Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa
File:                     AS399641.roa (raw, json)
Hash identifier:          gTe4ENGFDGg8D5Shl2BqBBAvTEhtxeZ180io/wVH9Mo=
Subject key identifier:   AF:65:25:E6:F8:89:55:08:58:E0:78:BB:F8:13:20:61:E1:6C:DF:A7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5E9987E4EBA13AB5FFE578BDAB7B1CBEC742CD37
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa
Signing time:             Tue 29 Oct 2024 15:43:26 +0000
ROA not before:           Tue 29 Oct 2024 15:38:26 +0000
ROA not after:            Tue 28 Oct 2025 15:43:26 +0000
asID:                     399641
IP address blocks:        141.11.19.0/24 maxlen: 24
                          141.11.30.0/24 maxlen: 24
                          141.11.176.0/24 maxlen: 24
                          141.11.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Dec 2024 22:21:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:99:87:e4:eb:a1:3a:b5:ff:e5:78:bd:ab:7b:1c:be:c7:42:cd:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:26 2024 GMT
            Not After : Oct 28 15:43:26 2025 GMT
        Subject: CN=AF6525E6F889550858E078BBF8132061E16CDFA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d9:9a:4f:02:53:80:a0:a7:ca:23:94:82:bc:
                    0d:ca:90:a0:86:d3:30:42:57:db:0a:51:a1:fd:df:
                    42:da:f5:0b:34:55:57:34:0d:d7:71:10:98:86:f8:
                    4e:ee:e1:d7:db:75:e7:63:0a:81:4b:4c:f7:30:a7:
                    ae:a1:66:06:09:ae:78:61:6a:94:6a:f7:f4:ec:3d:
                    b8:b3:c3:e6:d7:f9:aa:7f:7e:d0:93:52:5a:db:03:
                    0a:87:b8:89:3b:2b:81:ce:9a:f7:87:41:3c:d3:e8:
                    37:f6:9b:1a:98:38:2b:59:52:4b:1b:f0:8e:bf:e4:
                    14:0f:c8:71:af:2f:89:a1:e6:46:8f:d1:5a:05:9e:
                    f9:e8:19:ef:39:df:06:2c:f6:30:2c:25:4f:9a:b7:
                    ce:a9:e8:cf:b1:76:ce:15:9d:b1:af:b9:8b:fb:cb:
                    b8:0f:e8:3c:70:e3:0d:1d:87:37:f9:cf:69:08:27:
                    be:54:7c:5c:fc:a2:75:91:28:c9:f4:af:4b:e2:c4:
                    40:4c:25:25:5a:e7:c1:73:cb:b0:6b:c3:46:52:59:
                    e1:86:04:92:c2:5f:17:66:67:9c:19:22:67:09:d6:
                    d1:0a:f4:03:14:2b:e2:06:9c:4b:bb:09:52:b8:48:
                    bf:a3:cb:fd:b6:ab:d0:f4:4a:c0:be:58:63:3e:ab:
                    f0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:65:25:E6:F8:89:55:08:58:E0:78:BB:F8:13:20:61:E1:6C:DF:A7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.19.0/24
                  141.11.30.0/24
                  141.11.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:0a:68:1a:c6:29:e9:98:a9:98:de:21:31:b6:c7:04:7a:3e:
         d9:3a:c8:c1:b2:fa:ba:f6:cb:f7:55:e4:76:bb:db:27:a6:78:
         55:b7:5e:ae:68:9c:a4:92:1e:f6:06:99:35:30:f0:37:e0:4d:
         aa:4a:72:c9:d5:72:bc:a4:5a:47:8f:cc:b3:03:46:93:75:47:
         f6:d1:9f:19:9c:05:c0:a9:e7:67:e1:5d:ba:7b:c8:17:4d:77:
         2e:75:a1:7b:74:60:16:0e:a7:a8:ce:1b:d3:0d:df:b8:f4:c8:
         e8:72:05:19:74:ac:94:04:d0:85:c8:59:d8:2d:9a:fe:7d:b1:
         aa:a4:a8:88:72:ba:26:19:4a:65:05:83:f4:ed:75:07:fe:83:
         b3:cd:83:78:52:8a:6f:a0:71:d9:a1:57:5c:85:b9:b6:b1:90:
         3f:d2:83:a8:4e:6a:4c:24:fc:9f:3b:b4:4f:9a:25:e3:9a:b3:
         64:8e:40:d2:f5:fd:c5:18:ea:53:e8:89:eb:23:4c:75:b9:d7:
         8b:87:c2:fe:b6:26:fe:97:7b:8d:95:3e:a0:0b:ea:52:7a:78:
         46:9b:cd:e0:54:d9:8f:c5:50:9c:57:c3:e6:42:d6:47:35:14:
         91:fc:2c:bc:b6:f2:76:50:89:d7:b5:f7:60:d9:0c:dc:fd:32:
         bd:71:62:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUXpmH5OuhOrX/5Xi9q3scvsdCzTcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjZaFw0yNTEwMjgxNTQzMjZaMDMxMTAvBgNV
BAMTKEFGNjUyNUU2Rjg4OTU1MDg1OEUwNzhCQkY4MTMyMDYxRTE2Q0RGQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV2ZpPAlOAoKfKI5SCvA3KkKCG
0zBCV9sKUaH930La9Qs0VVc0DddxEJiG+E7u4dfbdedjCoFLTPcwp66hZgYJrnhh
apRq9/TsPbizw+bX+ap/ftCTUlrbAwqHuIk7K4HOmveHQTzT6Df2mxqYOCtZUksb
8I6/5BQPyHGvL4mh5kaP0VoFnvnoGe853wYs9jAsJU+at86p6M+xds4VnbGvuYv7
y7gP6Dxw4w0dhzf5z2kIJ75UfFz8onWRKMn0r0vixEBMJSVa58Fzy7Brw0ZSWeGG
BJLCXxdmZ5wZImcJ1tEK9AMUK+IGnEu7CVK4SL+jy/22q9D0SsC+WGM+q/DPAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUr2Ul5viJVQhY4Hi7+BMgYeFs36cwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk5NjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQsT
AwQAjQseAwQBjQuwMA0GCSqGSIb3DQEBCwUAA4IBAQA5CmgaxinpmKmY3iExtscE
ej7ZOsjBsvq69sv3VeR2u9snpnhVt16uaJykkh72Bpk1MPA34E2qSnLJ1XK8pFpH
j8yzA0aTdUf20Z8ZnAXAqedn4V26e8gXTXcudaF7dGAWDqeozhvTDd+49MjocgUZ
dKyUBNCFyFnYLZr+fbGqpKiIcromGUplBYP07XUH/oOzzYN4UopvoHHZoVdchbm2
sZA/0oOoTmpMJPyfO7RPmiXjmrNkjkDS9f3FGOpT6InrI0x1udeLh8L+tib+l3uN
lT6gC+pSenhGm83gVNmPxVCcV8PmQtZHNRSR/Cy8tvJ2UInXtfdg2Qzc/TK9cWJs
-----END CERTIFICATE-----
Generated at Sat Dec 7 07:31:54 2024 by rpki-client on console-ams.rpki-client.org