Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS268383.roa
File:                     AS268383.roa (raw, json)
Hash identifier:          5GnkZDeSSfDXufALXPLSWtz85CpgcNlXkkLNnBB8998=
Subject key identifier:   38:BD:EE:14:D1:F9:88:51:91:D3:3C:FE:95:D1:87:8C:05:6B:B0:76
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7E781634379B5838573B3BA2D6D234A8BA00C49D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS268383.roa
Signing time:             Thu 07 Mar 2024 20:50:01 +0000
ROA not before:           Thu 07 Mar 2024 20:45:01 +0000
ROA not after:            Thu 06 Mar 2025 20:50:01 +0000
asID:                     268383
IP address blocks:        141.11.114.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:78:16:34:37:9b:58:38:57:3b:3b:a2:d6:d2:34:a8:ba:00:c4:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  7 20:45:01 2024 GMT
            Not After : Mar  6 20:50:01 2025 GMT
        Subject: CN=38BDEE14D1F9885191D33CFE95D1878C056BB076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:82:0d:f7:4e:0e:07:87:eb:ce:a6:fd:91:ca:
                    a9:19:ba:ff:c4:e0:a1:ff:23:e8:da:b7:74:4f:29:
                    d6:b8:9e:5b:6f:55:b1:3d:f4:61:00:9e:7e:6a:d1:
                    25:e1:03:1c:16:06:d8:e4:5b:3a:85:82:1e:5f:97:
                    9b:ff:43:eb:f2:81:a3:39:c9:c8:ce:20:80:90:d7:
                    80:63:57:b5:7a:1c:47:aa:de:fa:35:51:40:24:5b:
                    49:2b:1d:02:92:08:79:c3:6f:7c:cd:9e:f4:81:32:
                    c2:a0:3c:42:4b:8a:46:cf:30:77:d4:dc:10:96:e7:
                    ff:66:be:40:4e:d5:17:03:2f:14:b7:88:89:55:65:
                    2a:07:be:a7:a0:6e:b7:d5:de:7b:79:9a:a9:51:0f:
                    eb:c5:34:59:f5:ed:cc:3e:6e:d5:bf:c8:ae:98:23:
                    51:56:a2:a3:50:15:e6:84:cf:7a:d9:f5:13:2f:f7:
                    78:8e:a3:26:35:df:77:3e:ec:84:0b:7e:0b:b2:02:
                    c4:35:f7:1c:ea:b8:b4:9d:2e:98:eb:2f:8c:76:23:
                    ea:11:f1:44:17:c7:46:4f:8f:bf:67:fe:f6:76:fb:
                    92:a9:e7:1f:dd:7f:de:a6:70:87:04:59:80:f0:de:
                    8b:8d:26:33:24:24:8e:5b:71:07:22:ff:b0:d7:f1:
                    15:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:BD:EE:14:D1:F9:88:51:91:D3:3C:FE:95:D1:87:8C:05:6B:B0:76
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS268383.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:57:4e:8a:60:29:df:8d:ae:77:bd:10:44:40:5e:1f:a7:7a:
         58:82:1b:45:a0:ee:49:dd:d2:db:ef:88:48:f9:f9:40:17:0b:
         c5:ba:d4:21:b9:16:c8:58:7a:4c:fa:d7:8d:cb:59:44:97:a1:
         5f:44:7a:66:b0:69:eb:4e:79:3b:42:be:b4:73:24:46:c6:c3:
         38:71:d4:45:4c:d8:68:48:49:77:20:08:6c:be:e3:1c:a9:38:
         34:2b:18:8f:8e:7e:23:ff:17:f5:72:74:5b:fb:4f:ae:cb:f6:
         23:11:b7:3a:84:e4:ea:ab:d5:60:98:41:cd:8d:20:09:6c:25:
         8f:f0:1b:65:0b:08:c0:de:f1:2f:55:08:ba:9f:78:9f:cb:e4:
         a3:39:92:f7:0e:a7:ea:86:6e:9b:3a:36:9f:7d:7c:eb:44:8a:
         fb:f6:93:d5:53:04:cb:6e:85:d7:bb:b7:fc:e3:6b:87:c6:91:
         27:b5:cf:8b:05:3c:c1:29:44:02:ba:a3:eb:18:d4:15:88:34:
         2f:9e:58:7c:10:82:07:f0:4b:1a:ee:68:0d:6b:01:a8:f4:ff:
         e7:64:c6:f5:a6:eb:42:fa:77:bd:ed:c4:4d:20:96:1b:7f:89:
         3a:ce:c0:9f:78:90:1e:58:43:bf:d9:b7:ff:25:b6:9c:24:30:
         40:d1:0a:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfngWNDebWDhXOzui1tI0qLoAxJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAzMDcyMDQ1MDFaFw0yNTAzMDYyMDUwMDFaMDMxMTAvBgNV
BAMTKDM4QkRFRTE0RDFGOTg4NTE5MUQzM0NGRTk1RDE4NzhDMDU2QkIwNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdgg33Tg4Hh+vOpv2RyqkZuv/E
4KH/I+jat3RPKda4nltvVbE99GEAnn5q0SXhAxwWBtjkWzqFgh5fl5v/Q+vygaM5
ycjOIICQ14BjV7V6HEeq3vo1UUAkW0krHQKSCHnDb3zNnvSBMsKgPEJLikbPMHfU
3BCW5/9mvkBO1RcDLxS3iIlVZSoHvqegbrfV3nt5mqlRD+vFNFn17cw+btW/yK6Y
I1FWoqNQFeaEz3rZ9RMv93iOoyY133c+7IQLfguyAsQ19xzquLSdLpjrL4x2I+oR
8UQXx0ZPj79n/vZ2+5Kp5x/df96mcIcEWYDw3ouNJjMkJI5bcQci/7DX8RUBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOL3uFNH5iFGR0zz+ldGHjAVrsHYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjY4MzgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQty
MA0GCSqGSIb3DQEBCwUAA4IBAQBwV06KYCnfja53vRBEQF4fp3pYghtFoO5J3dLb
74hI+flAFwvFutQhuRbIWHpM+teNy1lEl6FfRHpmsGnrTnk7Qr60cyRGxsM4cdRF
TNhoSEl3IAhsvuMcqTg0KxiPjn4j/xf1cnRb+0+uy/YjEbc6hOTqq9VgmEHNjSAJ
bCWP8BtlCwjA3vEvVQi6n3ify+SjOZL3Dqfqhm6bOjaffXzrRIr79pPVUwTLboXX
u7f842uHxpEntc+LBTzBKUQCuqPrGNQViDQvnlh8EIIH8Esa7mgNawGo9P/nZMb1
putC+ne97cRNIJYbf4k6zsCfeJAeWEO/2bf/JbacJDBA0Qru
-----END CERTIFICATE-----