Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa
File:                     AS212384.roa (raw, json)
Hash identifier:          OmWmAbudMK7+/BVix5SWN+9j2O8SPKL2suZU61kPcpM=
Subject key identifier:   EF:2E:06:64:2E:A9:AD:13:6D:75:51:AE:55:73:7D:F9:65:7C:75:04
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       43EBEADC7E5DC5C0267563FE52862F6138DCD4E5
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa
Signing time:             Tue 15 Oct 2024 00:43:25 +0000
ROA not before:           Tue 15 Oct 2024 00:38:25 +0000
ROA not after:            Tue 14 Oct 2025 00:43:25 +0000
asID:                     212384
IP address blocks:        141.11.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:eb:ea:dc:7e:5d:c5:c0:26:75:63:fe:52:86:2f:61:38:dc:d4:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 15 00:38:25 2024 GMT
            Not After : Oct 14 00:43:25 2025 GMT
        Subject: CN=EF2E06642EA9AD136D7551AE55737DF9657C7504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:58:69:c3:30:f6:08:d8:5c:a0:9a:0c:6f:91:
                    64:64:5c:7f:52:5e:48:1d:47:da:11:56:b5:44:92:
                    d8:cc:f6:1b:ce:ee:72:78:11:4e:66:3a:e6:9e:80:
                    dc:c2:48:54:ff:20:09:36:45:99:24:bf:1c:6a:18:
                    31:33:a2:32:9a:d5:da:11:fe:ef:d9:a0:08:dc:44:
                    87:44:bf:54:2e:b0:4c:2d:73:da:d1:20:2d:42:5b:
                    31:3c:1d:5c:96:1f:a7:b7:fa:79:47:c4:b7:9c:79:
                    9e:cc:c0:c7:43:42:f9:93:b1:d0:e3:77:6f:20:1a:
                    47:b7:be:89:bf:0b:9c:01:7b:77:83:05:2e:06:63:
                    26:e3:67:54:e7:e5:1e:18:8f:76:c0:ee:ba:cd:52:
                    19:c1:16:1f:27:36:3b:82:bc:82:38:a9:42:41:d4:
                    ad:82:04:75:5d:9f:a9:40:22:9f:a5:c5:fa:81:ea:
                    bc:e8:d4:d2:03:bc:37:1a:2e:c3:18:1a:1f:5f:71:
                    61:2e:d3:ed:63:19:7e:ea:54:c9:0f:39:68:bd:f5:
                    a4:7c:8b:6c:6b:72:65:c3:e0:08:cd:08:8c:e3:c4:
                    07:80:8d:72:b4:2c:9a:9f:ef:b7:db:76:d6:fa:fb:
                    84:eb:3e:59:df:82:10:2f:b2:46:7d:6e:8c:21:ac:
                    81:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:2E:06:64:2E:A9:AD:13:6D:75:51:AE:55:73:7D:F9:65:7C:75:04
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:f0:25:7b:f0:4d:41:e8:46:9a:d5:70:0f:02:55:fe:fe:de:
         6d:c5:21:e0:48:15:12:d6:f4:2a:32:0f:89:6a:33:7d:ed:c1:
         cf:35:7b:56:8a:66:be:fb:4c:81:48:ba:6f:27:2b:3d:e2:02:
         90:db:27:58:d4:b4:53:54:91:4f:1b:cd:a5:c9:88:44:7b:b9:
         81:a1:b3:3a:39:ed:5b:c6:0a:cb:49:35:96:bb:61:a6:49:35:
         08:91:6e:16:7b:96:56:91:f7:6e:c3:cf:f7:7f:36:ca:4b:52:
         5f:b7:3d:ea:73:57:57:eb:17:8a:72:36:2b:c9:4c:a6:74:78:
         51:dc:79:d1:37:97:fb:58:d4:4a:2f:e2:65:05:7c:10:10:11:
         90:9d:64:0e:f6:09:82:4f:d3:ee:4c:9d:c5:90:28:62:82:0a:
         a5:57:76:4b:d5:08:cd:59:16:59:3d:c6:0d:3b:fc:2b:a6:f0:
         de:83:2c:3c:6f:fc:2f:02:ca:c0:7d:b6:20:18:4d:3f:bb:93:
         a4:33:d1:ba:f6:4c:1f:52:44:9c:6f:79:28:5b:bb:c1:9d:2b:
         93:77:09:4d:02:a5:11:8b:f0:ea:e3:4a:fc:31:b2:53:90:75:
         cd:32:2c:9e:79:14:17:7c:85:d4:15:49:ef:35:c1:72:6f:88:
         91:c9:f4:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQ+vq3H5dxcAmdWP+UoYvYTjc1OUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMTUwMDM4MjVaFw0yNTEwMTQwMDQzMjVaMDMxMTAvBgNV
BAMTKEVGMkUwNjY0MkVBOUFEMTM2RDc1NTFBRTU1NzM3REY5NjU3Qzc1MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiWGnDMPYI2FygmgxvkWRkXH9S
XkgdR9oRVrVEktjM9hvO7nJ4EU5mOuaegNzCSFT/IAk2RZkkvxxqGDEzojKa1doR
/u/ZoAjcRIdEv1QusEwtc9rRIC1CWzE8HVyWH6e3+nlHxLeceZ7MwMdDQvmTsdDj
d28gGke3vom/C5wBe3eDBS4GYybjZ1Tn5R4Yj3bA7rrNUhnBFh8nNjuCvII4qUJB
1K2CBHVdn6lAIp+lxfqB6rzo1NIDvDcaLsMYGh9fcWEu0+1jGX7qVMkPOWi99aR8
i2xrcmXD4AjNCIzjxAeAjXK0LJqf77fbdtb6+4TrPlnfghAvskZ9bowhrIHzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7y4GZC6prRNtdVGuVXN9+WV8dQQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMzg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvy
MA0GCSqGSIb3DQEBCwUAA4IBAQAY8CV78E1B6Eaa1XAPAlX+/t5txSHgSBUS1vQq
Mg+JajN97cHPNXtWima++0yBSLpvJys94gKQ2ydY1LRTVJFPG82lyYhEe7mBobM6
Oe1bxgrLSTWWu2GmSTUIkW4We5ZWkfduw8/3fzbKS1Jftz3qc1dX6xeKcjYryUym
dHhR3HnRN5f7WNRKL+JlBXwQEBGQnWQO9gmCT9PuTJ3FkChiggqlV3ZL1QjNWRZZ
PcYNO/wrpvDegyw8b/wvAsrAfbYgGE0/u5OkM9G69kwfUkScb3koW7vBnSuTdwlN
AqURi/Dq40r8MbJTkHXNMiyeeRQXfIXUFUnvNcFyb4iRyfSU
-----END CERTIFICATE-----