Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa
File:                     AS396026.roa (raw, json)
Hash identifier:          aaxHX9PY3qZlFVWkfwykGbZD2LSjsOnHKIseylOR+wE=
Subject key identifier:   92:BA:67:BA:83:82:A8:37:C3:63:93:BB:6D:71:E8:F3:79:B4:7C:55
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4A84E6ABF51602987287FD68CDBCCBDA8B878412
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa
Signing time:             Mon 09 Sep 2024 20:05:20 +0000
ROA not before:           Mon 09 Sep 2024 20:00:20 +0000
ROA not after:            Mon 08 Sep 2025 20:05:20 +0000
asID:                     396026
IP address blocks:        141.11.150.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:84:e6:ab:f5:16:02:98:72:87:fd:68:cd:bc:cb:da:8b:87:84:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep  9 20:00:20 2024 GMT
            Not After : Sep  8 20:05:20 2025 GMT
        Subject: CN=92BA67BA8382A837C36393BB6D71E8F379B47C55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f2:b5:e6:a9:be:a2:78:6e:f6:08:02:77:27:
                    06:17:24:c5:ce:e7:5a:06:9d:d9:7c:69:1c:72:42:
                    4c:46:6b:81:c0:d1:cf:32:4f:6d:0a:cc:97:4e:a0:
                    4d:ff:1e:eb:60:60:e1:07:04:60:14:52:c1:bf:bf:
                    19:77:45:07:36:e9:76:56:c0:1f:9c:71:20:8b:7c:
                    93:66:ea:5f:85:82:52:f2:ce:a7:7b:85:97:2e:df:
                    96:61:06:0d:ad:8f:da:11:32:7e:a5:8c:ea:95:89:
                    c0:d1:0a:5d:68:49:f2:0e:70:7b:f9:eb:5c:90:8d:
                    5c:a5:d8:2e:91:19:e0:92:87:1e:12:5e:d7:a7:84:
                    6a:a6:21:91:12:ad:42:f5:c9:e2:75:68:f5:27:64:
                    25:72:e0:12:c6:71:d3:72:1c:fe:d7:5a:a4:34:f6:
                    a6:0f:ba:ac:46:f7:4d:26:72:85:23:bf:79:13:04:
                    b7:30:6c:af:d1:d0:86:69:9e:78:d6:23:aa:bc:35:
                    61:5b:df:0f:4e:98:65:49:5e:5e:8a:3b:45:85:c4:
                    24:1a:b9:e3:9b:ab:19:31:12:bf:12:4b:ef:15:0b:
                    24:d9:f4:9c:41:d8:f7:49:38:5f:c1:91:48:5f:d0:
                    9b:97:c2:d7:ce:f2:ec:59:0b:17:ad:c1:71:b5:f8:
                    55:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:BA:67:BA:83:82:A8:37:C3:63:93:BB:6D:71:E8:F3:79:B4:7C:55
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:cf:6b:6a:da:f2:d8:7d:ba:0f:f8:81:89:90:f0:cc:bb:24:
         fb:09:bd:f8:53:17:f5:53:5d:63:bf:9d:43:30:23:b1:59:f7:
         97:2a:14:68:81:5c:c0:37:48:d9:80:9c:cf:63:3d:5b:c9:c2:
         90:44:35:a0:b9:33:9f:5f:6f:00:54:f4:12:67:d1:c8:8d:e1:
         f4:e7:21:2a:13:6e:5d:5c:4c:7c:ca:d8:31:cd:a2:bc:cd:85:
         6a:a7:28:d7:ca:fa:39:24:41:89:bb:65:81:30:ec:5d:d6:da:
         fc:e3:e7:f9:e7:ef:f8:a0:35:b9:9b:9c:f8:02:61:9e:57:fb:
         9d:1a:45:e4:ae:91:40:6f:90:18:4d:04:cc:d8:c9:ba:f0:c4:
         38:27:f1:4c:77:fc:bd:9a:7e:b7:3d:88:f0:cc:d3:71:06:b3:
         05:36:2b:8d:e9:e1:0f:dd:69:95:69:5c:b8:6b:9d:89:c9:05:
         c2:3f:b2:b5:dd:22:94:53:3a:1c:5c:9a:ab:94:47:b7:e9:eb:
         0c:fe:05:ed:8e:97:35:8e:73:2d:b4:09:53:42:27:22:09:c7:
         ad:71:20:ae:7e:d8:e1:93:0a:ad:7b:a9:98:33:57:e5:d4:67:
         bc:20:2d:ec:9c:a4:cb:56:65:68:c0:c6:e7:4b:53:3b:d2:62:
         40:58:eb:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSoTmq/UWAphyh/1ozbzL2ouHhBIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA5MDkyMDAwMjBaFw0yNTA5MDgyMDA1MjBaMDMxMTAvBgNV
BAMTKDkyQkE2N0JBODM4MkE4MzdDMzYzOTNCQjZENzFFOEYzNzlCNDdDNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC58rXmqb6ieG72CAJ3JwYXJMXO
51oGndl8aRxyQkxGa4HA0c8yT20KzJdOoE3/HutgYOEHBGAUUsG/vxl3RQc26XZW
wB+ccSCLfJNm6l+FglLyzqd7hZcu35ZhBg2tj9oRMn6ljOqVicDRCl1oSfIOcHv5
61yQjVyl2C6RGeCShx4SXtenhGqmIZESrUL1yeJ1aPUnZCVy4BLGcdNyHP7XWqQ0
9qYPuqxG900mcoUjv3kTBLcwbK/R0IZpnnjWI6q8NWFb3w9OmGVJXl6KO0WFxCQa
ueObqxkxEr8SS+8VCyTZ9JxB2PdJOF/BkUhf0JuXwtfO8uxZCxetwXG1+FXdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkrpnuoOCqDfDY5O7bXHo83m0fFUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk2MDI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQuW
MA0GCSqGSIb3DQEBCwUAA4IBAQBpz2tq2vLYfboP+IGJkPDMuyT7Cb34Uxf1U11j
v51DMCOxWfeXKhRogVzAN0jZgJzPYz1bycKQRDWguTOfX28AVPQSZ9HIjeH05yEq
E25dXEx8ytgxzaK8zYVqpyjXyvo5JEGJu2WBMOxd1tr84+f55+/4oDW5m5z4AmGe
V/udGkXkrpFAb5AYTQTM2Mm68MQ4J/FMd/y9mn63PYjwzNNxBrMFNiuN6eEP3WmV
aVy4a52JyQXCP7K13SKUUzocXJqrlEe36esM/gXtjpc1jnMttAlTQiciCcetcSCu
ftjhkwqte6mYM1fl1Ge8IC3snKTLVmVowMbnS1M70mJAWOvW
-----END CERTIFICATE-----