Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216253.roa
File:                     AS216253.roa (raw, json)
Hash identifier:          5zx9F7gUufJOYsQyIHNxeFZBXSvdtugexBaNIKRnNHs=
Subject key identifier:   FC:73:59:F0:A2:E7:78:62:AD:28:97:07:78:B2:B0:C5:9B:9F:F5:8B
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0DB9EC104CF83A34F96A56BDEA2C7765E3B1EEC9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216253.roa
Signing time:             Thu 29 Feb 2024 03:27:36 +0000
ROA not before:           Thu 29 Feb 2024 03:22:36 +0000
ROA not after:            Thu 27 Feb 2025 03:27:36 +0000
asID:                     216253
IP address blocks:        141.11.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:b9:ec:10:4c:f8:3a:34:f9:6a:56:bd:ea:2c:77:65:e3:b1:ee:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 29 03:22:36 2024 GMT
            Not After : Feb 27 03:27:36 2025 GMT
        Subject: CN=FC7359F0A2E77862AD28970778B2B0C59B9FF58B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:1c:33:f1:80:79:8c:4f:43:0f:7d:df:c7:99:
                    2b:cd:f1:88:d8:f9:cf:b1:5c:6d:96:a1:f1:20:b3:
                    54:64:b6:cf:9a:0f:9f:72:86:62:1d:2e:f3:3b:6a:
                    e2:2b:0a:53:ae:9b:3e:69:0c:73:5d:fe:77:9b:82:
                    0b:ce:1d:aa:e2:3a:93:71:cd:ea:10:6b:dc:aa:f8:
                    96:38:82:87:48:5f:d6:63:8a:00:02:b3:ff:31:20:
                    9b:02:2c:f3:eb:12:3e:76:1f:89:aa:75:2d:3f:eb:
                    fa:fb:18:52:32:ed:be:0b:d0:9d:43:ee:75:d0:0e:
                    1a:b8:c4:38:1f:27:f2:af:c8:fa:c7:15:12:dd:ba:
                    be:23:f7:94:53:bf:7e:ea:6a:5c:87:37:7a:54:3a:
                    86:ed:60:21:13:63:82:4d:ca:6b:4a:0c:4c:18:07:
                    93:9b:e2:cf:aa:11:07:ac:14:4c:6d:36:49:00:f5:
                    40:99:7c:9d:47:00:78:20:5f:a8:dd:2d:ff:79:87:
                    63:34:b9:5e:38:8b:84:71:ec:15:7d:1a:51:78:bc:
                    23:24:09:18:a5:20:5a:51:e0:14:3a:9e:95:55:e3:
                    14:5c:f3:a3:a7:1c:e7:b1:85:57:d9:61:28:11:56:
                    68:73:c2:a6:3f:72:c3:34:7b:a9:48:15:37:d0:b8:
                    c2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:73:59:F0:A2:E7:78:62:AD:28:97:07:78:B2:B0:C5:9B:9F:F5:8B
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216253.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:83:6b:85:79:f8:5f:bb:9c:88:df:1b:df:3d:7f:a7:42:25:
         27:ed:75:79:b9:99:a5:c6:66:94:e0:c0:8b:e6:73:25:5e:32:
         12:38:70:7e:df:08:3b:b8:3f:16:55:ab:b3:ec:89:31:f5:b4:
         3e:1b:55:8e:a8:53:b0:c1:88:19:30:0d:51:34:4b:b1:3e:ba:
         fc:6d:33:b1:68:ff:6d:a2:ee:80:23:89:25:d0:62:fd:85:89:
         e5:4c:08:af:59:e0:db:5e:d2:21:db:3a:9e:df:a0:d3:ae:49:
         ad:57:d2:c1:1a:e5:b6:cc:4c:81:58:94:80:f6:0e:83:f0:b6:
         be:75:5a:76:01:85:9e:b7:13:84:1a:0c:6e:8c:ff:44:c9:24:
         19:da:1e:b4:93:6a:1b:c6:ca:3a:3e:bb:a4:a8:ba:60:7a:8b:
         fe:50:56:9c:7e:8f:c2:e2:2a:1e:39:28:8a:32:76:fc:f9:df:
         f7:64:ee:b4:47:f4:91:0c:db:62:f2:9c:31:94:fd:0a:dd:19:
         ab:e7:bb:42:1f:1b:7b:8d:64:ff:79:93:a3:b5:34:c6:3c:06:
         f7:4e:6f:39:b6:6c:4d:6d:03:9f:17:ae:f5:8f:17:82:23:c5:
         cf:fd:6c:76:d3:79:2b:36:5d:1c:31:91:77:c7:c1:58:72:bf:
         e8:5d:90:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDbnsEEz4OjT5ala96ix3ZeOx7skwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAyMjkwMzIyMzZaFw0yNTAyMjcwMzI3MzZaMDMxMTAvBgNV
BAMTKEZDNzM1OUYwQTJFNzc4NjJBRDI4OTcwNzc4QjJCMEM1OUI5RkY1OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoHDPxgHmMT0MPfd/HmSvN8YjY
+c+xXG2WofEgs1Rkts+aD59yhmIdLvM7auIrClOumz5pDHNd/nebggvOHariOpNx
zeoQa9yq+JY4godIX9ZjigACs/8xIJsCLPPrEj52H4mqdS0/6/r7GFIy7b4L0J1D
7nXQDhq4xDgfJ/KvyPrHFRLdur4j95RTv37qalyHN3pUOobtYCETY4JNymtKDEwY
B5Ob4s+qEQesFExtNkkA9UCZfJ1HAHggX6jdLf95h2M0uV44i4Rx7BV9GlF4vCMk
CRilIFpR4BQ6npVV4xRc86OnHOexhVfZYSgRVmhzwqY/csM0e6lIFTfQuMLLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/HNZ8KLneGKtKJcHeLKwxZuf9YswHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE2MjUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtF
MA0GCSqGSIb3DQEBCwUAA4IBAQBKg2uFefhfu5yI3xvfPX+nQiUn7XV5uZmlxmaU
4MCL5nMlXjISOHB+3wg7uD8WVauz7Ikx9bQ+G1WOqFOwwYgZMA1RNEuxPrr8bTOx
aP9tou6AI4kl0GL9hYnlTAivWeDbXtIh2zqe36DTrkmtV9LBGuW2zEyBWJSA9g6D
8La+dVp2AYWetxOEGgxujP9EySQZ2h60k2obxso6PrukqLpgeov+UFacfo/C4ioe
OSiKMnb8+d/3ZO60R/SRDNti8pwxlP0K3Rmr57tCHxt7jWT/eZOjtTTGPAb3Tm85
tmxNbQOfF671jxeCI8XP/Wx203krNl0cMZF3x8FYcr/oXZCZ
-----END CERTIFICATE-----