Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS213845.roa
File:                     AS213845.roa (raw, json)
Hash identifier:          WbCK6h9jCVeDi3KRzOmjRAbkhRevDTRzKI0A8CSmfGs=
Subject key identifier:   51:09:FA:9A:44:72:F2:C6:0E:8A:FF:6E:E7:5D:62:FA:94:A2:41:74
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       41E66E657DA82A838570732FD811C4434D5C9A40
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS213845.roa
Signing time:             Fri 03 Jan 2025 11:01:05 +0000
ROA not before:           Fri 03 Jan 2025 10:56:05 +0000
ROA not after:            Fri 02 Jan 2026 11:01:05 +0000
asID:                     213845
IP address blocks:        141.11.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:e6:6e:65:7d:a8:2a:83:85:70:73:2f:d8:11:c4:43:4d:5c:9a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan  3 10:56:05 2025 GMT
            Not After : Jan  2 11:01:05 2026 GMT
        Subject: CN=5109FA9A4472F2C60E8AFF6EE75D62FA94A24174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:78:f3:9d:1a:d6:f7:ba:06:a2:39:15:2c:49:
                    25:1e:9c:92:1a:b3:cc:fc:6b:0f:c0:ff:b9:64:18:
                    9b:e2:aa:2b:f6:fd:d3:fb:de:e3:7b:36:31:f6:b8:
                    b2:0a:66:36:17:a1:12:50:5f:fa:5a:f7:d3:11:f9:
                    1f:cf:da:84:0e:ec:84:ae:10:71:84:cc:58:1a:84:
                    cf:e2:8b:09:cc:64:99:1b:f6:a1:d9:38:45:c4:18:
                    0c:b9:da:2e:24:28:1b:d6:64:cc:62:7d:00:4a:77:
                    ab:ad:ab:20:31:bb:bc:40:b0:a5:90:75:74:85:9d:
                    f8:5b:f4:24:2a:96:2a:ea:58:77:01:bd:21:54:60:
                    57:c2:ef:7b:4a:86:9f:39:67:aa:71:9f:48:8b:8d:
                    7d:99:5f:da:aa:7b:c1:83:f7:7b:b3:7e:a7:90:03:
                    ee:b4:ea:18:74:2c:23:d1:74:5c:86:1c:7a:ea:9b:
                    86:9e:5e:ab:8a:48:e8:b3:fe:d9:20:3f:14:f9:77:
                    62:f9:51:de:c0:98:0c:f5:b8:94:f2:b5:20:89:7d:
                    64:54:82:c8:b5:9e:dc:cb:be:1b:ed:1c:8f:25:de:
                    17:e5:10:60:b2:11:22:2a:76:94:2d:d2:27:5d:c9:
                    d6:0b:37:c7:8a:68:62:79:3e:6a:4e:4d:8b:04:62:
                    39:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:09:FA:9A:44:72:F2:C6:0E:8A:FF:6E:E7:5D:62:FA:94:A2:41:74
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS213845.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:75:39:d4:b4:4f:8a:7b:9f:b0:09:9e:97:b2:f3:4b:3b:61:
         ff:db:2e:d6:b7:74:48:03:db:21:34:4a:09:79:70:d9:8f:11:
         e0:ff:8d:e7:9f:fd:b1:f5:75:c9:2f:ea:ed:b6:4c:af:5f:59:
         17:d2:74:6b:5f:29:23:54:3a:11:d6:20:93:56:b2:3a:08:4d:
         0a:03:0b:58:d5:4f:c7:9e:99:93:6d:2a:66:e3:06:f6:02:3d:
         23:0b:30:a9:f7:bd:e7:ed:28:f1:1d:db:b5:0a:a8:2f:d0:ab:
         3d:3b:7b:ce:3f:0c:78:81:5e:f6:31:79:bb:44:39:ff:b6:88:
         d9:64:b3:d7:bf:ec:fb:c9:80:0f:a8:9e:ab:ab:69:76:0c:45:
         d0:2d:f9:f6:09:a7:ce:b4:01:c2:65:5a:49:8d:60:8f:ee:6b:
         f5:65:c8:3b:9f:2b:22:fb:78:2f:a9:00:55:4c:bb:b6:12:3e:
         c7:8f:e6:a5:94:a6:77:4c:0f:03:9f:70:5a:9c:0b:83:3a:96:
         69:71:59:7f:48:34:1a:21:7f:ac:6f:35:c3:ab:27:f8:e9:d1:
         b2:8f:bd:61:a7:ab:cb:f0:d8:dc:b8:11:2a:3b:54:23:82:26:
         b2:d0:50:af:40:ff:7a:30:0d:48:9d:76:4e:03:85:5a:ed:3c:
         16:d2:01:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQeZuZX2oKoOFcHMv2BHEQ01cmkAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAxMDMxMDU2MDVaFw0yNjAxMDIxMTAxMDVaMDMxMTAvBgNV
BAMTKDUxMDlGQTlBNDQ3MkYyQzYwRThBRkY2RUU3NUQ2MkZBOTRBMjQxNzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCHePOdGtb3ugaiORUsSSUenJIa
s8z8aw/A/7lkGJviqiv2/dP73uN7NjH2uLIKZjYXoRJQX/pa99MR+R/P2oQO7ISu
EHGEzFgahM/iiwnMZJkb9qHZOEXEGAy52i4kKBvWZMxifQBKd6utqyAxu7xAsKWQ
dXSFnfhb9CQqlirqWHcBvSFUYFfC73tKhp85Z6pxn0iLjX2ZX9qqe8GD93uzfqeQ
A+606hh0LCPRdFyGHHrqm4aeXquKSOiz/tkgPxT5d2L5Ud7AmAz1uJTytSCJfWRU
gsi1ntzLvhvtHI8l3hflEGCyESIqdpQt0iddydYLN8eKaGJ5PmpOTYsEYjnVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUQn6mkRy8sYOiv9u511i+pSiQXQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEzODQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQum
MA0GCSqGSIb3DQEBCwUAA4IBAQAGdTnUtE+Ke5+wCZ6XsvNLO2H/2y7Wt3RIA9sh
NEoJeXDZjxHg/43nn/2x9XXJL+rttkyvX1kX0nRrXykjVDoR1iCTVrI6CE0KAwtY
1U/HnpmTbSpm4wb2Aj0jCzCp973n7SjxHdu1Cqgv0Ks9O3vOPwx4gV72MXm7RDn/
tojZZLPXv+z7yYAPqJ6rq2l2DEXQLfn2CafOtAHCZVpJjWCP7mv1Zcg7nysi+3gv
qQBVTLu2Ej7Hj+allKZ3TA8Dn3BanAuDOpZpcVl/SDQaIX+sbzXDqyf46dGyj71h
p6vL8NjcuBEqO1Qjgiay0FCvQP96MA1InXZOA4Va7TwW0gEk
-----END CERTIFICATE-----