Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          cIbClPSz3jHbyuncNoIRbM/GN455l7REFsDOaqA/VpA=
Subject key identifier:   D6:3C:17:4E:EF:60:48:AE:A8:07:29:15:77:E3:09:37:74:5F:A5:E2
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7F65620B5F3480830D9784DE24B142581A0059DF
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa
Signing time:             Sun 17 Dec 2023 21:17:18 +0000
ROA not before:           Sun 17 Dec 2023 21:12:18 +0000
ROA not after:            Sun 15 Dec 2024 21:17:18 +0000
asID:                     25369
IP address blocks:        141.11.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:65:62:0b:5f:34:80:83:0d:97:84:de:24:b1:42:58:1a:00:59:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec 17 21:12:18 2023 GMT
            Not After : Dec 15 21:17:18 2024 GMT
        Subject: CN=D63C174EEF6048AEA807291577E30937745FA5E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a0:15:fd:1d:79:22:65:f6:b1:a7:23:4b:31:
                    1a:f1:3c:c5:c2:e1:d8:5d:1a:bb:0b:43:af:c3:9d:
                    89:15:eb:be:a3:c1:f6:db:2d:db:80:1b:e7:10:61:
                    4f:f5:51:02:28:5c:fc:6a:98:79:1a:36:26:67:f1:
                    ce:20:ee:5d:41:88:70:dd:c6:e7:91:78:67:4b:e0:
                    5c:d1:c2:56:f4:a1:5a:f5:25:b3:e9:d9:98:1f:d7:
                    f4:d7:ba:d4:6a:d1:91:94:29:37:54:1c:b7:0b:f5:
                    cb:25:2e:30:82:5c:7a:02:2a:69:4f:45:87:0d:21:
                    7c:06:8f:f0:1f:f9:7f:96:45:9c:0a:27:a6:53:17:
                    dc:20:ce:b2:f4:f7:ba:23:62:bc:0b:fd:fe:03:dc:
                    10:a6:e9:95:63:2a:c8:e4:9c:54:d5:62:b3:e5:7b:
                    cc:2d:9c:03:f0:b3:54:11:1b:b2:33:bf:05:b7:8a:
                    7e:4e:b9:cc:79:f1:6d:79:01:26:7b:65:98:1b:84:
                    c1:14:9c:ad:17:3f:a9:3b:bc:a7:27:10:39:30:f9:
                    75:5f:c2:ef:ea:c5:5c:c4:12:83:79:ab:36:1d:73:
                    ae:be:20:a4:e2:9b:d4:43:cc:06:50:61:33:13:29:
                    f9:d2:9a:db:a6:4b:34:f2:80:24:66:83:e0:1a:7f:
                    77:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3C:17:4E:EF:60:48:AE:A8:07:29:15:77:E3:09:37:74:5F:A5:E2
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:79:40:6e:b1:26:da:84:54:18:f7:fe:d9:94:e8:be:16:c3:
         c8:2d:04:04:dd:f1:48:b9:34:22:3a:73:75:e5:25:60:08:34:
         87:67:1d:95:6e:a1:d5:d3:8a:33:24:a8:27:aa:cf:41:27:e0:
         44:3a:dd:9d:0b:97:6b:4d:e9:7c:5f:a9:e7:f7:cc:6f:45:77:
         93:cf:78:1c:bc:3e:30:56:4f:1b:fc:5d:52:d5:71:ca:e7:59:
         62:a3:89:9f:d1:d9:83:40:45:82:77:6c:09:8b:f9:59:5c:b4:
         92:2f:18:41:d5:f8:7d:f9:6f:77:2b:ca:57:1e:bc:c0:62:ad:
         dc:d5:7f:36:16:d7:83:2a:e5:10:1a:98:8a:20:e7:7f:ee:2b:
         da:47:27:69:48:9e:f9:ca:dd:b6:e7:53:0d:0e:da:b4:fd:83:
         d0:ba:01:64:5f:0a:e6:ea:39:e9:fa:93:c6:69:f1:cb:ec:8c:
         53:a4:ea:92:8a:50:9b:ae:7b:8d:23:f8:6d:a2:fa:76:59:21:
         2b:2c:e6:29:4a:7d:68:06:97:3c:63:d9:15:4b:57:b1:23:96:
         68:74:48:51:9c:1d:a7:38:5d:9e:86:67:85:52:0a:34:bb:f2:
         80:23:6a:f8:7f:03:ff:2a:bd:f8:11:73:27:94:d6:27:74:0f:
         10:c4:e8:44
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUf2ViC180gIMNl4TeJLFCWBoAWd8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEyMTcyMTEyMThaFw0yNDEyMTUyMTE3MThaMDMxMTAvBgNV
BAMTKEQ2M0MxNzRFRUY2MDQ4QUVBODA3MjkxNTc3RTMwOTM3NzQ1RkE1RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChoBX9HXkiZfaxpyNLMRrxPMXC
4dhdGrsLQ6/DnYkV676jwfbbLduAG+cQYU/1UQIoXPxqmHkaNiZn8c4g7l1BiHDd
xueReGdL4FzRwlb0oVr1JbPp2Zgf1/TXutRq0ZGUKTdUHLcL9cslLjCCXHoCKmlP
RYcNIXwGj/Af+X+WRZwKJ6ZTF9wgzrL097ojYrwL/f4D3BCm6ZVjKsjknFTVYrPl
e8wtnAPws1QRG7IzvwW3in5Oucx58W15ASZ7ZZgbhMEUnK0XP6k7vKcnEDkw+XVf
wu/qxVzEEoN5qzYdc66+IKTim9RDzAZQYTMTKfnSmtumSzTygCRmg+Aaf3cfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU1jwXTu9gSK6oBykVd+MJN3RfpeIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCyMw
DQYJKoZIhvcNAQELBQADggEBAFN5QG6xJtqEVBj3/tmU6L4Ww8gtBATd8Ui5NCI6
c3XlJWAINIdnHZVuodXTijMkqCeqz0En4EQ63Z0Ll2tN6Xxfqef3zG9Fd5PPeBy8
PjBWTxv8XVLVccrnWWKjiZ/R2YNARYJ3bAmL+VlctJIvGEHV+H35b3crylcevMBi
rdzVfzYW14Mq5RAamIog53/uK9pHJ2lInvnK3bbnUw0O2rT9g9C6AWRfCubqOen6
k8Zp8cvsjFOk6pKKUJuue40j+G2i+nZZISss5ilKfWgGlzxj2RVLV7Ejlmh0SFGc
Hac4XZ6GZ4VSCjS78oAjavh/A/8qvfgRcyeU1id0DxDE6EQ=
-----END CERTIFICATE-----