Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS42831.roa
File:                     AS42831.roa (raw, json)
Hash identifier:          +FILab0kB6fELLGK79tXs0HgPxBZP+D7VDx24Lp57mI=
Subject key identifier:   D1:4F:88:62:F4:EC:58:54:0D:11:EC:7D:10:95:5B:15:87:19:38:5D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       27CB1747D1BB43CEE61A1C248CF3D6F7303410FB
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS42831.roa
Signing time:             Tue 05 Nov 2024 16:37:45 +0000
ROA not before:           Tue 05 Nov 2024 16:32:45 +0000
ROA not after:            Tue 04 Nov 2025 16:37:45 +0000
asID:                     42831
IP address blocks:        141.11.61.0/24 maxlen: 24
                          141.11.214.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:cb:17:47:d1:bb:43:ce:e6:1a:1c:24:8c:f3:d6:f7:30:34:10:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov  5 16:32:45 2024 GMT
            Not After : Nov  4 16:37:45 2025 GMT
        Subject: CN=D14F8862F4EC58540D11EC7D10955B158719385D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b5:bf:af:87:20:29:f4:7f:dd:b7:4b:c5:0e:
                    3e:bc:ab:04:46:42:1d:c8:d0:68:e6:3a:52:98:79:
                    ee:07:cd:73:3e:d8:aa:df:67:e5:2a:a7:73:2c:0e:
                    96:db:bd:07:9b:dc:bc:31:cf:df:13:b6:78:f9:69:
                    84:78:81:e2:ad:2c:1f:56:94:b1:01:d1:22:a7:dc:
                    f1:bc:21:ba:50:3f:e7:c9:4b:63:7d:e6:84:4e:ed:
                    51:f7:49:98:6b:10:ec:56:ce:c9:68:86:cf:04:93:
                    72:70:e5:db:35:25:ab:c8:b0:8f:6c:09:39:49:da:
                    07:c3:f7:8a:03:75:30:be:10:94:b2:05:6f:c5:03:
                    e8:da:62:c5:f4:ac:2c:fc:c7:31:d3:d7:48:cc:2a:
                    fc:89:bb:2b:15:87:68:04:e4:e2:02:50:9c:a9:50:
                    77:37:5a:bd:01:b9:67:24:5f:9d:fd:f7:9e:c5:84:
                    e9:ba:e1:84:e5:8e:26:45:ae:c5:30:b9:d8:78:17:
                    50:19:09:13:78:f4:89:ac:30:6f:59:a7:b6:bf:f4:
                    fa:e1:54:63:ee:c2:30:03:d1:bc:11:b4:48:08:eb:
                    29:d0:16:81:00:e8:75:3e:d7:12:7f:98:94:72:a6:
                    38:8e:01:c0:1a:2f:f3:33:35:eb:16:41:e7:17:f0:
                    f9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4F:88:62:F4:EC:58:54:0D:11:EC:7D:10:95:5B:15:87:19:38:5D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS42831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.61.0/24
                  141.11.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d9:05:d2:92:8e:d8:02:f9:b7:53:d8:ea:6f:20:4e:a2:b8:d5:
         a3:92:56:c6:a5:90:a4:44:a7:2f:bb:3b:35:5a:25:49:df:54:
         71:bd:92:e1:e9:f8:22:20:35:39:29:b3:24:89:9a:1e:00:82:
         17:32:cd:4f:49:0b:25:de:04:5d:78:1d:5d:91:dc:85:c8:1a:
         16:cf:12:fa:38:62:bb:59:ae:e3:b2:29:2e:40:9e:6a:22:ee:
         9e:37:02:94:b4:2d:9e:4f:c7:56:f1:0a:26:89:3d:91:4c:4b:
         0f:d5:6c:ec:ea:da:d9:bb:8e:a1:78:97:e6:92:b5:30:a1:f2:
         bf:09:02:2f:16:47:d6:47:2e:b9:28:f9:11:11:01:93:62:81:
         4f:f8:b9:3b:8d:fc:2c:e0:0f:0c:14:79:4c:10:a3:6e:f4:f9:
         94:1a:81:7f:0f:99:67:74:bc:b7:0f:61:9e:78:55:f1:8d:8a:
         39:9e:40:66:39:8a:7d:3a:7e:cc:f8:2a:c7:b4:5b:27:ed:ee:
         ee:f9:00:e5:3c:52:fd:ac:9c:6f:3f:3d:d9:4d:1d:e0:e7:9b:
         77:a2:3f:92:37:6f:41:03:c1:b9:ba:57:a1:f3:61:34:48:7e:
         82:e8:49:b3:3e:62:5e:f8:25:f0:b2:f9:5b:bc:7e:ff:a8:de:
         15:94:1f:9c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUJ8sXR9G7Q87mGhwkjPPW9zA0EPswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMDUxNjMyNDVaFw0yNTExMDQxNjM3NDVaMDMxMTAvBgNV
BAMTKEQxNEY4ODYyRjRFQzU4NTQwRDExRUM3RDEwOTU1QjE1ODcxOTM4NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbtb+vhyAp9H/dt0vFDj68qwRG
Qh3I0GjmOlKYee4HzXM+2KrfZ+Uqp3MsDpbbvQeb3Lwxz98Ttnj5aYR4geKtLB9W
lLEB0SKn3PG8IbpQP+fJS2N95oRO7VH3SZhrEOxWzslohs8Ek3Jw5ds1JavIsI9s
CTlJ2gfD94oDdTC+EJSyBW/FA+jaYsX0rCz8xzHT10jMKvyJuysVh2gE5OICUJyp
UHc3Wr0BuWckX539957FhOm64YTljiZFrsUwudh4F1AZCRN49ImsMG9Zp7a/9Prh
VGPuwjAD0bwRtEgI6ynQFoEA6HU+1xJ/mJRypjiOAcAaL/MzNesWQecX8Pn3AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU0U+IYvTsWFQNEex9EJVbFYcZOF0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDI4MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCz0D
BAGNC9YwDQYJKoZIhvcNAQELBQADggEBANkF0pKO2AL5t1PY6m8gTqK41aOSVsal
kKREpy+7OzVaJUnfVHG9kuHp+CIgNTkpsySJmh4AghcyzU9JCyXeBF14HV2R3IXI
GhbPEvo4YrtZruOyKS5Anmoi7p43ApS0LZ5Px1bxCiaJPZFMSw/VbOzq2tm7jqF4
l+aStTCh8r8JAi8WR9ZHLrko+RERAZNigU/4uTuN/CzgDwwUeUwQo270+ZQagX8P
mWd0vLcPYZ54VfGNijmeQGY5in06fsz4Kse0Wyft7u75AOU8Uv2snG8/PdlNHeDn
m3eiP5I3b0EDwbm6V6HzYTRIfoLoSbM+Yl74JfCy+Vu8fv+o3hWUH5w=
-----END CERTIFICATE-----