Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa
File:                     AS38136.roa (raw, json)
Hash identifier:          GidJl58xaRmlXLXasLUtykXR87pzoucP/FFWQ741+SA=
Subject key identifier:   42:C0:DE:98:78:AB:DC:5C:D5:D6:45:1E:AE:9C:1A:CE:DB:46:69:15
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       66EFF893D36385AD90C7A2D766843D2C1F51E753
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa
Signing time:             Tue 06 Aug 2024 01:33:16 +0000
ROA not before:           Tue 06 Aug 2024 01:28:16 +0000
ROA not after:            Tue 05 Aug 2025 01:33:16 +0000
asID:                     38136
IP address blocks:        141.11.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ef:f8:93:d3:63:85:ad:90:c7:a2:d7:66:84:3d:2c:1f:51:e7:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug  6 01:28:16 2024 GMT
            Not After : Aug  5 01:33:16 2025 GMT
        Subject: CN=42C0DE9878ABDC5CD5D6451EAE9C1ACEDB466915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:61:d3:cc:cd:e7:79:e2:18:a6:d5:00:a8:b0:
                    03:17:09:61:ca:9d:d5:42:8a:c1:4c:b5:17:2f:3c:
                    4f:d2:9c:15:cb:c2:dd:a0:1b:a0:62:1d:44:02:92:
                    9e:78:28:84:88:3e:eb:5d:13:19:21:1d:41:c0:04:
                    de:bb:5d:d5:10:6d:8c:63:d2:39:26:e4:77:b8:e2:
                    17:ae:d0:0b:8b:08:7a:f0:11:25:45:fa:3d:27:1c:
                    5d:2f:30:03:03:52:4e:8b:6e:4e:60:48:ab:64:24:
                    72:c2:96:2e:af:7e:9e:44:d9:5e:26:fe:a0:7c:0d:
                    17:40:9b:38:66:cd:86:49:8e:73:d1:08:4f:97:8d:
                    42:2f:9a:a0:fa:cb:24:bc:c4:51:d8:2e:04:60:d3:
                    b5:17:ac:e4:a9:77:f6:df:7c:0e:fa:3c:e7:12:fd:
                    f2:65:ee:64:30:ac:8a:ac:c6:5d:1d:77:64:00:33:
                    59:fa:f3:ef:5b:83:01:57:f8:27:ab:61:86:37:cd:
                    11:3f:d0:34:d7:9f:39:45:2d:22:5b:08:42:e3:d9:
                    39:1a:2d:12:32:11:5f:07:ff:99:32:46:29:61:db:
                    6d:4f:a8:99:5b:40:f2:64:d0:7f:f1:79:f3:19:2e:
                    6d:e2:77:00:b7:c8:70:a2:29:94:57:f9:ab:24:b3:
                    c5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:C0:DE:98:78:AB:DC:5C:D5:D6:45:1E:AE:9C:1A:CE:DB:46:69:15
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:77:45:92:fe:93:88:c4:8f:0f:d7:b2:7e:1a:90:f9:b9:7a:
         c9:fc:b5:bc:75:fd:14:44:8f:9e:3c:bc:3b:96:e6:6f:f6:fc:
         5e:78:9c:67:37:34:09:da:40:61:4f:23:ef:06:63:a7:d9:b5:
         cf:c3:b5:d9:5c:56:e3:ae:be:10:5d:1d:ea:a0:81:cc:0f:62:
         8f:7e:98:22:89:04:2b:4b:37:04:29:64:3b:09:27:e9:e4:95:
         06:d8:e6:e6:68:79:8a:9b:64:ab:91:6b:b2:e1:e6:b6:2c:92:
         92:f2:7e:9b:71:47:6a:1d:0d:87:22:86:cd:a3:01:c0:ec:c7:
         dd:8f:f4:be:bf:66:64:e4:c4:30:35:09:78:13:5d:b3:b6:83:
         c9:ad:6c:2e:52:ea:10:41:b0:3f:9b:de:8a:4d:c5:c3:5e:2e:
         37:e4:93:dc:c1:4d:21:49:38:8c:38:cd:07:3f:5e:05:ec:e8:
         24:8a:1a:78:bc:39:ff:38:e6:e6:90:57:be:3c:d6:72:80:cc:
         b1:5d:18:ac:c4:82:39:16:97:1e:5f:dc:f7:ac:88:ac:d0:98:
         53:78:71:44:49:c9:f9:39:c9:c4:35:4d:b4:79:53:42:a4:d8:
         6e:57:62:f7:98:84:2f:c4:37:c9:55:87:1c:32:f0:6e:57:1c:
         49:48:bd:0e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZu/4k9Njha2Qx6LXZoQ9LB9R51MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA4MDYwMTI4MTZaFw0yNTA4MDUwMTMzMTZaMDMxMTAvBgNV
BAMTKDQyQzBERTk4NzhBQkRDNUNENUQ2NDUxRUFFOUMxQUNFREI0NjY5MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChYdPMzed54him1QCosAMXCWHK
ndVCisFMtRcvPE/SnBXLwt2gG6BiHUQCkp54KISIPutdExkhHUHABN67XdUQbYxj
0jkm5He44heu0AuLCHrwESVF+j0nHF0vMAMDUk6Lbk5gSKtkJHLCli6vfp5E2V4m
/qB8DRdAmzhmzYZJjnPRCE+XjUIvmqD6yyS8xFHYLgRg07UXrOSpd/bffA76POcS
/fJl7mQwrIqsxl0dd2QAM1n68+9bgwFX+CerYYY3zRE/0DTXnzlFLSJbCELj2Tka
LRIyEV8H/5kyRilh221PqJlbQPJk0H/xefMZLm3idwC3yHCiKZRX+asks8UTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUQsDemHir3FzV1kUerpwazttGaRUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzgxMzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCyow
DQYJKoZIhvcNAQELBQADggEBAKZ3RZL+k4jEjw/Xsn4akPm5esn8tbx1/RREj548
vDuW5m/2/F54nGc3NAnaQGFPI+8GY6fZtc/DtdlcVuOuvhBdHeqggcwPYo9+mCKJ
BCtLNwQpZDsJJ+nklQbY5uZoeYqbZKuRa7Lh5rYskpLyfptxR2odDYcihs2jAcDs
x92P9L6/ZmTkxDA1CXgTXbO2g8mtbC5S6hBBsD+b3opNxcNeLjfkk9zBTSFJOIw4
zQc/XgXs6CSKGni8Of845uaQV7481nKAzLFdGKzEgjkWlx5f3PesiKzQmFN4cURJ
yfk5ycQ1TbR5U0Kk2G5XYveYhC/EN8lVhxwy8G5XHElIvQ4=
-----END CERTIFICATE-----