Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa
File:                     AS216414.roa (raw, json)
Hash identifier:          632U/EbzV8ej7l+TndGBsR1DfZka6EZz0DsJnb1pkhM=
Subject key identifier:   D5:0E:B6:AF:90:0D:4C:6A:8B:6F:F4:7F:2D:93:EE:97:47:30:CB:ED
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7CB60AD825DEB7EE42C61211444F62B60AB078CB
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa
Signing time:             Wed 16 Oct 2024 05:43:25 +0000
ROA not before:           Wed 16 Oct 2024 05:38:25 +0000
ROA not after:            Wed 15 Oct 2025 05:43:25 +0000
asID:                     216414
IP address blocks:        141.11.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:b6:0a:d8:25:de:b7:ee:42:c6:12:11:44:4f:62:b6:0a:b0:78:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 16 05:38:25 2024 GMT
            Not After : Oct 15 05:43:25 2025 GMT
        Subject: CN=D50EB6AF900D4C6A8B6FF47F2D93EE974730CBED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:45:b1:94:0b:26:1a:29:9e:f8:9f:8e:f7:13:
                    0f:fc:49:7b:cf:b5:c9:7e:6a:b4:b1:5b:06:4f:cf:
                    cb:84:3d:cd:9e:38:2a:8e:96:1d:cd:65:24:1d:41:
                    35:61:b1:2a:17:95:e9:e1:20:b6:3a:ff:5b:58:88:
                    14:13:ef:a8:95:2a:e0:1c:d5:29:f4:8c:2c:ba:01:
                    5d:eb:b4:27:31:01:8e:d4:d3:46:79:b9:92:50:04:
                    8e:59:55:b2:bc:a5:a8:05:e7:e9:11:2c:52:ab:28:
                    18:34:e7:36:f1:8a:07:4d:9a:7f:d7:de:b1:68:95:
                    88:17:f2:1a:b4:68:7f:31:74:72:08:d4:7f:21:29:
                    60:c5:19:da:39:03:bf:bb:5d:2f:a1:da:6c:fa:19:
                    90:e0:a5:a0:96:ae:90:cb:01:64:7c:32:e0:fe:fd:
                    f1:56:71:af:2b:11:96:1a:ee:e7:d9:68:d5:07:9e:
                    15:64:bb:55:e5:11:6d:a7:4d:12:0b:47:f6:32:0e:
                    98:aa:ee:1f:ab:78:2a:8f:0c:01:03:f6:9b:f4:03:
                    ef:89:f9:b7:86:83:0b:68:76:8a:18:c3:80:0d:b4:
                    c2:28:28:2f:bc:31:77:1b:e0:d7:b7:0b:a0:d5:8d:
                    e4:13:79:8f:10:70:61:85:71:f6:0e:c7:d1:9a:7c:
                    4b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:0E:B6:AF:90:0D:4C:6A:8B:6F:F4:7F:2D:93:EE:97:47:30:CB:ED
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:69:13:6c:54:ca:32:9a:29:84:5f:7c:09:c2:d5:de:bd:07:
         28:7c:12:c5:eb:25:c0:99:10:58:3e:c3:d0:63:af:f7:9e:20:
         42:8f:d2:ba:cf:1c:36:d5:1c:80:7d:58:67:e1:90:35:67:bc:
         97:40:bb:99:af:7e:6b:be:e0:81:e1:aa:25:51:12:57:c9:e5:
         72:d6:c4:bf:15:4d:04:3f:b1:6d:f5:5a:08:78:d2:1a:1b:ca:
         ee:63:df:23:c0:d3:0e:7f:86:af:75:21:a3:64:d1:f4:68:03:
         ff:0c:83:83:29:a0:57:e6:d0:9c:86:5c:96:fc:59:31:cc:73:
         58:bc:80:c6:e4:39:ec:9f:c8:27:9c:6a:38:36:e5:5c:0f:19:
         f4:8b:75:95:76:d7:7b:34:ff:4e:a9:88:5e:e5:89:48:e9:64:
         5c:0b:e3:47:53:2a:13:43:ec:85:08:d3:84:dc:61:9d:da:9e:
         9f:65:f5:21:87:27:eb:34:f4:ab:84:e6:ce:df:27:c3:e4:61:
         3c:c5:1c:dd:bd:9f:13:ac:6a:0f:e7:d2:1c:28:d4:7e:4f:cb:
         39:31:8c:7b:03:7d:73:4e:98:c2:df:1c:00:50:6d:b8:22:a4:
         16:30:de:75:14:ec:14:cf:5f:16:65:51:86:45:ae:e9:e2:6b:
         a0:4c:e7:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfLYK2CXet+5CxhIRRE9itgqweMswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMTYwNTM4MjVaFw0yNTEwMTUwNTQzMjVaMDMxMTAvBgNV
BAMTKEQ1MEVCNkFGOTAwRDRDNkE4QjZGRjQ3RjJEOTNFRTk3NDczMENCRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJRbGUCyYaKZ74n473Ew/8SXvP
tcl+arSxWwZPz8uEPc2eOCqOlh3NZSQdQTVhsSoXlenhILY6/1tYiBQT76iVKuAc
1Sn0jCy6AV3rtCcxAY7U00Z5uZJQBI5ZVbK8pagF5+kRLFKrKBg05zbxigdNmn/X
3rFolYgX8hq0aH8xdHII1H8hKWDFGdo5A7+7XS+h2mz6GZDgpaCWrpDLAWR8MuD+
/fFWca8rEZYa7ufZaNUHnhVku1XlEW2nTRILR/YyDpiq7h+reCqPDAED9pv0A++J
+beGgwtodooYw4ANtMIoKC+8MXcb4Ne3C6DVjeQTeY8QcGGFcfYOx9GafEv/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1Q62r5ANTGqLb/R/LZPul0cwy+0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE2NDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQv3
MA0GCSqGSIb3DQEBCwUAA4IBAQCiaRNsVMoymimEX3wJwtXevQcofBLF6yXAmRBY
PsPQY6/3niBCj9K6zxw21RyAfVhn4ZA1Z7yXQLuZr35rvuCB4aolURJXyeVy1sS/
FU0EP7Ft9VoIeNIaG8ruY98jwNMOf4avdSGjZNH0aAP/DIODKaBX5tCchlyW/Fkx
zHNYvIDG5Dnsn8gnnGo4NuVcDxn0i3WVdtd7NP9OqYhe5YlI6WRcC+NHUyoTQ+yF
CNOE3GGd2p6fZfUhhyfrNPSrhObO3yfD5GE8xRzdvZ8TrGoP59IcKNR+T8s5MYx7
A31zTpjC3xwAUG24IqQWMN51FOwUz18WZVGGRa7p4mugTOcE
-----END CERTIFICATE-----