Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS397630.roa
File:                     AS397630.roa (raw, json)
Hash identifier:          Q4XxR1OlVKS48Ta/yXQrBNebBnnjkfc4fNf/RQeyj7Q=
Subject key identifier:   B4:64:0E:72:C4:35:A0:B2:C9:36:F8:4F:D8:42:2C:CC:EA:EF:20:34
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3B83851A305282D47892D1F5BD7DD5D0C741B4E0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS397630.roa
Signing time:             Fri 15 Nov 2024 00:00:08 +0000
ROA not before:           Thu 14 Nov 2024 23:55:08 +0000
ROA not after:            Fri 14 Nov 2025 00:00:08 +0000
asID:                     397630
IP address blocks:        141.11.226.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:83:85:1a:30:52:82:d4:78:92:d1:f5:bd:7d:d5:d0:c7:41:b4:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 14 23:55:08 2024 GMT
            Not After : Nov 14 00:00:08 2025 GMT
        Subject: CN=B4640E72C435A0B2C936F84FD8422CCCEAEF2034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b0:0d:4d:df:d1:25:91:a1:e4:d2:44:42:5c:
                    da:85:79:36:90:9b:c9:1a:21:35:02:c7:36:df:48:
                    4f:8a:76:93:97:f6:3a:5c:a2:59:89:16:93:05:2c:
                    e4:50:2a:46:ef:1c:e6:49:ab:78:d4:c7:d6:2c:0d:
                    c1:24:cf:f5:7b:4d:f7:e4:f8:02:03:29:1a:c8:80:
                    55:5b:2a:4e:d2:e3:af:73:e0:5a:5c:e3:01:24:3a:
                    8b:1c:50:e3:4b:82:fe:cf:a7:c6:21:0a:3a:ab:83:
                    8f:6d:8f:e9:1c:01:d4:5a:79:da:c7:00:07:c0:3d:
                    5f:2f:ac:68:8f:51:3b:5b:8c:f9:11:6d:b0:b5:71:
                    0a:9c:7a:12:4c:28:6a:ea:8d:49:a1:24:b4:cb:7d:
                    3c:d8:b3:ce:7b:76:49:06:d7:0f:92:23:67:20:58:
                    ef:f5:00:e5:f2:e2:df:73:84:ca:2e:7f:c1:33:62:
                    76:38:66:c7:8b:51:27:b0:4f:2a:55:c8:4b:33:01:
                    79:d5:a6:44:8a:50:d3:8b:19:88:07:08:ea:f2:17:
                    5c:5c:7a:65:76:89:e5:4f:5e:cd:06:6b:c6:fe:4a:
                    5d:0c:6f:c4:1f:31:44:c0:22:c7:a8:2b:d5:c3:2a:
                    70:e0:6d:35:16:b4:9c:21:84:21:1c:5d:35:e7:30:
                    8d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:64:0E:72:C4:35:A0:B2:C9:36:F8:4F:D8:42:2C:CC:EA:EF:20:34
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS397630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:88:ad:cd:75:b4:22:22:d0:31:bf:ad:e9:a4:8a:f3:4c:ee:
         cc:83:17:64:38:6c:4f:c2:15:2f:09:a5:fa:32:f6:cf:d1:1c:
         d0:d4:f6:cf:b8:d5:66:f5:d7:07:bd:d3:d9:a6:12:4e:17:65:
         95:db:de:a0:66:91:b2:00:ed:23:ee:b1:97:a9:c9:60:97:5d:
         3f:e1:e8:5d:56:86:c1:10:c1:ab:69:09:04:90:7a:c0:b0:bd:
         23:ea:75:84:1c:bd:fe:e4:e5:4e:7e:0f:d8:0d:3a:a2:18:3b:
         e8:29:c2:91:cb:68:88:38:29:43:5c:5a:ce:a1:cc:5d:d8:23:
         9d:80:2c:51:7a:ec:60:bf:eb:88:c8:f6:61:91:44:93:bc:ad:
         5c:65:3d:48:26:33:14:c6:9f:2f:2e:66:8c:29:6a:35:74:8b:
         5e:56:39:0e:44:d3:b0:c9:16:11:82:b6:1f:a0:9b:c2:2a:c0:
         c9:67:21:05:55:b5:5c:68:a2:c0:b2:54:bd:01:39:b2:5c:f9:
         a1:7e:21:de:50:f6:ea:50:67:91:92:dd:fd:79:8a:66:94:ce:
         8e:8d:7c:05:19:8b:f2:f2:98:4e:96:9d:1c:fb:f7:0d:2f:11:
         20:1c:25:73:cb:70:b7:cc:c0:f9:fd:82:11:4b:20:bd:85:36:
         23:6d:28:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUO4OFGjBSgtR4ktH1vX3V0MdBtOAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMTQyMzU1MDhaFw0yNTExMTQwMDAwMDhaMDMxMTAvBgNV
BAMTKEI0NjQwRTcyQzQzNUEwQjJDOTM2Rjg0RkQ4NDIyQ0NDRUFFRjIwMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+sA1N39ElkaHk0kRCXNqFeTaQ
m8kaITUCxzbfSE+KdpOX9jpcolmJFpMFLORQKkbvHOZJq3jUx9YsDcEkz/V7Tffk
+AIDKRrIgFVbKk7S469z4Fpc4wEkOoscUONLgv7Pp8YhCjqrg49tj+kcAdRaedrH
AAfAPV8vrGiPUTtbjPkRbbC1cQqcehJMKGrqjUmhJLTLfTzYs857dkkG1w+SI2cg
WO/1AOXy4t9zhMouf8EzYnY4ZseLUSewTypVyEszAXnVpkSKUNOLGYgHCOryF1xc
emV2ieVPXs0Ga8b+Sl0Mb8QfMUTAIseoK9XDKnDgbTUWtJwhhCEcXTXnMI21AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtGQOcsQ1oLLJNvhP2EIszOrvIDQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk3NjMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQvi
MA0GCSqGSIb3DQEBCwUAA4IBAQB0iK3NdbQiItAxv63ppIrzTO7MgxdkOGxPwhUv
CaX6MvbP0RzQ1PbPuNVm9dcHvdPZphJOF2WV296gZpGyAO0j7rGXqclgl10/4ehd
VobBEMGraQkEkHrAsL0j6nWEHL3+5OVOfg/YDTqiGDvoKcKRy2iIOClDXFrOocxd
2COdgCxReuxgv+uIyPZhkUSTvK1cZT1IJjMUxp8vLmaMKWo1dIteVjkORNOwyRYR
grYfoJvCKsDJZyEFVbVcaKLAslS9ATmyXPmhfiHeUPbqUGeRkt39eYpmlM6OjXwF
GYvy8phOlp0c+/cNLxEgHCVzy3C3zMD5/YIRSyC9hTYjbShG
-----END CERTIFICATE-----