Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216458.roa
File:                     AS216458.roa (raw, json)
Hash identifier:          8oe2bCNcSPxcqqOC43OwgY3YSOtLGzv6OCHA4VNUX60=
Subject key identifier:   8E:80:38:9B:22:72:C0:7C:D2:2C:91:D2:EF:4D:91:51:24:86:88:4D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5A48E7AF46D751B83E4C9D0680F004596D8F4C14
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216458.roa
Signing time:             Wed 05 Jun 2024 03:25:58 +0000
ROA not before:           Wed 05 Jun 2024 03:20:58 +0000
ROA not after:            Wed 04 Jun 2025 03:25:58 +0000
asID:                     216458
IP address blocks:        141.11.56.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:48:e7:af:46:d7:51:b8:3e:4c:9d:06:80:f0:04:59:6d:8f:4c:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  5 03:20:58 2024 GMT
            Not After : Jun  4 03:25:58 2025 GMT
        Subject: CN=8E80389B2272C07CD22C91D2EF4D91512486884D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:33:a3:24:4f:ab:e9:0f:f4:ff:a4:4b:03:5a:
                    d9:cb:ee:ae:8a:fb:de:d1:92:2d:2f:ad:91:67:8d:
                    4a:0a:a1:37:f2:ce:6d:d8:85:a5:dd:17:d7:d3:11:
                    e4:b7:e7:f6:ab:5c:17:c1:e7:8b:4a:1e:92:6d:5f:
                    89:6a:fc:17:52:46:32:ad:7a:48:b0:a4:08:de:d5:
                    c1:52:2a:69:b3:24:58:e6:0b:83:f7:49:06:9c:88:
                    f2:68:f6:b3:37:77:7c:ab:a4:34:c8:50:7f:19:8a:
                    d9:e2:89:25:ca:37:c5:4c:81:4d:3f:34:4c:fc:e8:
                    56:20:1f:75:df:92:d2:49:d9:28:0c:0f:95:20:50:
                    8f:65:57:14:b0:fc:65:38:c2:45:2f:56:11:54:c7:
                    70:b9:ca:6b:b8:2c:94:34:e6:6d:66:cb:f5:f3:95:
                    3b:ad:31:4d:c3:bd:80:a2:5d:93:b4:b9:84:91:10:
                    78:d8:e2:20:c0:85:27:94:43:4e:17:e7:6f:37:fd:
                    9d:b2:03:fc:15:d4:bf:b0:4f:97:1b:34:f7:92:d3:
                    6c:71:98:f1:4e:22:6c:d4:cb:af:ab:59:13:8e:84:
                    2a:68:5a:e5:5e:9d:8e:c1:67:82:18:8e:af:c2:21:
                    6c:4f:7b:6d:08:11:31:2f:aa:75:93:e0:4b:cc:84:
                    a6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:80:38:9B:22:72:C0:7C:D2:2C:91:D2:EF:4D:91:51:24:86:88:4D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216458.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:03:e6:c8:f5:f8:ef:48:e6:08:fb:79:1a:e3:9e:53:39:1b:
         96:38:dc:7e:39:65:61:08:b1:12:88:1c:12:f5:e3:31:37:2d:
         fb:57:6d:b5:11:7c:7a:03:3d:5a:37:38:9d:73:3e:d8:40:9f:
         d4:d2:04:b2:b5:2f:bd:81:42:9b:26:7d:48:18:80:14:fa:7a:
         6d:8b:eb:1f:e2:9c:97:46:22:c7:d4:f2:aa:61:06:bd:25:cd:
         48:96:06:bd:88:28:4b:37:8d:05:d9:74:9a:07:57:e9:45:4c:
         c7:f0:ce:1c:d0:0c:0a:a9:2f:c4:b5:d5:14:6c:71:5f:f4:06:
         a5:bc:22:15:b2:c0:ef:8c:35:05:6a:2f:0e:2c:11:3d:1b:b6:
         16:ac:ee:5e:89:2c:3d:97:08:b6:84:9a:dc:68:b7:37:2c:22:
         54:f0:33:a8:d0:56:b6:8e:4d:d6:06:0b:31:40:12:a4:2e:c7:
         42:9b:ab:55:de:c1:88:4f:2e:3d:67:e7:7d:2a:ed:e7:a1:19:
         77:88:b5:87:d1:5f:24:73:11:08:2d:ec:15:64:4d:ee:b5:9c:
         9c:42:a8:90:c6:6c:f9:03:af:22:58:fc:d3:8f:61:c6:f0:c1:
         90:05:41:ee:b7:c8:6a:73:4f:c2:77:82:56:d5:88:78:ed:03:
         f2:e8:cd:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWkjnr0bXUbg+TJ0GgPAEWW2PTBQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA2MDUwMzIwNThaFw0yNTA2MDQwMzI1NThaMDMxMTAvBgNV
BAMTKDhFODAzODlCMjI3MkMwN0NEMjJDOTFEMkVGNEQ5MTUxMjQ4Njg4NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUM6MkT6vpD/T/pEsDWtnL7q6K
+97Rki0vrZFnjUoKoTfyzm3YhaXdF9fTEeS35/arXBfB54tKHpJtX4lq/BdSRjKt
ekiwpAje1cFSKmmzJFjmC4P3SQaciPJo9rM3d3yrpDTIUH8ZitniiSXKN8VMgU0/
NEz86FYgH3XfktJJ2SgMD5UgUI9lVxSw/GU4wkUvVhFUx3C5ymu4LJQ05m1my/Xz
lTutMU3DvYCiXZO0uYSREHjY4iDAhSeUQ04X5283/Z2yA/wV1L+wT5cbNPeS02xx
mPFOImzUy6+rWROOhCpoWuVenY7BZ4IYjq/CIWxPe20IETEvqnWT4EvMhKY/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjoA4myJywHzSLJHS702RUSSGiE0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE2NDU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQs4
MA0GCSqGSIb3DQEBCwUAA4IBAQB0A+bI9fjvSOYI+3ka455TORuWONx+OWVhCLES
iBwS9eMxNy37V221EXx6Az1aNzidcz7YQJ/U0gSytS+9gUKbJn1IGIAU+npti+sf
4pyXRiLH1PKqYQa9Jc1Ilga9iChLN40F2XSaB1fpRUzH8M4c0AwKqS/EtdUUbHFf
9AalvCIVssDvjDUFai8OLBE9G7YWrO5eiSw9lwi2hJrcaLc3LCJU8DOo0Fa2jk3W
BgsxQBKkLsdCm6tV3sGITy49Z+d9Ku3noRl3iLWH0V8kcxEILewVZE3utZycQqiQ
xmz5A68iWPzTj2HG8MGQBUHut8hqc0/Cd4JW1Yh47QPy6M3o
-----END CERTIFICATE-----