Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa
File:                     AS399641.roa (raw, json)
Hash identifier:          HFWca2v0Q0ihERbZ7ZdwAnI8RBMVCn42OkGqcR4Eazs=
Subject key identifier:   17:22:59:6D:B1:12:43:C4:6B:31:07:0A:7F:94:EE:12:8D:6B:42:15
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2BCC19AAEF05EDFF49EBCCEA596A7527F65817A5
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa
Signing time:             Tue 28 Nov 2023 15:05:06 +0000
ROA not before:           Tue 28 Nov 2023 15:00:06 +0000
ROA not after:            Tue 26 Nov 2024 15:05:06 +0000
asID:                     399641
IP address blocks:        141.11.19.0/24 maxlen: 24
                          141.11.30.0/24 maxlen: 24
                          141.11.176.0/24 maxlen: 24
                          141.11.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:cc:19:aa:ef:05:ed:ff:49:eb:cc:ea:59:6a:75:27:f6:58:17:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:06 2023 GMT
            Not After : Nov 26 15:05:06 2024 GMT
        Subject: CN=1722596DB11243C46B31070A7F94EE128D6B4215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7d:31:e2:2a:2e:d9:3a:93:14:6d:3f:c3:d5:
                    6f:ed:00:34:eb:20:4e:1b:28:5e:bb:d5:4d:b1:d4:
                    9a:c2:08:53:bb:fc:14:39:b4:9e:b3:fa:a2:f0:2a:
                    2c:62:fa:0a:af:6f:3f:76:2a:c7:7a:2b:1b:e9:b9:
                    58:4c:6d:d9:cf:95:84:9f:cb:8f:d4:de:e9:77:46:
                    19:f1:06:66:04:96:4b:6a:86:34:cd:eb:8b:a4:10:
                    b2:86:e5:7a:5e:95:a5:c2:67:6a:25:20:a2:f0:2f:
                    90:bf:6a:70:74:87:19:e8:8e:d2:62:22:fb:3d:a3:
                    c3:5b:c7:71:26:72:f7:a1:08:7c:5e:10:4e:2d:6b:
                    a7:b1:a7:d3:aa:f5:41:88:71:08:62:ff:ae:f4:35:
                    78:0f:1c:43:ab:be:f8:fd:c0:74:1b:43:f8:c7:00:
                    d4:8b:83:1f:1e:02:eb:16:e6:b9:65:11:bb:e9:69:
                    2d:81:56:ff:24:ce:98:63:1c:ab:29:80:8b:70:15:
                    81:30:11:22:1a:25:2a:56:51:f6:9d:cc:b4:b1:c1:
                    3e:78:bf:0f:15:54:42:0e:42:f4:4a:24:00:ab:ac:
                    50:12:95:67:b3:19:0b:f2:3f:32:30:50:53:c1:3d:
                    17:2f:6e:99:22:9c:02:56:e9:15:fd:72:a2:e5:c9:
                    25:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:22:59:6D:B1:12:43:C4:6B:31:07:0A:7F:94:EE:12:8D:6B:42:15
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.19.0/24
                  141.11.30.0/24
                  141.11.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:cb:8b:dd:08:1f:74:44:05:c3:88:ec:ec:06:a4:12:83:95:
         de:d6:11:4e:c5:34:51:0f:62:a1:84:14:d9:92:d7:53:c2:a8:
         8e:e9:ff:00:59:5c:71:6a:90:b8:02:52:58:b0:9b:0b:87:93:
         a6:3f:b5:af:fc:15:e4:6b:0c:7a:a7:46:33:0c:1c:19:8c:27:
         da:5c:81:90:c5:ec:3b:a0:a9:ab:22:f2:12:2b:57:69:8e:31:
         55:d0:f2:f0:1c:b4:40:ae:4d:a8:9b:23:77:a5:4f:44:c3:eb:
         9a:84:4f:74:cf:ba:7b:5e:96:68:f2:ca:ca:59:17:d1:03:f4:
         4a:8a:cc:2d:47:bc:9c:1f:ac:07:fe:fe:9e:a1:1a:7c:21:01:
         9a:ed:b6:11:8e:8e:f3:02:20:8c:d1:ae:2d:67:e7:3e:5a:af:
         6b:f6:73:8b:97:1e:55:95:c9:fd:aa:2d:75:9b:e8:01:a6:98:
         77:59:e9:bd:c1:e4:a9:b6:1b:73:67:fe:40:28:6d:4e:b9:72:
         6e:3c:06:e2:da:3b:32:54:e9:eb:ea:91:58:b8:ec:f7:2e:c0:
         40:14:33:73:cc:57:cc:a4:c9:fc:53:e2:70:f3:41:6b:e9:23:
         3d:4f:bb:80:3b:d6:86:9d:74:80:71:1b:b6:6e:6b:f1:c8:07:
         6e:13:c8:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUK8wZqu8F7f9J68zqWWp1J/ZYF6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDZaFw0yNDExMjYxNTA1MDZaMDMxMTAvBgNV
BAMTKDE3MjI1OTZEQjExMjQzQzQ2QjMxMDcwQTdGOTRFRTEyOEQ2QjQyMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCufTHiKi7ZOpMUbT/D1W/tADTr
IE4bKF671U2x1JrCCFO7/BQ5tJ6z+qLwKixi+gqvbz92Ksd6KxvpuVhMbdnPlYSf
y4/U3ul3RhnxBmYElktqhjTN64ukELKG5XpelaXCZ2olIKLwL5C/anB0hxnojtJi
Ivs9o8Nbx3EmcvehCHxeEE4ta6exp9Oq9UGIcQhi/670NXgPHEOrvvj9wHQbQ/jH
ANSLgx8eAusW5rllEbvpaS2BVv8kzphjHKspgItwFYEwESIaJSpWUfadzLSxwT54
vw8VVEIOQvRKJACrrFASlWezGQvyPzIwUFPBPRcvbpkinAJW6RX9cqLlySU7AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUFyJZbbESQ8RrMQcKf5TuEo1rQhUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk5NjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQsT
AwQAjQseAwQBjQuwMA0GCSqGSIb3DQEBCwUAA4IBAQA0y4vdCB90RAXDiOzsBqQS
g5Xe1hFOxTRRD2KhhBTZktdTwqiO6f8AWVxxapC4AlJYsJsLh5OmP7Wv/BXkawx6
p0YzDBwZjCfaXIGQxew7oKmrIvISK1dpjjFV0PLwHLRArk2omyN3pU9Ew+uahE90
z7p7XpZo8srKWRfRA/RKiswtR7ycH6wH/v6eoRp8IQGa7bYRjo7zAiCM0a4tZ+c+
Wq9r9nOLlx5Vlcn9qi11m+gBpph3Wem9weSpthtzZ/5AKG1OuXJuPAbi2jsyVOnr
6pFYuOz3LsBAFDNzzFfMpMn8U+Jw80Fr6SM9T7uAO9aGnXSAcRu2bmvxyAduE8je
-----END CERTIFICATE-----