Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399486.roa
File:                     AS399486.roa (raw, json)
Hash identifier:          z7HfTbZGo8tDmLTLEMr0Vn++bbqBGKWICdXZtrAUWLk=
Subject key identifier:   42:4D:20:58:BB:2D:53:5F:8D:C0:E9:BB:86:88:0D:3D:7F:7A:FA:13
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1FC38E03F384B871BAE25190A7E2C311AF8BF82B
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399486.roa
Signing time:             Sat 09 Mar 2024 14:19:49 +0000
ROA not before:           Sat 09 Mar 2024 14:14:49 +0000
ROA not after:            Sat 08 Mar 2025 14:19:49 +0000
asID:                     399486
IP address blocks:        141.11.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:c3:8e:03:f3:84:b8:71:ba:e2:51:90:a7:e2:c3:11:af:8b:f8:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  9 14:14:49 2024 GMT
            Not After : Mar  8 14:19:49 2025 GMT
        Subject: CN=424D2058BB2D535F8DC0E9BB86880D3D7F7AFA13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d3:1d:2f:e7:b6:67:9c:cf:65:49:e0:e9:1c:
                    7e:90:8c:c5:b8:10:40:42:5e:fb:a3:5a:60:9d:0e:
                    e2:50:2a:64:6b:be:97:7c:94:89:d0:c9:ae:a6:0e:
                    49:82:18:5a:a1:92:a1:b0:77:3d:10:eb:43:25:16:
                    60:5a:28:9b:7b:43:fe:7a:08:94:97:2a:2a:62:2f:
                    9f:99:57:b6:8d:56:0d:4e:99:55:f7:17:b3:ca:17:
                    96:76:a8:60:c0:e6:70:57:d0:f5:c1:64:2c:df:77:
                    46:95:8f:db:ae:aa:44:5b:af:51:86:1a:ff:44:7d:
                    b6:9b:58:db:ea:75:ce:b9:da:59:65:65:6d:b2:2f:
                    e9:40:07:94:ca:e5:55:23:e0:54:b4:d0:91:65:4b:
                    79:8f:fd:69:46:15:1f:66:23:6e:a5:75:2a:01:57:
                    35:5c:61:43:d8:16:a0:e4:1d:d4:d4:3a:a6:d4:98:
                    56:46:e7:b3:12:ee:fd:32:0d:75:65:14:ee:e2:e0:
                    f2:f6:d5:9d:52:74:c1:e6:35:c6:00:48:c3:1f:e7:
                    47:f9:8a:f4:f1:0a:72:8c:6e:08:c9:97:b0:6d:b1:
                    33:bd:e3:b9:76:70:84:83:2d:32:ee:0a:b2:4b:6b:
                    d8:e0:24:1f:44:6a:6f:db:c9:0a:99:37:c6:06:40:
                    f8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:4D:20:58:BB:2D:53:5F:8D:C0:E9:BB:86:88:0D:3D:7F:7A:FA:13
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:91:61:fc:f4:d2:22:88:c6:8c:61:f1:0c:2b:bc:59:97:1b:
         b3:ce:08:4d:22:24:c8:33:1d:b9:84:1c:a7:17:80:18:26:b2:
         ec:92:38:3c:8d:c9:2f:71:23:51:d1:c9:32:cd:bd:90:84:d8:
         5f:b5:f8:a1:45:a1:e9:76:b0:6e:ba:f3:76:0b:b0:8d:85:9c:
         d4:2e:f3:dd:0e:c1:6a:5b:20:da:27:57:dc:d6:ab:a1:ec:a3:
         54:be:20:b6:76:c3:c3:75:8d:95:e0:f7:1e:f1:5e:0a:f3:30:
         9e:8a:a7:24:38:a9:c9:fe:ea:1c:94:7b:99:4e:f4:d5:2a:df:
         4d:3b:7f:06:fd:5c:82:b0:7a:08:d4:55:1f:4d:fe:93:11:a1:
         b7:d7:44:70:58:02:00:65:9d:b1:5c:10:0f:e0:39:a6:3c:72:
         96:53:9e:b2:b6:31:9c:6c:95:55:5b:75:42:bb:2d:59:c2:e5:
         d7:0e:33:74:bb:b1:02:de:23:69:dc:ad:2a:3c:56:ce:ed:65:
         88:f4:bf:53:8f:44:02:13:6b:42:3f:5d:5d:92:ce:5e:1e:3d:
         d5:65:42:09:1e:e2:f3:37:3a:07:58:18:5a:4d:61:e6:63:6a:
         0e:6a:ce:f8:c8:7c:4b:e5:0a:75:e8:f1:87:ef:33:b3:b6:ba:
         54:0a:f1:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUH8OOA/OEuHG64lGQp+LDEa+L+CswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDAzMDkxNDE0NDlaFw0yNTAzMDgxNDE5NDlaMDMxMTAvBgNV
BAMTKDQyNEQyMDU4QkIyRDUzNUY4REMwRTlCQjg2ODgwRDNEN0Y3QUZBMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB0x0v57ZnnM9lSeDpHH6QjMW4
EEBCXvujWmCdDuJQKmRrvpd8lInQya6mDkmCGFqhkqGwdz0Q60MlFmBaKJt7Q/56
CJSXKipiL5+ZV7aNVg1OmVX3F7PKF5Z2qGDA5nBX0PXBZCzfd0aVj9uuqkRbr1GG
Gv9EfbabWNvqdc652lllZW2yL+lAB5TK5VUj4FS00JFlS3mP/WlGFR9mI26ldSoB
VzVcYUPYFqDkHdTUOqbUmFZG57MS7v0yDXVlFO7i4PL21Z1SdMHmNcYASMMf50f5
ivTxCnKMbgjJl7BtsTO947l2cISDLTLuCrJLa9jgJB9Eam/byQqZN8YGQPi1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQk0gWLstU1+NwOm7hogNPX96+hMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk5NDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt1
MA0GCSqGSIb3DQEBCwUAA4IBAQBmkWH89NIiiMaMYfEMK7xZlxuzzghNIiTIMx25
hBynF4AYJrLskjg8jckvcSNR0ckyzb2QhNhftfihRaHpdrBuuvN2C7CNhZzULvPd
DsFqWyDaJ1fc1quh7KNUviC2dsPDdY2V4Pce8V4K8zCeiqckOKnJ/uoclHuZTvTV
Kt9NO38G/VyCsHoI1FUfTf6TEaG310RwWAIAZZ2xXBAP4DmmPHKWU56ytjGcbJVV
W3VCuy1ZwuXXDjN0u7EC3iNp3K0qPFbO7WWI9L9Tj0QCE2tCP11dks5eHj3VZUIJ
HuLzNzoHWBhaTWHmY2oOas74yHxL5Qp16PGH7zOztrpUCvHj
-----END CERTIFICATE-----