Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214259.roa
File:                     AS214259.roa (raw, json)
Hash identifier:          1YBuC2Y3nnrQB/scrA0W3r0hgeXi/O0ZCeVrc+xlQp8=
Subject key identifier:   41:2A:E1:FB:BA:6C:67:69:04:D1:8F:05:6C:8D:3A:2A:4B:17:BF:9A
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4CFFCDF059350FD25B510003CC68F241CA1E836B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214259.roa
Signing time:             Wed 04 Sep 2024 17:52:15 +0000
ROA not before:           Wed 04 Sep 2024 17:47:15 +0000
ROA not after:            Wed 03 Sep 2025 17:52:15 +0000
asID:                     214259
IP address blocks:        141.11.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:ff:cd:f0:59:35:0f:d2:5b:51:00:03:cc:68:f2:41:ca:1e:83:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep  4 17:47:15 2024 GMT
            Not After : Sep  3 17:52:15 2025 GMT
        Subject: CN=412AE1FBBA6C676904D18F056C8D3A2A4B17BF9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:47:d2:0e:70:b8:cd:ea:48:a1:37:d4:25:2d:
                    aa:3e:97:39:eb:83:9a:da:93:03:60:e0:66:60:1e:
                    26:c5:bd:77:e8:b8:36:81:c7:a8:a8:a6:f0:6c:93:
                    0e:00:cb:54:0b:b1:5e:6b:7f:b0:0d:2d:28:9f:78:
                    0d:eb:a5:80:01:40:79:71:c6:4c:a9:5f:c1:2c:76:
                    28:85:4d:6a:d2:da:6e:41:5f:bd:0c:62:33:cd:99:
                    13:3b:c5:2e:d1:e2:a4:0d:ba:68:82:0c:e5:d2:53:
                    cc:57:37:f5:91:37:7a:fa:d8:33:dd:e7:ac:44:9a:
                    17:2d:f5:cd:ab:33:6e:b2:ef:5a:c3:95:df:8f:6d:
                    ae:1d:e3:ae:f1:1b:ef:d2:e9:c7:ae:17:d2:98:e2:
                    0c:52:79:66:4b:d9:ac:51:a5:a9:bb:b2:25:d4:39:
                    e4:43:d2:c0:35:b6:b6:38:8f:b6:59:ed:39:91:8a:
                    97:d3:90:79:40:31:4b:6d:24:b9:35:56:01:74:08:
                    c0:bf:b0:e6:f4:cf:f2:30:a2:55:79:b1:4f:72:21:
                    f2:1c:41:94:88:0d:0b:76:05:5a:da:21:b1:55:23:
                    67:66:3d:e4:17:ec:47:a4:7b:a5:05:ee:54:ab:2e:
                    78:a0:95:30:4b:c3:1c:e4:fe:14:e9:e6:3a:61:6c:
                    45:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:2A:E1:FB:BA:6C:67:69:04:D1:8F:05:6C:8D:3A:2A:4B:17:BF:9A
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214259.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:05:80:2b:37:b0:b0:d7:ab:d4:c4:58:29:f9:fb:ef:3b:67:
         be:7c:3e:d4:f3:14:5e:97:9a:33:d1:1f:be:de:96:9f:c6:d9:
         e1:0d:08:58:3b:ec:b2:08:73:e9:58:d4:a2:a4:05:4b:e8:4a:
         84:8a:e6:67:33:61:7b:b9:38:83:48:96:fd:a9:2f:2a:05:46:
         48:71:ce:5c:8a:db:a2:52:84:6d:2e:56:a2:de:67:b9:3e:85:
         fd:39:9b:e8:3e:0a:8b:9d:9c:c6:e7:e2:c3:c4:55:9b:d1:85:
         9d:6c:47:14:64:d6:e6:f3:6c:ca:9f:e9:41:36:f7:f9:a9:84:
         ec:1f:76:d5:ff:ea:6b:ef:5f:d7:7d:8b:5e:6c:17:de:20:fd:
         6b:f3:e2:54:1a:9d:20:76:51:6f:b2:eb:03:bc:60:d1:bd:8e:
         cb:3b:27:b7:53:d5:da:3a:ba:3e:24:c5:11:52:87:f0:f3:06:
         5f:de:d4:2d:5c:df:b4:6f:f7:76:ca:a3:cb:1b:7e:ce:e9:8a:
         45:72:b1:33:c4:52:db:78:76:9e:1f:c8:76:83:3b:db:96:2c:
         08:b7:e7:06:0b:de:0c:19:40:30:c3:ec:f8:1c:ff:05:e9:44:
         8b:87:24:19:0d:0e:14:f2:c8:c5:c7:ba:4a:07:56:7b:db:cd:
         7f:b1:60:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTP/N8Fk1D9JbUQADzGjyQcoeg2swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA5MDQxNzQ3MTVaFw0yNTA5MDMxNzUyMTVaMDMxMTAvBgNV
BAMTKDQxMkFFMUZCQkE2QzY3NjkwNEQxOEYwNTZDOEQzQTJBNEIxN0JGOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpR9IOcLjN6kihN9QlLao+lznr
g5rakwNg4GZgHibFvXfouDaBx6iopvBskw4Ay1QLsV5rf7ANLSifeA3rpYABQHlx
xkypX8EsdiiFTWrS2m5BX70MYjPNmRM7xS7R4qQNumiCDOXSU8xXN/WRN3r62DPd
56xEmhct9c2rM26y71rDld+Pba4d467xG+/S6ceuF9KY4gxSeWZL2axRpam7siXU
OeRD0sA1trY4j7ZZ7TmRipfTkHlAMUttJLk1VgF0CMC/sOb0z/IwolV5sU9yIfIc
QZSIDQt2BVraIbFVI2dmPeQX7Eeke6UF7lSrLniglTBLwxzk/hTp5jphbEXpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQSrh+7psZ2kE0Y8FbI06KksXv5owHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0MjU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQuh
MA0GCSqGSIb3DQEBCwUAA4IBAQBpBYArN7Cw16vUxFgp+fvvO2e+fD7U8xRel5oz
0R++3pafxtnhDQhYO+yyCHPpWNSipAVL6EqEiuZnM2F7uTiDSJb9qS8qBUZIcc5c
ituiUoRtLlai3me5PoX9OZvoPgqLnZzG5+LDxFWb0YWdbEcUZNbm82zKn+lBNvf5
qYTsH3bV/+pr71/XfYtebBfeIP1r8+JUGp0gdlFvsusDvGDRvY7LOye3U9XaOro+
JMURUofw8wZf3tQtXN+0b/d2yqPLG37O6YpFcrEzxFLbeHaeH8h2gzvbliwIt+cG
C94MGUAww+z4HP8F6USLhyQZDQ4U8sjFx7pKB1Z7281/sWAb
-----END CERTIFICATE-----