Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38424.roa
File:                     AS38424.roa (raw, json)
Hash identifier:          fHvwZC4vJ/x9BF1On6Ob2qVMy0YrXXEhEcZOpfo5yXM=
Subject key identifier:   B4:87:92:E4:B8:77:CF:29:15:6D:B8:65:26:0A:E9:60:ED:EF:94:DF
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1197E35D95B3F0F4B43CED94C0044DA1AA5CDE55
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38424.roa
Signing time:             Fri 28 Jun 2024 07:13:10 +0000
ROA not before:           Fri 28 Jun 2024 07:08:10 +0000
ROA not after:            Fri 27 Jun 2025 07:13:10 +0000
asID:                     38424
IP address blocks:        141.11.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:97:e3:5d:95:b3:f0:f4:b4:3c:ed:94:c0:04:4d:a1:aa:5c:de:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 28 07:08:10 2024 GMT
            Not After : Jun 27 07:13:10 2025 GMT
        Subject: CN=B48792E4B877CF29156DB865260AE960EDEF94DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:cf:6b:b6:91:49:14:ba:df:fb:30:2f:ca:35:
                    34:6f:fd:77:9f:39:f3:f3:42:14:51:c6:ee:41:da:
                    49:e1:b8:df:79:45:6a:68:e0:0c:28:0b:a3:29:75:
                    4d:25:d5:8d:ef:5e:15:d8:8d:b2:ed:d5:e0:c0:de:
                    b6:7a:92:27:48:d7:2e:c2:3d:70:91:77:f1:d2:94:
                    42:19:a3:3e:c8:3d:24:58:5d:cb:f7:30:9a:26:9c:
                    3d:b0:0d:47:de:0f:7b:1f:e3:94:f2:7b:ad:43:67:
                    9a:46:fe:81:bf:ec:eb:95:47:9d:0a:d4:ab:06:3a:
                    23:01:2f:f6:3d:43:4a:df:97:b7:df:7a:03:0f:c1:
                    30:79:62:1a:6d:e1:d6:3e:c2:20:ca:50:64:14:88:
                    ba:e1:7d:cd:38:e4:90:9b:e4:01:be:9b:64:59:53:
                    eb:c5:52:d3:d3:f9:15:f9:5c:e4:58:54:dc:1a:c0:
                    6c:ef:a1:01:f3:c4:05:87:c5:2a:34:7b:58:34:34:
                    ab:5d:4e:05:02:81:6e:b3:c8:01:02:9a:a5:70:8b:
                    45:0a:bb:7e:c1:c7:a7:ca:ad:67:3b:a8:b0:cb:61:
                    79:f3:11:aa:18:cb:d9:c1:34:25:e2:40:c4:9a:a6:
                    b8:ea:44:09:ad:84:c8:dc:57:b4:d2:73:92:4b:d3:
                    b4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:87:92:E4:B8:77:CF:29:15:6D:B8:65:26:0A:E9:60:ED:EF:94:DF
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38424.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:1d:6c:ab:b5:6a:24:dd:7c:97:eb:3b:31:84:b6:76:8f:68:
         b8:20:d3:a4:6f:77:09:f8:37:4f:42:7f:06:cf:55:be:b9:17:
         08:0e:3c:50:c4:6e:30:a4:8d:78:36:98:bf:65:eb:fd:93:99:
         2c:69:4d:12:9d:9f:2d:9d:f6:5c:a8:63:6b:db:ef:42:2f:e5:
         2f:0d:b8:e1:66:ac:29:68:95:b5:fb:fe:72:a6:4e:53:2c:1c:
         18:d4:6e:a3:1d:ae:4f:fc:53:d7:c9:8f:e4:13:b7:81:8a:a8:
         70:bc:d7:5a:c1:81:2f:31:6c:6e:f6:ea:89:25:f7:af:ce:0a:
         c3:56:c8:e0:ab:35:57:c5:32:c9:66:c9:bb:29:68:f8:8f:46:
         13:64:d3:3f:2d:45:3f:ee:43:90:e3:66:4b:dd:80:21:0c:5c:
         20:23:dd:50:1c:ca:74:de:3b:fa:fd:11:6e:92:61:2b:05:21:
         44:6e:7b:74:15:f1:37:2c:9b:46:d7:23:52:9f:c9:aa:bb:c3:
         18:ca:7e:71:9e:b2:2c:48:4b:2b:63:16:44:63:63:38:17:18:
         40:fc:d1:21:b5:97:01:bb:f2:41:23:ec:20:cb:9d:3c:76:4a:
         6f:47:19:49:e9:5e:9a:62:8f:75:18:03:5a:6c:ab:13:c7:db:
         39:61:72:df
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEZfjXZWz8PS0PO2UwARNoapc3lUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA2MjgwNzA4MTBaFw0yNTA2MjcwNzEzMTBaMDMxMTAvBgNV
BAMTKEI0ODc5MkU0Qjg3N0NGMjkxNTZEQjg2NTI2MEFFOTYwRURFRjk0REYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1z2u2kUkUut/7MC/KNTRv/Xef
OfPzQhRRxu5B2knhuN95RWpo4AwoC6MpdU0l1Y3vXhXYjbLt1eDA3rZ6kidI1y7C
PXCRd/HSlEIZoz7IPSRYXcv3MJomnD2wDUfeD3sf45Tye61DZ5pG/oG/7OuVR50K
1KsGOiMBL/Y9Q0rfl7ffegMPwTB5Yhpt4dY+wiDKUGQUiLrhfc045JCb5AG+m2RZ
U+vFUtPT+RX5XORYVNwawGzvoQHzxAWHxSo0e1g0NKtdTgUCgW6zyAECmqVwi0UK
u37Bx6fKrWc7qLDLYXnzEaoYy9nBNCXiQMSaprjqRAmthMjcV7TSc5JL07SNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUtIeS5Lh3zykVbbhlJgrpYO3vlN8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzg0MjQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCwkw
DQYJKoZIhvcNAQELBQADggEBAIEdbKu1aiTdfJfrOzGEtnaPaLgg06Rvdwn4N09C
fwbPVb65FwgOPFDEbjCkjXg2mL9l6/2TmSxpTRKdny2d9lyoY2vb70Iv5S8NuOFm
rClolbX7/nKmTlMsHBjUbqMdrk/8U9fJj+QTt4GKqHC811rBgS8xbG726okl96/O
CsNWyOCrNVfFMslmybspaPiPRhNk0z8tRT/uQ5DjZkvdgCEMXCAj3VAcynTeO/r9
EW6SYSsFIURue3QV8Tcsm0bXI1Kfyaq7wxjKfnGesixISytjFkRjYzgXGED80SG1
lwG78kEj7CDLnTx2Sm9HGUnpXppij3UYA1psqxPH2zlhct8=
-----END CERTIFICATE-----