Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          fw+Y8bedQCPr+zvyo+PJgpmRWFFelm5hx9zHVzDVCd4=
Subject key identifier:   6B:36:7E:18:AF:3F:12:0C:CA:AA:7E:40:EF:7C:A4:7C:50:DE:E8:CF
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7B56982346D827AA8363339B37CA5D7442E91A9B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa
Signing time:             Sun 17 Nov 2024 21:43:28 +0000
ROA not before:           Sun 17 Nov 2024 21:38:28 +0000
ROA not after:            Sun 16 Nov 2025 21:43:28 +0000
asID:                     25369
IP address blocks:        141.11.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:56:98:23:46:d8:27:aa:83:63:33:9b:37:ca:5d:74:42:e9:1a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 17 21:38:28 2024 GMT
            Not After : Nov 16 21:43:28 2025 GMT
        Subject: CN=6B367E18AF3F120CCAAA7E40EF7CA47C50DEE8CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:11:0c:af:91:f6:90:12:5d:03:b6:10:05:57:
                    87:ec:f3:fb:84:3a:ca:c3:6d:c3:01:95:5c:26:5b:
                    0e:94:12:05:94:04:5e:0a:e0:59:c0:90:b0:5a:35:
                    b1:8a:d4:9c:2a:0d:e2:31:5e:db:53:1b:72:18:70:
                    3f:0e:63:c8:e5:48:0b:f8:e6:3f:06:4a:07:a3:5e:
                    e4:04:51:93:0d:e3:17:c9:ec:fc:99:9b:9e:66:c0:
                    50:69:a2:30:d3:cb:86:bd:e1:bd:15:14:c9:41:ca:
                    c0:5e:67:97:4f:ee:95:6e:a1:ac:00:65:1f:0b:1e:
                    35:88:97:3a:6d:dd:d0:1a:f2:97:c4:ba:e2:e7:68:
                    ec:dd:b0:95:bd:64:87:98:77:9f:7c:04:ad:f6:62:
                    7c:93:24:cf:84:64:66:90:a1:59:b4:96:32:55:a5:
                    74:ff:b9:8a:8a:8f:2b:8b:d4:a8:56:0b:b5:2f:61:
                    5f:1f:a7:d4:5a:c3:e4:7b:6b:a7:4e:8c:88:48:b8:
                    21:ec:47:93:a2:76:4c:cb:8d:4e:95:c6:ec:40:cf:
                    b9:63:94:9d:fe:c6:ae:4f:18:8c:f4:80:34:50:92:
                    40:56:d2:f1:5c:a0:0e:31:43:49:c1:d4:d8:be:fd:
                    a7:fa:2f:b7:be:01:52:24:01:91:c2:f5:4a:22:30:
                    5f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:36:7E:18:AF:3F:12:0C:CA:AA:7E:40:EF:7C:A4:7C:50:DE:E8:CF
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:2a:ca:8e:32:22:f6:4c:9c:98:86:35:6e:dd:06:4d:64:36:
         60:24:7c:c1:b7:d6:cc:17:33:64:fd:d7:90:ab:57:37:bf:34:
         e5:b2:c9:f5:e6:8c:72:4c:6c:f8:79:56:f6:35:df:c8:46:52:
         c2:99:cd:f3:66:9b:ce:44:5b:9a:2e:ea:84:0f:8d:35:cf:a9:
         03:16:24:5e:36:b2:5a:26:46:42:0d:d5:0c:66:ac:52:9b:fc:
         59:de:39:48:17:55:5c:7e:d8:1f:e9:22:23:1a:9a:03:52:46:
         48:6e:19:45:29:7f:b6:e0:dc:a2:b8:e2:fa:88:a1:b9:73:4c:
         11:2d:8d:68:98:8c:d9:ba:e4:d3:c3:6d:f8:40:5f:ed:fa:0f:
         a9:71:a2:4d:a5:85:da:d4:f9:ca:9f:4d:fb:ab:34:d2:7f:3f:
         46:f6:4a:90:96:4c:77:c9:3a:2f:50:c2:1b:10:d5:20:e8:83:
         26:62:70:10:c3:d8:11:82:70:a3:c4:9f:9f:e0:08:8c:f4:46:
         a3:8b:7a:f2:84:3f:c0:ac:ff:87:6d:0f:3b:a0:87:48:71:de:
         ca:ce:7f:35:a3:a7:7c:d7:40:b0:24:15:8c:3f:de:61:31:e2:
         a2:63:23:c9:5c:69:c9:cf:ac:74:e6:0d:00:f0:0e:9a:ab:6b:
         c9:e5:df:c6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUe1aYI0bYJ6qDYzObN8pddELpGpswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMTcyMTM4MjhaFw0yNTExMTYyMTQzMjhaMDMxMTAvBgNV
BAMTKDZCMzY3RTE4QUYzRjEyMENDQUFBN0U0MEVGN0NBNDdDNTBERUU4Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1EQyvkfaQEl0DthAFV4fs8/uE
OsrDbcMBlVwmWw6UEgWUBF4K4FnAkLBaNbGK1JwqDeIxXttTG3IYcD8OY8jlSAv4
5j8GSgejXuQEUZMN4xfJ7PyZm55mwFBpojDTy4a94b0VFMlBysBeZ5dP7pVuoawA
ZR8LHjWIlzpt3dAa8pfEuuLnaOzdsJW9ZIeYd598BK32YnyTJM+EZGaQoVm0ljJV
pXT/uYqKjyuL1KhWC7UvYV8fp9Raw+R7a6dOjIhIuCHsR5OidkzLjU6VxuxAz7lj
lJ3+xq5PGIz0gDRQkkBW0vFcoA4xQ0nB1Ni+/af6L7e+AVIkAZHC9UoiMF+xAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUazZ+GK8/EgzKqn5A73ykfFDe6M8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCyMw
DQYJKoZIhvcNAQELBQADggEBABcqyo4yIvZMnJiGNW7dBk1kNmAkfMG31swXM2T9
15CrVze/NOWyyfXmjHJMbPh5VvY138hGUsKZzfNmm85EW5ou6oQPjTXPqQMWJF42
slomRkIN1QxmrFKb/FneOUgXVVx+2B/pIiMamgNSRkhuGUUpf7bg3KK44vqIoblz
TBEtjWiYjNm65NPDbfhAX+36D6lxok2lhdrU+cqfTfurNNJ/P0b2SpCWTHfJOi9Q
whsQ1SDogyZicBDD2BGCcKPEn5/gCIz0RqOLevKEP8Cs/4dtDzugh0hx3srOfzWj
p3zXQLAkFYw/3mEx4qJjI8lcacnPrHTmDQDwDpqra8nl38Y=
-----END CERTIFICATE-----