Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa
File:                     AS396026.roa (raw, json)
Hash identifier:          6Ze/5OSEVull1+nMaCUJ3kdZCDELKHgLJz39sW3b1kU=
Subject key identifier:   60:4B:61:D5:0A:8E:F9:96:BA:3B:86:82:A6:89:B0:F4:95:02:F6:D7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3CF1B03113BFF75129FD11BE35F608FAAE5B848F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa
Signing time:             Mon 09 Oct 2023 19:58:12 +0000
ROA not before:           Mon 09 Oct 2023 19:53:12 +0000
ROA not after:            Mon 07 Oct 2024 19:58:12 +0000
asID:                     396026
IP address blocks:        141.11.150.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f1:b0:31:13:bf:f7:51:29:fd:11:be:35:f6:08:fa:ae:5b:84:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct  9 19:53:12 2023 GMT
            Not After : Oct  7 19:58:12 2024 GMT
        Subject: CN=604B61D50A8EF996BA3B8682A689B0F49502F6D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:93:af:3c:4a:cd:7d:9e:2f:3d:3b:99:13:e0:
                    98:34:29:d0:22:19:80:f8:77:18:16:36:c0:0d:76:
                    4b:56:32:4d:16:8f:9e:c5:58:d2:b6:50:f4:78:28:
                    f3:07:98:f2:40:04:8e:dd:5c:83:8e:57:d3:e6:90:
                    c7:e0:ba:e9:57:ac:1a:31:d3:49:46:e1:0a:23:7c:
                    ea:bf:bb:95:e5:b2:94:d2:0f:85:ba:cc:40:b8:50:
                    3c:2f:68:33:0d:db:49:b6:88:df:0b:b2:ca:a0:d7:
                    b4:fc:34:60:3f:e8:0e:a6:59:1b:e0:d2:99:5e:85:
                    0c:6a:fd:d8:ef:4f:6c:b6:9b:1e:ad:3c:31:49:66:
                    73:ca:12:63:a1:ad:c2:74:a7:45:4b:fb:73:10:b0:
                    b7:f9:7f:97:56:7a:97:d8:a5:15:db:fd:ac:b1:27:
                    80:97:94:c3:8f:26:54:86:d4:1f:c7:ee:6e:be:2b:
                    a1:c4:ed:8b:19:68:42:36:e2:70:e4:56:30:51:56:
                    a9:a1:19:4c:85:da:67:75:0d:88:e7:3f:b3:7d:60:
                    ae:ed:0b:89:bd:b5:5a:19:ac:e3:a7:37:7b:f2:12:
                    10:ef:51:ec:c4:30:8c:9b:e8:f4:d5:59:17:8b:51:
                    9c:16:68:c4:29:29:51:b4:44:5b:81:2b:b4:23:dc:
                    1d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:4B:61:D5:0A:8E:F9:96:BA:3B:86:82:A6:89:B0:F4:95:02:F6:D7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:14:11:8a:de:5d:6a:ae:69:ff:3b:37:8f:d9:03:aa:91:ce:
         1e:6c:41:1b:7f:5e:26:d9:64:20:9a:7c:43:25:53:33:92:c4:
         19:ea:0a:a3:aa:10:f4:15:9d:4f:d1:ba:78:57:16:1f:82:76:
         64:57:7a:79:6c:e7:ce:6d:37:af:3c:21:f9:17:44:3e:03:aa:
         bd:02:25:00:03:ab:87:1f:2e:49:06:94:65:c2:2d:24:b0:b1:
         c4:d1:ab:ad:65:e1:1d:51:85:ca:c0:f7:b2:59:f3:75:12:7c:
         1f:01:c6:61:f0:08:3b:11:a6:38:83:53:ce:90:7a:4e:80:c1:
         13:fc:81:ca:e4:81:84:0b:09:43:a9:e2:3d:65:22:6c:86:02:
         5c:12:e3:ca:a4:d4:f6:48:1d:04:c3:6d:49:36:b4:c0:4d:76:
         66:f0:1d:26:92:40:65:59:e2:d2:7c:87:0b:67:a1:72:2e:7d:
         45:bd:b1:22:68:c6:b3:bb:bf:91:30:e4:4b:21:d8:2b:11:15:
         9b:e6:8b:2f:69:db:74:01:a5:04:db:ac:7d:75:6c:a2:b4:08:
         5c:c1:4f:1d:b6:3a:c8:84:e9:9a:76:48:06:54:df:ea:6b:ee:
         c6:a6:24:43:b5:c8:3a:73:95:5f:e2:c5:c2:09:36:87:d1:d2:
         78:2f:8c:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPPGwMRO/91Ep/RG+NfYI+q5bhI8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEwMDkxOTUzMTJaFw0yNDEwMDcxOTU4MTJaMDMxMTAvBgNV
BAMTKDYwNEI2MUQ1MEE4RUY5OTZCQTNCODY4MkE2ODlCMEY0OTUwMkY2RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhk688Ss19ni89O5kT4Jg0KdAi
GYD4dxgWNsANdktWMk0Wj57FWNK2UPR4KPMHmPJABI7dXIOOV9PmkMfguulXrBox
00lG4QojfOq/u5XlspTSD4W6zEC4UDwvaDMN20m2iN8Lssqg17T8NGA/6A6mWRvg
0plehQxq/djvT2y2mx6tPDFJZnPKEmOhrcJ0p0VL+3MQsLf5f5dWepfYpRXb/ayx
J4CXlMOPJlSG1B/H7m6+K6HE7YsZaEI24nDkVjBRVqmhGUyF2md1DYjnP7N9YK7t
C4m9tVoZrOOnN3vyEhDvUezEMIyb6PTVWReLUZwWaMQpKVG0RFuBK7Qj3B3dAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYEth1QqO+Za6O4aCpomw9JUC9tcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk2MDI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQuW
MA0GCSqGSIb3DQEBCwUAA4IBAQCeFBGK3l1qrmn/OzeP2QOqkc4ebEEbf14m2WQg
mnxDJVMzksQZ6gqjqhD0FZ1P0bp4VxYfgnZkV3p5bOfObTevPCH5F0Q+A6q9AiUA
A6uHHy5JBpRlwi0ksLHE0autZeEdUYXKwPeyWfN1EnwfAcZh8Ag7EaY4g1POkHpO
gMET/IHK5IGECwlDqeI9ZSJshgJcEuPKpNT2SB0Ew21JNrTATXZm8B0mkkBlWeLS
fIcLZ6FyLn1FvbEiaMazu7+RMORLIdgrERWb5osvadt0AaUE26x9dWyitAhcwU8d
tjrIhOmadkgGVN/qa+7GpiRDtcg6c5Vf4sXCCTaH0dJ4L4yr
-----END CERTIFICATE-----