Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215453.roa
File:                     AS215453.roa (raw, json)
Hash identifier:          tsUqOYr3Sdm+3rbIAsj97SzGiRikiXAFcm3+lB6wMNk=
Subject key identifier:   01:65:C6:15:21:40:C5:8D:8B:04:75:6C:D8:23:14:15:CF:DC:FF:0D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       20C2F1E033A0FDCEE136AD1E7CFC4F910D9F9B02
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215453.roa
Signing time:             Sat 09 Mar 2024 01:33:07 +0000
ROA not before:           Sat 09 Mar 2024 01:28:07 +0000
ROA not after:            Sat 08 Mar 2025 01:33:07 +0000
asID:                     215453
IP address blocks:        141.11.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:c2:f1:e0:33:a0:fd:ce:e1:36:ad:1e:7c:fc:4f:91:0d:9f:9b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  9 01:28:07 2024 GMT
            Not After : Mar  8 01:33:07 2025 GMT
        Subject: CN=0165C6152140C58D8B04756CD8231415CFDCFF0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bb:aa:ae:72:7a:f8:a1:47:14:23:f5:ae:97:
                    d7:8b:df:1e:70:fb:05:e1:7b:46:3b:2e:62:9f:80:
                    23:d7:00:13:da:e7:e3:c1:58:54:6c:66:82:5d:b7:
                    df:79:ac:c0:63:f8:23:15:23:12:1f:f6:7c:f6:1c:
                    fa:fb:ac:6c:af:69:37:29:6a:5e:5e:be:96:59:b1:
                    54:79:ad:d5:63:a9:25:a4:50:5d:7c:5f:03:29:49:
                    0b:48:93:8c:fc:6f:61:5b:77:bf:d2:40:5b:43:86:
                    06:fb:79:67:04:cc:07:f7:66:f6:c3:51:72:fd:bc:
                    6f:f0:f7:ab:87:07:ba:59:4a:57:82:61:3d:f4:b8:
                    3f:b3:b8:8c:86:a6:e7:6c:80:3c:71:97:df:a7:86:
                    52:e0:a6:9c:09:9c:dd:f1:c7:11:26:7e:bb:bc:49:
                    7a:c8:2f:8e:b7:f9:cf:87:5d:46:84:06:76:1c:ce:
                    40:ae:23:08:2e:fa:04:4e:d3:69:91:bf:0f:04:8c:
                    8a:e8:af:a2:0a:88:d7:4a:66:b2:79:94:48:8b:ca:
                    b0:47:ac:5e:81:37:6a:ba:9f:9d:05:61:f7:89:a2:
                    e9:12:7a:69:29:ba:1f:d6:fb:77:bb:e1:ab:2f:3a:
                    50:61:cb:ce:c1:93:8a:c1:a8:77:cc:e4:0f:bb:00:
                    f4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:65:C6:15:21:40:C5:8D:8B:04:75:6C:D8:23:14:15:CF:DC:FF:0D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS215453.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:53:f0:2c:ce:e0:fa:ff:2c:45:e6:da:9c:33:aa:74:bf:e0:
         30:63:46:67:81:7f:d3:8c:56:fd:47:0e:65:9c:f7:2d:d9:68:
         f2:21:86:a0:49:ce:cd:05:10:b2:12:47:d6:a4:7e:d5:37:f0:
         ec:95:af:28:0d:83:b1:15:46:15:cf:82:d9:a0:6f:f8:6a:d0:
         df:f6:af:bb:43:f3:79:04:83:5a:7d:fd:a7:b6:90:6e:d2:67:
         4c:22:3a:6b:1f:54:ed:9d:22:f4:1a:f4:72:e7:7c:d9:f7:28:
         62:9e:a3:40:49:ca:95:dd:be:d5:67:ac:4f:2b:18:83:52:4d:
         90:08:8b:88:e1:b5:0e:9c:9a:0f:61:1a:6c:00:58:58:e2:21:
         4d:de:9e:d7:92:e0:c6:de:60:bb:6b:d0:e9:03:d9:f6:ce:9b:
         fb:1c:b3:09:37:4f:46:32:ea:c7:00:84:56:f5:58:5a:95:c2:
         a2:b0:b6:5b:42:c4:c0:be:f6:f3:61:03:b1:2e:c1:74:01:5b:
         f4:21:e5:72:3f:6b:9f:3f:84:3b:42:20:bf:75:1e:90:f8:23:
         65:6d:55:b2:51:6d:91:0b:e7:12:8d:06:d7:df:8f:1c:dc:bd:
         64:06:c8:8b:02:19:87:81:83:3a:9b:ac:2a:6f:76:20:6c:7b:
         7a:6f:28:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIMLx4DOg/c7hNq0efPxPkQ2fmwIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAzMDkwMTI4MDdaFw0yNTAzMDgwMTMzMDdaMDMxMTAvBgNV
BAMTKDAxNjVDNjE1MjE0MEM1OEQ4QjA0NzU2Q0Q4MjMxNDE1Q0ZEQ0ZGMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgu6qucnr4oUcUI/Wul9eL3x5w
+wXhe0Y7LmKfgCPXABPa5+PBWFRsZoJdt995rMBj+CMVIxIf9nz2HPr7rGyvaTcp
al5evpZZsVR5rdVjqSWkUF18XwMpSQtIk4z8b2Fbd7/SQFtDhgb7eWcEzAf3ZvbD
UXL9vG/w96uHB7pZSleCYT30uD+zuIyGpudsgDxxl9+nhlLgppwJnN3xxxEmfru8
SXrIL463+c+HXUaEBnYczkCuIwgu+gRO02mRvw8EjIror6IKiNdKZrJ5lEiLyrBH
rF6BN2q6n50FYfeJoukSemkpuh/W+3e74asvOlBhy87Bk4rBqHfM5A+7APQvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAWXGFSFAxY2LBHVs2CMUFc/c/w0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE1NDUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtk
MA0GCSqGSIb3DQEBCwUAA4IBAQBLU/AszuD6/yxF5tqcM6p0v+AwY0ZngX/TjFb9
Rw5lnPct2WjyIYagSc7NBRCyEkfWpH7VN/Dsla8oDYOxFUYVz4LZoG/4atDf9q+7
Q/N5BINaff2ntpBu0mdMIjprH1TtnSL0GvRy53zZ9yhinqNAScqV3b7VZ6xPKxiD
Uk2QCIuI4bUOnJoPYRpsAFhY4iFN3p7XkuDG3mC7a9DpA9n2zpv7HLMJN09GMurH
AIRW9VhalcKisLZbQsTAvvbzYQOxLsF0AVv0IeVyP2ufP4Q7QiC/dR6Q+CNlbVWy
UW2RC+cSjQbX348c3L1kBsiLAhmHgYM6m6wqb3YgbHt6byi2
-----END CERTIFICATE-----