Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa
File:                     AS216414.roa (raw, json)
Hash identifier:          ejuEJ1BqlvIq02E3ikk6sTu1ozEbo/Gha1QKxDAoUsA=
Subject key identifier:   F0:E1:A2:CA:FB:90:36:59:73:50:F4:8E:01:F4:6E:70:05:37:1D:53
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       26AED70102A90033A42DCB86E8C36D1F1436702D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa
Signing time:             Wed 15 Nov 2023 05:06:16 +0000
ROA not before:           Wed 15 Nov 2023 05:01:16 +0000
ROA not after:            Wed 13 Nov 2024 05:06:16 +0000
asID:                     216414
IP address blocks:        141.11.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:ae:d7:01:02:a9:00:33:a4:2d:cb:86:e8:c3:6d:1f:14:36:70:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 15 05:01:16 2023 GMT
            Not After : Nov 13 05:06:16 2024 GMT
        Subject: CN=F0E1A2CAFB9036597350F48E01F46E7005371D53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:1b:5c:c4:df:52:7b:64:35:76:9a:c4:8d:3b:
                    aa:df:b1:b1:84:f6:fc:af:91:25:ef:45:56:89:68:
                    21:1e:d2:93:61:7b:35:96:d1:c6:33:35:88:57:79:
                    f4:61:0f:c1:cc:f3:a2:7c:08:74:c6:28:52:ef:17:
                    33:fe:cc:c4:ff:87:41:2c:87:9b:9f:62:74:a6:75:
                    b1:b6:3d:b0:56:3f:a9:a8:68:11:bf:76:25:23:55:
                    24:e6:f7:4f:57:7d:9e:3c:12:f6:66:c6:dc:74:fd:
                    f7:e1:bd:09:8c:ed:cc:4d:39:2c:f8:ce:1b:6b:2c:
                    e2:61:e3:fa:95:9f:35:1e:7f:ab:37:78:fa:bc:02:
                    08:13:dd:c4:96:b0:44:b1:4b:94:77:78:c8:99:cb:
                    4a:19:ea:55:b4:8b:0d:9b:82:f6:8c:5a:7a:f7:ef:
                    15:22:c2:86:2a:ea:3c:cb:78:b5:f2:cb:9a:b2:6d:
                    0d:64:04:5e:38:f9:83:41:5e:43:0d:a9:e1:c5:3d:
                    e8:ba:b0:79:bc:fa:36:6c:59:3d:89:b7:79:3c:69:
                    f5:be:e3:2b:bc:5d:d8:a8:7e:d4:99:f9:a9:18:bf:
                    bb:f6:db:ed:1e:b4:26:7f:95:28:38:8f:2b:88:02:
                    b8:27:a7:c7:6c:f5:c2:fe:05:8e:b6:82:d8:11:1e:
                    fe:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:E1:A2:CA:FB:90:36:59:73:50:F4:8E:01:F4:6E:70:05:37:1D:53
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:53:f8:73:4d:67:92:d4:27:25:74:6f:82:40:c3:d2:38:27:
         ea:96:9b:49:d7:99:15:62:db:a0:3b:89:e7:30:57:4e:ba:1f:
         9d:5a:a0:d8:05:3b:f8:77:2c:e1:6f:e5:41:99:aa:68:c2:78:
         ad:b2:5f:87:d3:72:a2:43:e9:67:a1:8f:21:56:6c:cb:29:77:
         2d:98:3d:fc:d0:71:3e:14:0d:a5:f5:ed:16:45:1c:82:3e:38:
         01:e3:66:46:78:7c:9f:ef:62:ba:bc:d8:d4:4c:a5:00:68:b0:
         d9:01:91:bc:a8:5a:1c:1c:c6:b4:f9:d7:d7:d6:bc:d9:92:9c:
         8f:43:ba:d0:69:3a:37:52:06:a0:f4:b8:ac:74:c0:df:40:46:
         c7:40:c3:85:6a:ee:cd:6a:0d:1f:78:ac:76:ff:87:55:cb:52:
         93:a9:a9:40:76:e5:85:b8:19:6a:8a:f5:92:d6:c2:f6:8b:d4:
         00:43:aa:55:5b:b6:4b:7f:7d:42:fb:b4:e2:9e:38:3d:b9:5b:
         c3:70:b1:59:04:2c:96:4a:b6:26:92:41:f1:34:68:ca:ea:bb:
         22:6e:01:62:5a:40:e4:4e:74:72:c9:e1:29:ad:d6:e4:9b:84:
         24:5a:46:c5:1c:9a:29:d9:16:69:a4:f2:3b:7d:af:19:20:c9:
         37:0a:81:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJq7XAQKpADOkLcuG6MNtHxQ2cC0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMTUwNTAxMTZaFw0yNDExMTMwNTA2MTZaMDMxMTAvBgNV
BAMTKEYwRTFBMkNBRkI5MDM2NTk3MzUwRjQ4RTAxRjQ2RTcwMDUzNzFENTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRG1zE31J7ZDV2msSNO6rfsbGE
9vyvkSXvRVaJaCEe0pNhezWW0cYzNYhXefRhD8HM86J8CHTGKFLvFzP+zMT/h0Es
h5ufYnSmdbG2PbBWP6moaBG/diUjVSTm909XfZ48EvZmxtx0/ffhvQmM7cxNOSz4
zhtrLOJh4/qVnzUef6s3ePq8AggT3cSWsESxS5R3eMiZy0oZ6lW0iw2bgvaMWnr3
7xUiwoYq6jzLeLXyy5qybQ1kBF44+YNBXkMNqeHFPei6sHm8+jZsWT2Jt3k8afW+
4yu8XdioftSZ+akYv7v22+0etCZ/lSg4jyuIArgnp8ds9cL+BY62gtgRHv5ZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU8OGiyvuQNllzUPSOAfRucAU3HVMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE2NDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQv3
MA0GCSqGSIb3DQEBCwUAA4IBAQCEU/hzTWeS1CcldG+CQMPSOCfqlptJ15kVYtug
O4nnMFdOuh+dWqDYBTv4dyzhb+VBmapownitsl+H03KiQ+lnoY8hVmzLKXctmD38
0HE+FA2l9e0WRRyCPjgB42ZGeHyf72K6vNjUTKUAaLDZAZG8qFocHMa0+dfX1rzZ
kpyPQ7rQaTo3Ugag9LisdMDfQEbHQMOFau7Nag0feKx2/4dVy1KTqalAduWFuBlq
ivWS1sL2i9QAQ6pVW7ZLf31C+7Tinjg9uVvDcLFZBCyWSrYmkkHxNGjK6rsibgFi
WkDkTnRyyeEprdbkm4QkWkbFHJop2RZppPI7fa8ZIMk3CoFC
-----END CERTIFICATE-----