Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa
File:                     AS212335.roa (raw, json)
Hash identifier:          ZZu9cSPqgEouazSPRIUVpvtrC9eDL13+18QgycFJpx8=
Subject key identifier:   D6:B7:E3:51:78:0A:C4:42:D6:AD:E7:5F:99:48:A3:25:B4:D9:15:A8
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       65A92ADC310E91550CE5FCF19ABC3D78329613B4
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa
Signing time:             Tue 29 Oct 2024 15:43:26 +0000
ROA not before:           Tue 29 Oct 2024 15:38:26 +0000
ROA not after:            Tue 28 Oct 2025 15:43:26 +0000
asID:                     212335
IP address blocks:        141.11.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:a9:2a:dc:31:0e:91:55:0c:e5:fc:f1:9a:bc:3d:78:32:96:13:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:26 2024 GMT
            Not After : Oct 28 15:43:26 2025 GMT
        Subject: CN=D6B7E351780AC442D6ADE75F9948A325B4D915A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1f:cf:e1:a5:d9:86:fe:25:10:fd:62:a3:d8:
                    fc:b7:40:4d:a2:a8:69:77:3f:42:9b:cd:9f:4a:59:
                    20:14:e6:c1:42:23:64:27:e0:75:45:5e:ea:0c:b2:
                    95:05:f7:c4:69:39:22:a8:a6:d1:18:da:46:65:0e:
                    5e:ea:79:85:a0:ab:27:34:f8:40:72:e5:eb:6e:10:
                    11:c5:e9:03:16:e8:56:e4:9b:b5:db:1c:d2:a7:72:
                    c0:67:9f:28:5f:5e:e3:24:7b:78:14:4a:b2:b6:19:
                    50:5b:21:9c:d9:65:cd:93:54:c7:f3:4b:d3:3e:91:
                    c9:36:01:54:ba:c8:ab:60:9a:63:e4:1f:83:67:a3:
                    ed:a2:ad:84:60:9a:83:36:f3:e5:05:0e:38:1a:35:
                    0d:80:8f:6f:31:89:f9:eb:fd:b3:40:0b:a4:bb:6f:
                    21:de:b7:a3:c9:61:44:da:77:27:93:10:77:85:5b:
                    39:04:ad:1f:cd:db:82:9b:6c:c3:a7:ec:e8:ea:7f:
                    df:34:29:21:b7:8a:ec:12:5b:4a:8f:71:68:1c:fd:
                    e1:60:c7:a8:28:01:68:a0:b0:c7:a9:e4:26:e6:62:
                    f2:02:ba:cf:db:0f:cd:67:a8:ce:dc:e7:29:d9:47:
                    62:9a:c2:ee:14:6d:3c:94:4f:2c:04:ee:c3:d4:34:
                    50:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:B7:E3:51:78:0A:C4:42:D6:AD:E7:5F:99:48:A3:25:B4:D9:15:A8
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:3e:2d:f9:12:55:fb:f2:be:f0:6c:5d:95:19:41:9d:33:fe:
         38:f1:f4:ea:a8:62:ab:f6:44:7e:e8:34:56:ea:36:61:39:f2:
         5a:d8:1e:89:81:ad:45:0c:d8:24:e1:ff:a8:90:86:13:dc:d1:
         65:50:75:45:2d:64:de:a7:2f:09:c7:28:7f:b5:f6:0e:aa:19:
         4b:19:f8:2b:7f:e6:ab:4e:bd:82:d1:2a:e6:a9:b4:9d:40:1e:
         dd:fc:08:97:d9:23:f7:9a:3b:da:cc:48:50:b2:0c:6e:86:09:
         87:28:c9:4e:72:6c:79:69:3b:6a:ef:cd:b1:da:55:30:6f:c6:
         2a:2b:62:06:39:c5:2e:48:a7:7b:78:2f:31:83:e7:e5:2b:06:
         ea:e3:f6:22:3c:c5:59:33:a0:f4:e5:c0:7d:bd:d6:4c:ba:5c:
         41:5a:02:9b:2f:4e:2b:ed:a8:c4:cf:13:2d:e5:e6:f8:47:78:
         e2:b9:11:d5:36:50:22:ba:92:41:8d:21:ed:bb:37:ed:a5:50:
         b1:b9:71:5c:71:5d:a6:34:2a:da:a6:5c:ae:93:25:fa:69:07:
         81:10:a4:c7:7b:42:a1:35:2d:12:23:ca:3c:2e:8b:40:9b:6e:
         ef:ee:9a:b0:bf:ce:01:9c:1c:6a:c6:2b:aa:c1:07:21:8f:1f:
         6a:9b:ea:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZakq3DEOkVUM5fzxmrw9eDKWE7QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjZaFw0yNTEwMjgxNTQzMjZaMDMxMTAvBgNV
BAMTKEQ2QjdFMzUxNzgwQUM0NDJENkFERTc1Rjk5NDhBMzI1QjREOTE1QTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3H8/hpdmG/iUQ/WKj2Py3QE2i
qGl3P0KbzZ9KWSAU5sFCI2Qn4HVFXuoMspUF98RpOSKoptEY2kZlDl7qeYWgqyc0
+EBy5etuEBHF6QMW6Fbkm7XbHNKncsBnnyhfXuMke3gUSrK2GVBbIZzZZc2TVMfz
S9M+kck2AVS6yKtgmmPkH4Nno+2irYRgmoM28+UFDjgaNQ2Aj28xifnr/bNAC6S7
byHet6PJYUTadyeTEHeFWzkErR/N24KbbMOn7Ojqf980KSG3iuwSW0qPcWgc/eFg
x6goAWigsMep5CbmYvICus/bD81nqM7c5ynZR2Kawu4UbTyUTywE7sPUNFBlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1rfjUXgKxELWredfmUijJbTZFagwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt+
MA0GCSqGSIb3DQEBCwUAA4IBAQBMPi35ElX78r7wbF2VGUGdM/448fTqqGKr9kR+
6DRW6jZhOfJa2B6Jga1FDNgk4f+okIYT3NFlUHVFLWTepy8Jxyh/tfYOqhlLGfgr
f+arTr2C0SrmqbSdQB7d/AiX2SP3mjvazEhQsgxuhgmHKMlOcmx5aTtq782x2lUw
b8YqK2IGOcUuSKd7eC8xg+flKwbq4/YiPMVZM6D05cB9vdZMulxBWgKbL04r7ajE
zxMt5eb4R3jiuRHVNlAiupJBjSHtuzftpVCxuXFccV2mNCraplyukyX6aQeBEKTH
e0KhNS0SI8o8LotAm27v7pqwv84BnBxqxiuqwQchjx9qm+pS
-----END CERTIFICATE-----