Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400039.roa
File:                     AS400039.roa (raw, json)
Hash identifier:          x7q815A/IX3CIHDEZvG42TNddPDK6vCIA4BOAwbqoY4=
Subject key identifier:   E0:8C:64:A0:3A:A9:89:C2:08:A9:01:BF:FB:77:93:98:F2:D6:58:B3
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7FF845D0D177A80209811C31993A31438B1C327E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400039.roa
Signing time:             Thu 07 Dec 2023 05:05:08 +0000
ROA not before:           Thu 07 Dec 2023 05:00:08 +0000
ROA not after:            Thu 05 Dec 2024 05:05:08 +0000
asID:                     400039
IP address blocks:        141.11.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:f8:45:d0:d1:77:a8:02:09:81:1c:31:99:3a:31:43:8b:1c:32:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec  7 05:00:08 2023 GMT
            Not After : Dec  5 05:05:08 2024 GMT
        Subject: CN=E08C64A03AA989C208A901BFFB779398F2D658B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:67:eb:ab:7a:aa:34:9c:90:00:fc:9f:96:60:
                    74:f1:35:91:da:1a:2b:50:0e:bb:63:6d:b1:ab:05:
                    55:b4:d0:16:50:12:63:09:86:e4:cd:4f:42:60:5f:
                    89:38:94:7c:8b:db:a4:0a:79:5e:90:64:9b:f5:81:
                    fd:3a:e7:29:6b:70:18:1f:ef:6e:65:72:70:61:9a:
                    46:50:3d:23:ed:02:de:9f:6f:00:30:b0:d2:c0:8a:
                    53:fa:24:c3:c0:d3:50:1d:cf:b2:64:7f:e8:bf:47:
                    98:2d:10:38:6e:96:4e:e0:6f:bd:66:04:34:c3:45:
                    b8:65:d2:2e:bd:e3:8b:89:4a:0f:d7:e1:87:ad:73:
                    07:92:c6:22:c6:09:fb:7c:37:dd:dc:96:06:6e:0a:
                    38:2e:ac:77:2d:ca:93:fc:d8:37:7d:e2:d8:f3:28:
                    9a:78:31:ae:b2:f8:eb:fc:04:34:6b:51:bb:aa:4e:
                    7b:50:6f:ce:17:e5:4a:e2:49:db:2d:68:a2:f2:d4:
                    0f:91:d0:a3:88:fb:2b:5a:2c:77:6f:20:86:f4:8d:
                    35:70:48:6c:66:78:b1:5f:ba:ee:cf:6d:e3:0c:4b:
                    2c:66:4d:b3:6b:4d:f7:02:5c:ab:6d:b1:c5:9e:39:
                    e8:1c:3c:95:bc:4e:1e:d2:4e:69:4c:5d:15:5c:18:
                    cd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:8C:64:A0:3A:A9:89:C2:08:A9:01:BF:FB:77:93:98:F2:D6:58:B3
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:39:cc:df:b3:9c:af:8d:c2:59:12:7f:98:6a:41:be:93:ea:
         b1:8b:02:95:c0:a4:ee:48:70:f8:db:c2:fb:0f:32:39:f9:f0:
         9f:a3:9d:b6:46:a9:a3:0b:a0:a4:72:12:c4:80:83:ed:7f:18:
         32:93:35:51:55:31:09:5d:47:1c:95:49:a5:e8:68:f4:68:fa:
         f2:1c:b5:11:f4:79:8a:8e:3e:30:54:52:6e:2a:10:25:d4:59:
         84:df:b6:99:b4:25:bc:ed:96:60:65:6f:fc:a7:61:bd:5d:6e:
         87:d9:aa:6b:8c:84:09:c0:4a:fc:67:ac:75:4e:b8:8c:1d:9d:
         33:e6:ae:7e:4a:5c:e0:4f:99:1e:88:44:c6:68:05:95:ce:b3:
         68:e4:20:2e:77:78:ba:cd:3d:35:4b:63:3a:80:14:04:c8:e4:
         64:46:4f:d9:89:c7:a6:69:65:76:e4:3c:24:aa:85:55:b1:5f:
         5f:d1:e2:64:bd:d0:fb:52:7c:8c:ba:06:96:c3:e2:08:d7:23:
         69:07:8b:41:db:f5:56:bb:d0:ad:24:92:ae:77:bf:c4:a5:92:
         b8:22:fd:09:c1:f1:1c:16:95:6a:ff:bb:30:e6:7f:27:55:3e:
         a2:00:9e:73:8a:5b:da:85:3d:ae:cc:0f:60:07:09:5b:53:5d:
         07:b8:85:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUf/hF0NF3qAIJgRwxmToxQ4scMn4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEyMDcwNTAwMDhaFw0yNDEyMDUwNTA1MDhaMDMxMTAvBgNV
BAMTKEUwOEM2NEEwM0FBOTg5QzIwOEE5MDFCRkZCNzc5Mzk4RjJENjU4QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIZ+ureqo0nJAA/J+WYHTxNZHa
GitQDrtjbbGrBVW00BZQEmMJhuTNT0JgX4k4lHyL26QKeV6QZJv1gf065ylrcBgf
725lcnBhmkZQPSPtAt6fbwAwsNLAilP6JMPA01Adz7Jkf+i/R5gtEDhulk7gb71m
BDTDRbhl0i6944uJSg/X4YetcweSxiLGCft8N93clgZuCjgurHctypP82Dd94tjz
KJp4Ma6y+Ov8BDRrUbuqTntQb84X5UriSdstaKLy1A+R0KOI+ytaLHdvIIb0jTVw
SGxmeLFfuu7PbeMMSyxmTbNrTfcCXKttscWeOegcPJW8Th7STmlMXRVcGM2pAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4IxkoDqpicIIqQG/+3eTmPLWWLMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwMDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsE
MA0GCSqGSIb3DQEBCwUAA4IBAQCYOczfs5yvjcJZEn+YakG+k+qxiwKVwKTuSHD4
28L7DzI5+fCfo522RqmjC6CkchLEgIPtfxgykzVRVTEJXUcclUml6Gj0aPryHLUR
9HmKjj4wVFJuKhAl1FmE37aZtCW87ZZgZW/8p2G9XW6H2aprjIQJwEr8Z6x1TriM
HZ0z5q5+SlzgT5keiETGaAWVzrNo5CAud3i6zT01S2M6gBQEyORkRk/ZicemaWV2
5DwkqoVVsV9f0eJkvdD7UnyMugaWw+II1yNpB4tB2/VWu9CtJJKud7/EpZK4Iv0J
wfEcFpVq/7sw5n8nVT6iAJ5zilvahT2uzA9gBwlbU10HuIXI
-----END CERTIFICATE-----