Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa
File:                     AS212384.roa (raw, json)
Hash identifier:          sgdita7Mr3F3v0Vh8xHHOw0F91Nul2gxrg/kn9I/4Zs=
Subject key identifier:   68:F8:AB:98:50:05:68:A9:A6:7E:93:C4:6A:7A:95:11:EB:FF:DC:28
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0974C9DCC30AA1B10DC0A9234C548D3FFE218FED
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa
Signing time:             Tue 14 Nov 2023 00:00:07 +0000
ROA not before:           Mon 13 Nov 2023 23:55:07 +0000
ROA not after:            Tue 12 Nov 2024 00:00:07 +0000
asID:                     212384
IP address blocks:        141.11.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:74:c9:dc:c3:0a:a1:b1:0d:c0:a9:23:4c:54:8d:3f:fe:21:8f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 13 23:55:07 2023 GMT
            Not After : Nov 12 00:00:07 2024 GMT
        Subject: CN=68F8AB98500568A9A67E93C46A7A9511EBFFDC28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:60:22:97:1f:72:f5:85:cd:df:c7:d2:ff:89:
                    0f:35:c2:cd:2b:1c:00:c9:3a:0b:47:6c:1c:71:75:
                    3c:6e:39:23:1d:7b:4e:fd:66:06:04:63:68:4d:ec:
                    bb:36:40:34:e1:78:b7:5b:ac:68:65:a1:2b:2d:23:
                    e2:9e:19:32:a4:f3:a6:df:b3:9e:0c:95:14:02:34:
                    27:15:e2:2d:69:00:30:f3:99:6e:4b:ae:5f:94:ec:
                    05:27:fb:17:ab:b8:36:f0:58:b3:f2:86:63:89:46:
                    03:aa:30:b5:1a:1a:80:1e:ca:4b:3f:b0:cd:32:c9:
                    11:96:80:3b:aa:f7:ae:47:b3:e5:b2:a3:12:52:b5:
                    9e:c5:11:e9:9e:9e:7e:1d:e9:1d:71:95:dd:bf:2c:
                    d0:35:2b:d0:64:ac:bc:33:e2:97:90:dc:fd:e9:d3:
                    c1:5d:71:e2:74:80:17:42:4c:71:83:67:a4:65:d5:
                    69:54:f2:40:10:26:9d:41:a6:37:81:37:af:75:43:
                    aa:53:2b:4a:72:70:1e:81:1e:dd:04:72:9f:bc:f7:
                    d4:a6:f4:6c:28:20:78:61:98:d3:2e:3a:5f:50:f1:
                    2d:93:c7:6b:45:3a:1c:e1:09:56:4f:e8:e8:6e:ce:
                    d2:98:02:77:3c:c7:4e:28:a4:8f:c3:a7:b5:f4:ae:
                    a8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:F8:AB:98:50:05:68:A9:A6:7E:93:C4:6A:7A:95:11:EB:FF:DC:28
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:61:a0:0c:6b:f5:7e:cf:f2:8a:54:bf:62:14:8d:6d:65:22:
         a5:e4:d5:94:e4:a6:5f:75:85:7c:ed:06:a2:2d:71:19:d7:07:
         30:78:b1:2b:5d:de:c9:06:be:cd:36:8a:4f:82:7f:a3:22:23:
         0e:a6:29:fe:2c:f2:02:9b:34:e2:f4:d7:9d:cd:16:8a:55:93:
         df:e1:b5:54:b2:c3:e4:58:22:31:8e:77:39:1a:77:d5:7e:a0:
         f1:dc:62:6b:59:ee:6a:20:68:a0:11:3b:9f:54:ac:a7:c4:74:
         7e:23:f4:3f:e5:6f:aa:63:65:77:4c:20:46:41:3f:09:bd:c2:
         0b:a9:4e:43:73:ce:ab:ee:cd:80:9b:8e:85:6b:11:45:84:d9:
         70:a7:fb:41:a3:97:27:0e:d2:00:8c:ca:94:20:88:48:51:b6:
         c6:e0:a8:ab:b3:c9:11:d1:5a:e4:99:cf:67:ac:52:65:31:ac:
         73:23:b4:05:3b:cc:22:08:6e:df:f8:f1:41:fe:c5:f6:37:23:
         8e:d7:79:85:80:c5:89:68:36:7b:7a:aa:6f:9c:79:c8:c4:b0:
         9c:7b:18:a9:8d:2f:2c:bc:f2:0b:6d:4b:42:e9:54:96:3d:21:
         f4:87:72:8e:a1:7d:a5:e5:9d:44:5a:5e:0c:3a:59:6d:0a:a3:
         7e:b0:46:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCXTJ3MMKobENwKkjTFSNP/4hj+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMTMyMzU1MDdaFw0yNDExMTIwMDAwMDdaMDMxMTAvBgNV
BAMTKDY4RjhBQjk4NTAwNTY4QTlBNjdFOTNDNDZBN0E5NTExRUJGRkRDMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiYCKXH3L1hc3fx9L/iQ81ws0r
HADJOgtHbBxxdTxuOSMde079ZgYEY2hN7Ls2QDTheLdbrGhloSstI+KeGTKk86bf
s54MlRQCNCcV4i1pADDzmW5Lrl+U7AUn+xeruDbwWLPyhmOJRgOqMLUaGoAeyks/
sM0yyRGWgDuq965Hs+WyoxJStZ7FEemenn4d6R1xld2/LNA1K9BkrLwz4peQ3P3p
08FdceJ0gBdCTHGDZ6Rl1WlU8kAQJp1BpjeBN691Q6pTK0pycB6BHt0Ecp+899Sm
9GwoIHhhmNMuOl9Q8S2Tx2tFOhzhCVZP6OhuztKYAnc8x04opI/Dp7X0rqgTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaPirmFAFaKmmfpPEanqVEev/3CgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMzg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvy
MA0GCSqGSIb3DQEBCwUAA4IBAQALYaAMa/V+z/KKVL9iFI1tZSKl5NWU5KZfdYV8
7QaiLXEZ1wcweLErXd7JBr7NNopPgn+jIiMOpin+LPICmzTi9NedzRaKVZPf4bVU
ssPkWCIxjnc5GnfVfqDx3GJrWe5qIGigETufVKynxHR+I/Q/5W+qY2V3TCBGQT8J
vcILqU5Dc86r7s2Am46FaxFFhNlwp/tBo5cnDtIAjMqUIIhIUbbG4Kirs8kR0Vrk
mc9nrFJlMaxzI7QFO8wiCG7f+PFB/sX2NyOO13mFgMWJaDZ7eqpvnHnIxLCcexip
jS8svPILbUtC6VSWPSH0h3KOoX2l5Z1EWl4MOlltCqN+sEYU
-----END CERTIFICATE-----