Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS22781.roa
File:                     AS22781.roa (raw, json)
Hash identifier:          cGhHckxUAmfOD4MFHbOf/eKMh0Ej2jgXwVKhXZe0qnw=
Subject key identifier:   AC:08:A6:81:27:27:D4:93:67:9B:3B:8B:17:05:27:D6:60:DC:D4:E7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       77092261F5FFC685389CF595DE8677D748021589
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS22781.roa
Signing time:             Tue 20 Feb 2024 14:13:29 +0000
ROA not before:           Tue 20 Feb 2024 14:08:29 +0000
ROA not after:            Tue 18 Feb 2025 14:13:29 +0000
asID:                     22781
IP address blocks:        141.11.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:09:22:61:f5:ff:c6:85:38:9c:f5:95:de:86:77:d7:48:02:15:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 20 14:08:29 2024 GMT
            Not After : Feb 18 14:13:29 2025 GMT
        Subject: CN=AC08A6812727D493679B3B8B170527D660DCD4E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:41:88:48:54:bf:50:d3:cc:f7:c3:37:bf:de:
                    96:76:20:16:cc:3f:aa:f4:e1:33:a4:5d:99:0c:b9:
                    5d:b4:68:86:bd:e0:80:0f:9f:14:cc:8a:2a:82:6d:
                    68:7e:53:6f:c8:50:60:31:90:b4:8e:c6:2b:7b:12:
                    3a:78:80:81:3f:52:4c:19:42:66:d1:08:84:58:49:
                    6f:d0:1b:6c:66:63:04:97:ee:1d:a8:43:aa:f1:42:
                    4b:9e:49:64:49:83:dd:f1:d6:8d:fb:36:c8:39:70:
                    f3:e4:72:14:b6:c0:eb:05:58:4a:40:75:8b:58:de:
                    f9:c3:c3:fe:f6:ad:c6:ae:67:64:92:97:dd:8f:cb:
                    e2:10:4c:05:0e:03:dd:b5:db:f9:ea:1b:4a:ed:9b:
                    65:59:21:49:2c:86:29:b1:18:6d:e4:e7:2e:f2:48:
                    ca:f5:29:c9:79:b2:f9:c4:c5:d9:16:71:71:7d:41:
                    bf:f5:13:c0:92:84:a6:22:05:27:51:c4:b0:4f:1d:
                    b9:13:63:a8:ee:67:f3:b4:6c:13:b2:96:bf:f7:46:
                    2c:df:0d:61:ee:70:11:be:36:1b:44:8b:35:f5:9f:
                    bd:69:1c:e7:22:34:e6:e7:88:c9:3f:f8:c0:c2:29:
                    04:fb:ee:76:47:94:3e:d6:6b:de:99:85:02:37:94:
                    57:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:08:A6:81:27:27:D4:93:67:9B:3B:8B:17:05:27:D6:60:DC:D4:E7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS22781.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:e5:d8:29:e7:33:85:ac:d8:29:68:bf:fa:ea:64:cf:09:67:
         c0:ba:06:77:86:36:e3:3b:87:3f:99:a8:80:5b:50:f9:00:6e:
         5f:56:bb:b5:cb:be:e5:c0:45:ca:bc:60:86:5d:44:bd:cf:9b:
         33:2c:d0:11:a1:ac:25:f4:3c:56:a6:49:6b:22:97:2b:f4:82:
         5c:a5:7b:a4:07:7f:9c:c1:b7:8b:9b:2f:13:9f:9c:78:3a:71:
         c2:01:51:e3:8d:e8:b9:a0:cf:aa:66:0f:9a:32:fa:e3:17:ff:
         b9:ad:0b:2c:ac:21:ee:67:0b:27:95:2e:72:0c:6e:7a:b9:b9:
         f3:2e:87:91:cb:51:d7:f1:f1:8c:a1:0f:c8:75:1d:dc:1e:7f:
         31:44:01:32:02:7a:51:df:22:05:f9:e0:b6:f8:8a:4f:ed:9b:
         df:30:73:a5:cf:76:aa:e6:09:1a:39:3d:aa:68:29:c0:da:79:
         0d:f3:2f:01:1c:75:36:2c:e5:f9:5d:29:22:55:a3:e3:9b:5e:
         3d:fc:d1:01:fc:32:58:a0:31:e2:44:0a:29:a7:ac:85:89:1f:
         fd:b4:ec:d4:f8:03:87:bd:b5:3e:a1:a1:14:71:a0:9d:c4:2e:
         e8:64:53:bf:a6:78:26:1d:28:f7:7f:f2:7f:0c:78:c7:80:6d:
         7f:b8:ba:af
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdwkiYfX/xoU4nPWV3oZ310gCFYkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAyMjAxNDA4MjlaFw0yNTAyMTgxNDEzMjlaMDMxMTAvBgNV
BAMTKEFDMDhBNjgxMjcyN0Q0OTM2NzlCM0I4QjE3MDUyN0Q2NjBEQ0Q0RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrQYhIVL9Q08z3wze/3pZ2IBbM
P6r04TOkXZkMuV20aIa94IAPnxTMiiqCbWh+U2/IUGAxkLSOxit7Ejp4gIE/UkwZ
QmbRCIRYSW/QG2xmYwSX7h2oQ6rxQkueSWRJg93x1o37Nsg5cPPkchS2wOsFWEpA
dYtY3vnDw/72rcauZ2SSl92Py+IQTAUOA9212/nqG0rtm2VZIUkshimxGG3k5y7y
SMr1Kcl5svnExdkWcXF9Qb/1E8CShKYiBSdRxLBPHbkTY6juZ/O0bBOylr/3Rizf
DWHucBG+NhtEizX1n71pHOciNObniMk/+MDCKQT77nZHlD7Wa96ZhQI3lFe3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUrAimgScn1JNnmzuLFwUn1mDc1OcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjI3ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCysw
DQYJKoZIhvcNAQELBQADggEBAKbl2CnnM4Ws2Clov/rqZM8JZ8C6BneGNuM7hz+Z
qIBbUPkAbl9Wu7XLvuXARcq8YIZdRL3PmzMs0BGhrCX0PFamSWsilyv0glyle6QH
f5zBt4ubLxOfnHg6ccIBUeON6Lmgz6pmD5oy+uMX/7mtCyysIe5nCyeVLnIMbnq5
ufMuh5HLUdfx8YyhD8h1HdwefzFEATICelHfIgX54Lb4ik/tm98wc6XPdqrmCRo5
PapoKcDaeQ3zLwEcdTYs5fldKSJVo+ObXj380QH8MligMeJECimnrIWJH/207NT4
A4e9tT6hoRRxoJ3ELuhkU7+meCYdKPd/8n8MeMeAbX+4uq8=
-----END CERTIFICATE-----