Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa
File:                     AS212335.roa (raw, json)
Hash identifier:          6Q0xdaDUD1wLsR8z9UIcPmlEUEweknqyVa6h+V0nRf8=
Subject key identifier:   A0:A8:32:B7:14:F8:EE:A6:58:70:76:73:36:45:8D:F6:62:AF:6C:7F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3D1C15B40B592C3094FC040AA91AD564067127B7
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa
Signing time:             Tue 28 Nov 2023 15:05:06 +0000
ROA not before:           Tue 28 Nov 2023 15:00:06 +0000
ROA not after:            Tue 26 Nov 2024 15:05:06 +0000
asID:                     212335
IP address blocks:        141.11.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:1c:15:b4:0b:59:2c:30:94:fc:04:0a:a9:1a:d5:64:06:71:27:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:06 2023 GMT
            Not After : Nov 26 15:05:06 2024 GMT
        Subject: CN=A0A832B714F8EEA65870767336458DF662AF6C7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7d:5b:90:6a:87:93:8a:a9:66:05:b2:64:3b:
                    92:8b:21:07:88:0f:fe:8e:af:e8:d0:b5:5c:4b:dc:
                    80:11:33:4e:ff:d9:3e:18:a6:05:db:9b:11:c5:9f:
                    8b:09:58:bf:0a:d6:ed:6d:44:0d:9e:ef:04:db:e3:
                    cf:72:bd:29:f4:4b:d1:2b:33:2a:8b:c5:4d:25:1c:
                    16:5f:fb:03:13:6c:41:98:a8:42:d5:7a:4b:6a:75:
                    20:61:6b:37:de:6e:1d:c5:85:63:67:c5:7e:38:9d:
                    4a:80:95:81:67:a3:29:30:df:83:94:62:c8:98:f8:
                    8b:02:b1:08:77:c4:f8:a1:a5:11:31:99:9b:1e:ce:
                    2a:11:36:e7:f6:53:09:87:60:c4:79:99:c9:26:66:
                    2d:2d:dc:c4:c9:4b:23:71:b9:d1:93:c4:97:21:29:
                    e5:03:c9:a2:4d:25:9c:12:48:3b:05:5a:e2:1a:d1:
                    45:1a:69:75:93:c6:e6:76:10:97:97:00:d0:12:06:
                    1a:04:cb:de:a9:22:6c:8c:35:1b:3e:21:ad:e0:be:
                    e0:bf:cd:07:0d:9b:c6:54:29:b5:6a:28:e9:81:bb:
                    b3:2d:2f:3c:a4:58:f5:48:e7:e8:17:69:07:2d:1a:
                    88:19:36:d5:c0:5d:10:be:17:c0:72:95:a1:11:3d:
                    0e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A8:32:B7:14:F8:EE:A6:58:70:76:73:36:45:8D:F6:62:AF:6C:7F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:79:a4:82:b3:b6:fc:e9:31:98:d1:2a:12:25:3e:cb:c9:22:
         44:bc:3b:e9:d8:7c:8b:a6:f3:f8:9b:38:da:c6:3d:c2:a3:5e:
         b1:94:19:af:80:3d:ef:af:c2:0b:2d:d5:ed:59:6c:4c:9a:ce:
         a8:ad:d2:b0:a0:d7:5a:1c:47:c7:22:5a:07:63:de:77:8f:03:
         cc:8e:0b:8b:3c:f8:d1:c8:0f:e4:43:70:6f:3f:d7:04:9a:b7:
         e3:9c:58:7d:ea:fc:d6:68:dd:91:9d:88:b8:ae:d6:3e:43:ee:
         e5:36:2d:44:ab:6c:1a:36:97:c4:7c:d7:b9:f4:df:c1:6c:d1:
         c6:29:c9:ff:1d:3f:21:aa:6b:57:e3:9a:3c:a5:12:64:90:51:
         ac:24:9d:93:47:26:d7:66:c2:dd:0e:6f:b0:06:e0:f1:2e:4f:
         3d:60:89:53:b0:a8:9f:72:be:ef:75:de:50:4b:d6:0e:06:7a:
         f9:33:c3:91:21:b6:c0:4c:fb:78:c1:af:15:06:f9:a9:e7:1a:
         f2:21:78:79:87:60:f9:bf:17:35:50:01:96:40:2d:9d:58:54:
         55:72:02:33:de:78:ea:4e:c3:92:34:d8:3c:ae:26:ff:9c:7a:
         a3:c4:cf:13:3a:75:ed:7e:8c:50:6f:87:8d:58:8c:8d:c8:84:
         82:23:7c:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPRwVtAtZLDCU/AQKqRrVZAZxJ7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDZaFw0yNDExMjYxNTA1MDZaMDMxMTAvBgNV
BAMTKEEwQTgzMkI3MTRGOEVFQTY1ODcwNzY3MzM2NDU4REY2NjJBRjZDN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlfVuQaoeTiqlmBbJkO5KLIQeI
D/6Or+jQtVxL3IARM07/2T4YpgXbmxHFn4sJWL8K1u1tRA2e7wTb489yvSn0S9Er
MyqLxU0lHBZf+wMTbEGYqELVektqdSBhazfebh3FhWNnxX44nUqAlYFnoykw34OU
YsiY+IsCsQh3xPihpRExmZsezioRNuf2UwmHYMR5mckmZi0t3MTJSyNxudGTxJch
KeUDyaJNJZwSSDsFWuIa0UUaaXWTxuZ2EJeXANASBhoEy96pImyMNRs+Ia3gvuC/
zQcNm8ZUKbVqKOmBu7MtLzykWPVI5+gXaQctGogZNtXAXRC+F8BylaERPQ6DAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoKgytxT47qZYcHZzNkWN9mKvbH8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt+
MA0GCSqGSIb3DQEBCwUAA4IBAQCpeaSCs7b86TGY0SoSJT7LySJEvDvp2HyLpvP4
mzjaxj3Co16xlBmvgD3vr8ILLdXtWWxMms6ordKwoNdaHEfHIloHY953jwPMjguL
PPjRyA/kQ3BvP9cEmrfjnFh96vzWaN2RnYi4rtY+Q+7lNi1Eq2waNpfEfNe59N/B
bNHGKcn/HT8hqmtX45o8pRJkkFGsJJ2TRybXZsLdDm+wBuDxLk89YIlTsKifcr7v
dd5QS9YOBnr5M8ORIbbATPt4wa8VBvmp5xryIXh5h2D5vxc1UAGWQC2dWFRVcgIz
3njqTsOSNNg8rib/nHqjxM8TOnXtfoxQb4eNWIyNyISCI3wW
-----END CERTIFICATE-----