Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216362.roa
File:                     AS216362.roa (raw, json)
Hash identifier:          iy+g8UfzrvyAT+nhVg6+2TL4IB1xBVeKFBbn2Cbf6PQ=
Subject key identifier:   A6:83:88:D9:DD:58:C7:AB:91:C8:75:05:1F:53:03:BD:9A:A8:60:AF
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2781E7D7594E5BC7E29171CC76243570AB62EE2E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216362.roa
Signing time:             Sun 25 Feb 2024 23:35:15 +0000
ROA not before:           Sun 25 Feb 2024 23:30:15 +0000
ROA not after:            Sun 23 Feb 2025 23:35:15 +0000
asID:                     216362
IP address blocks:        141.11.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:81:e7:d7:59:4e:5b:c7:e2:91:71:cc:76:24:35:70:ab:62:ee:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 25 23:30:15 2024 GMT
            Not After : Feb 23 23:35:15 2025 GMT
        Subject: CN=A68388D9DD58C7AB91C875051F5303BD9AA860AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d3:9a:f7:44:09:61:de:e6:98:46:65:f5:3d:
                    75:d5:66:58:ba:63:13:fe:46:aa:bc:35:7e:b3:41:
                    ce:b3:2e:80:2b:82:b5:1c:61:e5:05:93:da:18:79:
                    e8:32:4f:b9:21:2e:bd:b0:f5:d3:b0:51:9d:d8:56:
                    30:07:14:47:64:f6:4d:71:87:6d:4c:1c:ce:2b:20:
                    72:2e:4e:e0:bc:c1:79:d2:20:fa:b9:e6:35:20:3a:
                    a1:be:70:a7:24:03:60:c7:4a:4f:9d:4f:36:77:4e:
                    8d:a9:15:0a:ec:fa:b5:dd:ad:8d:e0:8b:09:36:03:
                    79:a8:9e:b4:60:53:18:fa:11:2e:7c:76:8a:96:5c:
                    53:07:f2:a2:87:7a:bb:cb:8c:cc:04:27:47:22:0f:
                    f0:80:43:00:2c:73:13:8a:24:34:81:0a:e9:f0:23:
                    c1:ce:78:13:45:63:48:c4:c4:25:70:e0:c9:fe:7f:
                    a6:04:7e:52:c1:58:fb:a1:61:e7:22:4b:f0:1d:6b:
                    7e:6b:83:91:58:4a:ff:7e:e9:eb:bc:47:83:3e:82:
                    35:39:43:73:29:43:18:ba:16:d6:fa:2b:02:27:5b:
                    09:b9:74:3b:52:a3:4c:7d:05:70:46:6a:a2:0a:a0:
                    cf:fa:c2:b8:c9:e1:91:c9:9c:8a:b8:ec:17:c4:61:
                    fd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:83:88:D9:DD:58:C7:AB:91:C8:75:05:1F:53:03:BD:9A:A8:60:AF
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216362.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f0:62:60:4d:b1:38:eb:17:ce:02:0b:ec:3f:8a:14:d7:44:
         e8:c2:56:4b:4e:80:37:40:bf:8f:1b:0c:91:97:67:cf:10:c7:
         68:62:52:e8:f6:2b:53:fb:6c:f0:e4:39:38:0e:32:28:a1:17:
         d7:9c:05:66:28:f2:0d:75:83:65:cb:ec:00:06:a7:c4:b4:e2:
         d6:d1:b8:d9:fe:64:92:c4:df:f7:e0:82:fe:5e:b0:df:14:3f:
         f6:db:78:0a:ed:e7:bb:3a:a1:bc:41:5b:ad:5f:e2:da:13:9b:
         56:6e:dd:13:9c:a3:b1:45:eb:db:d6:37:57:2c:4b:bb:38:6e:
         c1:77:d6:b8:9b:e2:9f:6e:0b:4b:df:bf:d8:1a:a8:57:71:c3:
         90:e6:f7:cc:18:e6:cd:5e:aa:ee:a5:28:5b:a1:6b:14:2b:4e:
         a9:74:68:ff:4d:cb:9f:cb:03:5d:b1:1f:3f:b1:1c:d5:e7:26:
         94:fb:ac:55:d6:87:00:fa:6f:cd:f2:53:f6:fc:96:a1:31:8c:
         8b:c9:1b:83:d6:c3:9b:0b:90:c6:0a:8a:3f:3b:32:db:51:aa:
         61:a1:27:87:54:6a:0b:6a:67:36:78:26:32:b0:c3:be:79:4e:
         62:d0:2e:65:70:66:bc:f9:8c:4a:26:e0:be:bd:cc:b9:06:fd:
         bf:9b:8c:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJ4Hn11lOW8fikXHMdiQ1cKti7i4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAyMjUyMzMwMTVaFw0yNTAyMjMyMzM1MTVaMDMxMTAvBgNV
BAMTKEE2ODM4OEQ5REQ1OEM3QUI5MUM4NzUwNTFGNTMwM0JEOUFBODYwQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh05r3RAlh3uaYRmX1PXXVZli6
YxP+Rqq8NX6zQc6zLoArgrUcYeUFk9oYeegyT7khLr2w9dOwUZ3YVjAHFEdk9k1x
h21MHM4rIHIuTuC8wXnSIPq55jUgOqG+cKckA2DHSk+dTzZ3To2pFQrs+rXdrY3g
iwk2A3monrRgUxj6ES58doqWXFMH8qKHervLjMwEJ0ciD/CAQwAscxOKJDSBCunw
I8HOeBNFY0jExCVw4Mn+f6YEflLBWPuhYeciS/Ada35rg5FYSv9+6eu8R4M+gjU5
Q3MpQxi6Ftb6KwInWwm5dDtSo0x9BXBGaqIKoM/6wrjJ4ZHJnIq47BfEYf0ZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpoOI2d1Yx6uRyHUFH1MDvZqoYK8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE2MzYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQv1
MA0GCSqGSIb3DQEBCwUAA4IBAQBp8GJgTbE46xfOAgvsP4oU10TowlZLToA3QL+P
GwyRl2fPEMdoYlLo9itT+2zw5Dk4DjIooRfXnAVmKPINdYNly+wABqfEtOLW0bjZ
/mSSxN/34IL+XrDfFD/223gK7ee7OqG8QVutX+LaE5tWbt0TnKOxRevb1jdXLEu7
OG7Bd9a4m+KfbgtL37/YGqhXccOQ5vfMGObNXqrupShboWsUK06pdGj/TcufywNd
sR8/sRzV5yaU+6xV1ocA+m/N8lP2/JahMYyLyRuD1sObC5DGCoo/OzLbUaphoSeH
VGoLamc2eCYysMO+eU5i0C5lcGa8+YxKJuC+vcy5Bv2/m4yP
-----END CERTIFICATE-----