Route Origin Authorization 

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214024.roa
File:                     AS214024.roa (raw, json)
Hash identifier:          qk5Se2sFEF31QU94Qdp+nsqRV5EiyzQgvDlgD9gmIUM=
Subject key identifier:   81:71:6C:59:AF:39:45:8A:88:75:10:86:11:E2:E7:3F:F7:7C:37:72
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       133B1C8BA93D51E85D4B7F1BF008EDDA8B44F7FC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214024.roa
Signing time:             Sat 09 Nov 2024 13:06:16 +0000
ROA not before:           Sat 09 Nov 2024 13:01:16 +0000
ROA not after:            Sat 08 Nov 2025 13:06:16 +0000
asID:                     214024
IP address blocks:        141.11.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:3b:1c:8b:a9:3d:51:e8:5d:4b:7f:1b:f0:08:ed:da:8b:44:f7:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov  9 13:01:16 2024 GMT
            Not After : Nov  8 13:06:16 2025 GMT
        Subject: CN=81716C59AF39458A8875108611E2E73FF77C3772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:97:0f:7c:34:f0:27:3c:00:5e:ea:cd:24:5b:
                    a8:70:88:e5:0f:78:52:61:a5:ee:b2:9f:d8:96:ae:
                    51:71:66:3b:cb:32:2e:7a:e1:92:46:cf:45:90:7b:
                    bf:00:04:fc:1a:0f:22:d3:8b:d8:5b:45:da:5c:f6:
                    13:a0:e0:04:65:d6:cf:b0:e6:d6:27:95:59:86:72:
                    09:8f:df:46:cd:0e:55:d1:45:e0:2e:90:ed:f0:c2:
                    8b:05:eb:5d:6b:26:db:07:d9:46:32:74:b8:2b:78:
                    0f:be:59:c4:d4:8a:6e:ef:f8:0a:13:38:32:14:1d:
                    9a:d5:15:50:f3:d7:44:fd:c8:91:1e:31:26:5e:16:
                    35:b0:82:50:07:df:d1:5f:d4:2e:46:a4:8f:01:90:
                    60:80:6b:8a:62:24:6b:1a:eb:fb:96:57:98:83:5f:
                    4c:d1:b6:85:b1:d1:e0:9f:6f:64:ea:6d:a3:02:1c:
                    d4:14:9a:eb:8c:f6:27:8a:34:3d:0b:02:3f:07:91:
                    5c:3f:82:8e:18:5e:57:b6:2a:1a:75:b5:62:52:98:
                    17:96:a4:9f:aa:fc:88:4d:b0:a6:67:2a:f6:4f:38:
                    c8:b1:50:a1:42:5c:1a:ee:dc:5e:e6:01:dd:d6:74:
                    bd:1d:37:dd:09:bb:e0:42:c1:e6:59:db:5a:bf:65:
                    10:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:71:6C:59:AF:39:45:8A:88:75:10:86:11:E2:E7:3F:F7:7C:37:72
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214024.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:3c:a2:03:27:3c:49:b1:5f:ff:51:a9:73:92:ab:a1:14:54:
         d0:6e:fd:d7:12:09:50:84:9b:61:7e:85:f4:14:00:5f:8b:5d:
         f0:95:48:7e:e5:eb:bd:80:16:6f:79:62:c5:57:eb:ee:ba:05:
         ab:75:2d:fb:3f:8c:44:9c:91:55:9f:b6:39:f8:ab:5e:5d:d3:
         58:76:7f:c5:3a:79:a3:a0:86:d4:c9:18:b5:f6:de:ca:76:d3:
         af:f7:5e:1c:8e:e3:df:79:57:58:a5:16:95:95:64:f7:12:d1:
         58:53:2d:a5:08:a8:8e:bf:c0:85:1c:f1:c7:2d:68:84:99:7c:
         bd:91:5c:0e:2a:2b:c1:16:da:f4:f5:32:07:4e:0f:ed:48:eb:
         68:0d:88:b9:84:e2:a7:9f:c8:47:5c:30:4e:2b:0a:be:67:80:
         74:53:a5:3c:45:d9:05:97:4d:e6:d0:98:c8:58:97:b3:b0:f6:
         43:69:8d:02:e4:81:1d:75:a0:af:96:9f:74:58:55:61:54:83:
         f8:93:34:bf:6f:24:79:b2:c6:6c:29:09:cc:4b:7c:1a:a1:23:
         ea:ec:66:e7:41:8a:04:00:b2:e8:2d:50:9d:78:6c:84:6a:a7:
         2d:45:a1:15:ae:28:35:ac:de:fd:79:f7:c0:18:67:6c:cd:3f:
         bb:44:e3:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEzsci6k9UehdS38b8Ajt2otE9/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMDkxMzAxMTZaFw0yNTExMDgxMzA2MTZaMDMxMTAvBgNV
BAMTKDgxNzE2QzU5QUYzOTQ1OEE4ODc1MTA4NjExRTJFNzNGRjc3QzM3NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+lw98NPAnPABe6s0kW6hwiOUP
eFJhpe6yn9iWrlFxZjvLMi564ZJGz0WQe78ABPwaDyLTi9hbRdpc9hOg4ARl1s+w
5tYnlVmGcgmP30bNDlXRReAukO3wwosF611rJtsH2UYydLgreA++WcTUim7v+AoT
ODIUHZrVFVDz10T9yJEeMSZeFjWwglAH39Ff1C5GpI8BkGCAa4piJGsa6/uWV5iD
X0zRtoWx0eCfb2TqbaMCHNQUmuuM9ieKND0LAj8HkVw/go4YXle2Khp1tWJSmBeW
pJ+q/IhNsKZnKvZPOMixUKFCXBru3F7mAd3WdL0dN90Ju+BCweZZ21q/ZRDNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgXFsWa85RYqIdRCGEeLnP/d8N3IwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0MDI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQv1
MA0GCSqGSIb3DQEBCwUAA4IBAQAtPKIDJzxJsV//UalzkquhFFTQbv3XEglQhJth
foX0FABfi13wlUh+5eu9gBZveWLFV+vuugWrdS37P4xEnJFVn7Y5+KteXdNYdn/F
OnmjoIbUyRi19t7KdtOv914cjuPfeVdYpRaVlWT3EtFYUy2lCKiOv8CFHPHHLWiE
mXy9kVwOKivBFtr09TIHTg/tSOtoDYi5hOKnn8hHXDBOKwq+Z4B0U6U8RdkFl03m
0JjIWJezsPZDaY0C5IEddaCvlp90WFVhVIP4kzS/byR5ssZsKQnMS3waoSPq7Gbn
QYoEALLoLVCdeGyEaqctRaEVrig1rN79effAGGdszT+7ROML
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:37:21 2024 by rpki-client on console-fra.rpki-client.org