject: CN=4CCE967DCCF68A320B32BA8977CFB76E82417B45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4e:dd:b0:fe:7a:5c:0a:76:75:c3:81:52:5d:
                    c6:b7:9f:98:3d:ae:3d:16:d1:cc:87:59:f4:83:5f:
                    5f:04:29:08:4e:69:8f:f6:cf:a0:46:48:76:43:06:
                    b4:a6:db:9e:6e:69:33:de:9f:f8:d1:51:1a:5c:50:
                    de:98:05:cb:e4:39:f3:5c:19:33:1c:78:0b:6f:b7:
                    7c:8a:49:5a:91:81:1c:87:89:ea:b2:13:2b:90:f1:
                    fc:2c:f3:46:37:28:2f:c8:d1:65:f1:72:97:af:4b:
                    18:c2:8b:90:05:4c:64:df:27:70:f7:fd:3e:3f:dc:
                    a4:1b:b8:d7:eb:8f:e2:81:45:cc:c5:03:38:70:48:
                    c6:3a:7a:3b:5f:df:11:b9:74:a5:67:48:16:ae:4e:
                    eb:15:12:be:7d:a6:0f:e8:75:a4:e4:d7:ff:d9:3f:
                    85:02:13:fa:b3:5e:55:c3:49:f3:3e:96:c3:57:c8:
                    46:56:ff:69:13:3c:7e:1f:8b:3e:e0:f6:1c:6e:fd:
                    44:23:32:57:f8:11:3b:a0:ef:f9:b8:18:31:6f:40:
                    1e:63:4c:2f:ec:c2:f4:9b:5f:f7:bf:7e:0b:40:47:
                    c2:61:f1:5c:4d:08:58:a4:d1:bd:22:1e:2d:da:f1:
                    ee:6e:5f:73:42:03:16:21:fd:4f:a2:2d:79:d8:b7:
                    96:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:CE:96:7D:CC:F6:8A:32:0B:32:BA:89:77:CF:B7:6E:82:41:7B:45
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.68.0/24
                  141.11.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:dd:e2:3d:a9:a9:7b:e7:f7:d5:50:a2:46:e2:67:c6:69:cf:
         d3:fb:a6:fe:7c:f2:2b:c6:0d:ce:cd:b0:97:33:6f:9b:2a:14:
         20:e4:ae:02:3b:55:16:2b:c4:df:14:b1:2c:ef:db:08:39:2e:
         a0:f3:6d:bf:68:56:31:e0:15:4d:f7:a3:bd:5e:45:5c:a2:c4:
         cd:ac:52:01:09:43:8b:91:48:43:58:14:44:cf:bb:4e:59:02:
         6d:29:7f:5a:ce:fd:8f:5e:39:9e:28:c4:f5:45:cf:f8:36:58:
         2a:af:78:94:63:6b:e1:f6:a7:31:cf:35:44:fe:ac:cb:9e:8c:
         b3:a9:6f:45:2d:cc:7f:f2:e4:9b:20:43:76:fe:74:f9:95:01:
         8f:73:a4:73:cc:d7:58:04:36:bd:e6:01:83:d5:b3:8d:f8:ab:
         52:cb:eb:f1:cc:7b:46:03:0b:e8:37:56:0b:d1:13:f6:4d:4d:
         87:bb:39:ae:37:a6:38:a5:f8:22:48:d4:d7:48:b1:ec:67:37:
         e2:0b:cd:21:c5:a9:a7:80:2f:2c:0d:f1:de:ea:33:10:f3:c9:
         92:fc:05:3b:18:c3:08:49:a0:96:ba:29:6f:b6:88:44:f5:79:
         9d:f2:cf:f0:6a:19:3b:68:e0:c4:41:38:d2:b4:b4:6b:70:0c:
         9f:f3:18:0c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUWSLw54I61B5n3Vdsp1J3j63wW/4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MDMxNTEyMTZaFw0yNjA0MDIxNTE3MTZaMDMxMTAvBgNV
BAMTKDRDQ0U5NjdEQ0NGNjhBMzIwQjMyQkE4OTc3Q0ZCNzZFODI0MTdCNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsTt2w/npcCnZ1w4FSXca3n5g9
rj0W0cyHWfSDX18EKQhOaY/2z6BGSHZDBrSm255uaTPen/jRURpcUN6YBcvkOfNc
GTMceAtvt3yKSVqRgRyHieqyEyuQ8fws80Y3KC/I0WXxcpevSxjCi5AFTGTfJ3D3
/T4/3KQbuNfrj+KBRczFAzhwSMY6ejtf3xG5dKVnSBauTusVEr59pg/odaTk1//Z
P4UCE/qzXlXDSfM+lsNXyEZW/2kTPH4fiz7g9hxu/UQjMlf4ETug7/m4GDFvQB5j
TC/swvSbX/e/fgtAR8Jh8VxNCFik0b0iHi3a8e5uX3NCAxYh/U+iLXnYt5ZvAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUTM6Wfcz2ijILMrqJd8+3boJBe0UwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQtE
AwQAjQukMA0GCSqGSIb3DQEBCwUAA4IBAQAu3eI9qal75/fVUKJG4mfGac/T+6b+
fPIrxg3OzbCXM2+bKhQg5K4CO1UWK8TfFLEs79sIOS6g822/aFYx4BVN96O9XkVc
osTNrFIBCUOLkUhDWBREz7tOWQJtKX9azv2PXjmeKMT1Rc/4Nlgqr3iUY2vh9qcx
zzVE/qzLnoyzqW9FLcx/8uSbIEN2/nT5lQGPc6RzzNdYBDa95gGD1bON+KtSy+vx
zHtGAwvoN1YL0RP2TU2HuzmuN6Y4pfgiSNTXSLHsZzfiC80hxamngC8sDfHe6jMQ
88mS/AU7GMMISaCWuilvtohE9Xmd8s/wahk7aODEQTjStLRrcAyf8xgM
-----END CERTIFICATE-----