Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS394106.roa
File:                     AS394106.roa (raw, json)
Hash identifier:          wXaXW3HkkODjoZ0urGyI+c/49MYBtHZIQOGD5HQC6F4=
Subject key identifier:   3B:71:DE:B8:F7:3C:B3:36:03:C1:57:A1:18:EF:3E:38:4D:B0:24:93
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       792F2D2FC29A9945C52913CC99FCC89C24A1221E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS394106.roa
Signing time:             Tue 01 Oct 2024 13:23:31 +0000
ROA not before:           Tue 01 Oct 2024 13:18:31 +0000
ROA not after:            Tue 30 Sep 2025 13:23:31 +0000
asID:                     394106
IP address blocks:        141.11.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:2f:2d:2f:c2:9a:99:45:c5:29:13:cc:99:fc:c8:9c:24:a1:22:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct  1 13:18:31 2024 GMT
            Not After : Sep 30 13:23:31 2025 GMT
        Subject: CN=3B71DEB8F73CB33603C157A118EF3E384DB02493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:07:27:ca:78:57:28:b3:9f:6d:65:4d:88:0b:
                    e0:aa:67:55:e4:8a:ad:14:11:75:92:70:75:a1:9c:
                    70:92:3d:52:aa:02:78:27:a8:eb:13:b3:71:ac:3e:
                    8a:a6:5a:2c:e0:82:32:f2:5b:51:72:49:32:61:ea:
                    ce:a2:02:e0:96:fd:f9:ca:1e:78:bf:93:90:2a:58:
                    dc:29:cc:04:38:93:0b:e9:e7:83:86:e1:c3:b3:bc:
                    fb:89:99:7e:09:d7:2d:25:d0:3d:b8:82:22:b3:95:
                    87:fb:1a:9c:34:5e:77:13:3a:1c:aa:85:d3:be:df:
                    e5:f3:02:c8:cf:26:5b:40:6b:95:c8:29:f8:f0:5e:
                    5e:c9:48:c6:d6:12:73:53:0e:7d:8e:d6:cc:9b:d7:
                    38:03:ea:04:5c:51:ff:fa:e7:09:ff:4e:76:ad:8c:
                    83:3c:1c:2a:b3:90:b0:a9:39:bf:68:a0:42:9f:71:
                    07:a6:2f:c5:b3:92:03:87:96:a2:76:fe:b2:df:8c:
                    75:7d:79:d1:7a:06:a2:e4:ca:db:50:99:25:99:e0:
                    af:64:08:0d:66:29:01:54:e4:29:0d:21:91:40:1d:
                    93:78:ae:78:b9:34:2d:93:ed:99:cd:d2:22:95:5b:
                    47:d8:d7:74:0a:d5:b1:f7:4c:fd:07:8d:c6:15:9c:
                    8f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:71:DE:B8:F7:3C:B3:36:03:C1:57:A1:18:EF:3E:38:4D:B0:24:93
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS394106.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:28:8f:ce:09:88:5a:74:4c:bd:7d:ff:9a:3d:19:8f:63:67:
         4f:48:6c:96:74:f3:79:fa:88:c5:7c:ff:b1:ef:d9:d2:e6:1f:
         22:0d:0e:da:60:4e:d9:58:67:5f:79:57:78:15:93:3b:b2:75:
         1e:b6:37:c3:7d:0b:f4:2a:f3:c4:57:ee:9f:25:cd:13:10:fc:
         c8:ec:01:af:76:5a:05:e0:22:73:11:b3:c2:d4:6b:36:a0:b9:
         6e:d8:20:3e:23:2a:11:bf:0b:39:4d:c0:96:eb:3e:18:bb:94:
         b1:23:27:e7:b7:3d:24:89:1d:45:5a:bf:6c:d9:93:91:c7:c3:
         11:12:a8:7a:18:30:ae:b7:87:ac:a6:18:c1:f8:0f:1f:d4:a4:
         6f:64:ea:a7:4b:59:3f:a8:4e:41:09:8f:a7:bf:40:24:f1:b9:
         d4:72:a7:62:31:f7:bd:9c:87:ad:5a:dc:69:79:65:47:d7:9e:
         6b:71:85:bf:70:7b:a1:8f:8a:a3:37:9a:0b:94:a6:2e:cd:4a:
         11:7a:c8:cc:4d:f1:4a:98:33:ce:d5:ee:90:c2:ca:76:f9:72:
         aa:0d:f3:fb:ce:f9:2a:f0:54:40:79:11:6b:f3:95:8e:a8:2e:
         54:ea:2f:d9:9b:d1:4f:26:1d:a4:77:8b:a0:3f:09:7c:d7:4a:
         fa:3c:45:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeS8tL8KamUXFKRPMmfzInCShIh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMDExMzE4MzFaFw0yNTA5MzAxMzIzMzFaMDMxMTAvBgNV
BAMTKDNCNzFERUI4RjczQ0IzMzYwM0MxNTdBMTE4RUYzRTM4NERCMDI0OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjByfKeFcos59tZU2IC+CqZ1Xk
iq0UEXWScHWhnHCSPVKqAngnqOsTs3GsPoqmWizggjLyW1FySTJh6s6iAuCW/fnK
Hni/k5AqWNwpzAQ4kwvp54OG4cOzvPuJmX4J1y0l0D24giKzlYf7Gpw0XncTOhyq
hdO+3+XzAsjPJltAa5XIKfjwXl7JSMbWEnNTDn2O1syb1zgD6gRcUf/65wn/Tnat
jIM8HCqzkLCpOb9ooEKfcQemL8WzkgOHlqJ2/rLfjHV9edF6BqLkyttQmSWZ4K9k
CA1mKQFU5CkNIZFAHZN4rni5NC2T7ZnN0iKVW0fY13QK1bH3TP0HjcYVnI/DAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUO3HeuPc8szYDwVehGO8+OE2wJJMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk0MTA2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt0
MA0GCSqGSIb3DQEBCwUAA4IBAQCTKI/OCYhadEy9ff+aPRmPY2dPSGyWdPN5+ojF
fP+x79nS5h8iDQ7aYE7ZWGdfeVd4FZM7snUetjfDfQv0KvPEV+6fJc0TEPzI7AGv
dloF4CJzEbPC1Gs2oLlu2CA+IyoRvws5TcCW6z4Yu5SxIyfntz0kiR1FWr9s2ZOR
x8MREqh6GDCut4esphjB+A8f1KRvZOqnS1k/qE5BCY+nv0Ak8bnUcqdiMfe9nIet
WtxpeWVH155rcYW/cHuhj4qjN5oLlKYuzUoResjMTfFKmDPO1e6Qwsp2+XKqDfP7
zvkq8FRAeRFr85WOqC5U6i/Zm9FPJh2kd4ugPwl810r6PEUV
-----END CERTIFICATE-----