Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS42831.roa
File:                     AS42831.roa (raw, json)
Hash identifier:          i3QWJuzHBBD7yFzoQ4DMiSmEz8PjDRhDbTnodexPwN8=
Subject key identifier:   46:A1:AC:B5:C1:9C:2E:1E:BB:3A:D3:25:CF:BB:40:63:8A:80:D7:6D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       68F23FA8B7C0B849D0F70601F31D1E8507077E5F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS42831.roa
Signing time:             Sun 01 Oct 2023 09:50:16 +0000
ROA not before:           Sun 01 Oct 2023 09:45:16 +0000
ROA not after:            Sun 29 Sep 2024 09:50:16 +0000
asID:                     42831
IP address blocks:        141.11.214.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f2:3f:a8:b7:c0:b8:49:d0:f7:06:01:f3:1d:1e:85:07:07:7e:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct  1 09:45:16 2023 GMT
            Not After : Sep 29 09:50:16 2024 GMT
        Subject: CN=46A1ACB5C19C2E1EBB3AD325CFBB40638A80D76D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:92:60:d0:05:08:ec:93:f5:aa:21:f5:fc:e0:
                    53:aa:4a:c5:cf:d9:f5:05:0b:36:55:c4:d3:1c:ef:
                    d0:c9:b8:a5:dc:7d:47:49:21:84:64:99:65:ae:90:
                    39:4f:df:10:f1:93:a0:5b:d7:96:3a:c2:9c:21:0d:
                    e9:73:ea:7c:aa:79:dc:e6:b7:19:9f:d4:bf:fc:33:
                    2e:15:f5:44:88:b0:e2:64:48:69:6c:4e:13:42:82:
                    ee:b5:83:4f:71:55:1c:51:48:b4:a9:52:ad:b6:de:
                    f4:a0:e7:6d:c3:67:f2:d6:d5:d6:e4:5c:eb:36:14:
                    a5:6a:6c:f4:b8:af:c3:67:29:61:c2:1e:d3:d5:b6:
                    e0:44:72:0f:3d:ba:6c:a9:5d:33:b5:d5:54:4e:0a:
                    35:59:41:49:e9:81:c1:9c:df:d9:f7:c2:1a:78:10:
                    c5:50:19:19:bc:81:5b:10:f9:58:32:92:72:15:a2:
                    25:27:8f:95:af:4c:a9:b9:45:61:4c:56:43:19:a4:
                    b1:87:a7:fc:2c:52:ce:b5:2f:87:90:91:d7:49:5b:
                    78:63:fd:61:7c:f4:92:bc:27:f6:64:10:6b:f0:78:
                    73:9f:57:d2:b6:80:a4:e0:e1:ee:67:91:cf:76:e4:
                    62:c0:22:95:a6:2e:ef:54:d3:d5:f7:cb:ce:20:bf:
                    05:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A1:AC:B5:C1:9C:2E:1E:BB:3A:D3:25:CF:BB:40:63:8A:80:D7:6D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS42831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:eb:fa:fc:2d:1a:73:b6:2f:17:5b:23:57:44:2d:4c:9c:bc:
         d4:fe:2b:c4:03:e6:37:9f:51:98:a9:4c:61:e7:c3:c5:3e:04:
         54:78:f2:73:92:49:00:61:b8:07:67:64:50:3c:0e:c1:20:7e:
         ec:13:58:fe:e7:33:6d:67:05:4e:3a:22:22:ef:5b:b7:68:00:
         a0:71:90:fa:48:d8:7e:51:33:1c:99:e3:6c:88:4b:d2:58:6b:
         e6:de:66:0c:77:f5:4c:4d:ef:d9:1d:79:12:51:74:22:aa:99:
         b1:91:1a:bd:d3:20:f1:fb:09:be:c2:0b:bc:2f:29:94:51:2d:
         7c:f5:f0:87:74:62:9d:9f:0f:a8:26:9c:63:67:2b:c4:40:ee:
         dc:14:8a:35:c9:91:21:56:15:49:93:a4:b4:45:8f:5f:04:0a:
         32:d7:74:74:e2:fc:fa:57:52:d1:88:1e:cb:af:e9:0c:70:9d:
         f8:81:21:56:50:d2:23:de:80:dd:60:03:31:c9:e1:5e:d0:ed:
         c0:2c:2f:a1:51:17:cd:a0:57:e4:f8:cd:ce:ef:90:39:13:b6:
         42:fc:f7:12:09:96:82:c2:95:80:c9:df:aa:08:28:e5:f3:0d:
         52:43:eb:28:09:42:a3:f3:91:13:d6:d6:0b:fc:f1:d6:fc:5b:
         0e:de:df:61
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaPI/qLfAuEnQ9wYB8x0ehQcHfl8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEwMDEwOTQ1MTZaFw0yNDA5MjkwOTUwMTZaMDMxMTAvBgNV
BAMTKDQ2QTFBQ0I1QzE5QzJFMUVCQjNBRDMyNUNGQkI0MDYzOEE4MEQ3NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKkmDQBQjsk/WqIfX84FOqSsXP
2fUFCzZVxNMc79DJuKXcfUdJIYRkmWWukDlP3xDxk6Bb15Y6wpwhDelz6nyqedzm
txmf1L/8My4V9USIsOJkSGlsThNCgu61g09xVRxRSLSpUq223vSg523DZ/LW1dbk
XOs2FKVqbPS4r8NnKWHCHtPVtuBEcg89umypXTO11VROCjVZQUnpgcGc39n3whp4
EMVQGRm8gVsQ+VgyknIVoiUnj5WvTKm5RWFMVkMZpLGHp/wsUs61L4eQkddJW3hj
/WF89JK8J/ZkEGvweHOfV9K2gKTg4e5nkc925GLAIpWmLu9U09X3y84gvwUnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQURqGstcGcLh67OtMlz7tAY4qA120wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDI4MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNC9Yw
DQYJKoZIhvcNAQELBQADggEBAILr+vwtGnO2LxdbI1dELUycvNT+K8QD5jefUZip
TGHnw8U+BFR48nOSSQBhuAdnZFA8DsEgfuwTWP7nM21nBU46IiLvW7doAKBxkPpI
2H5RMxyZ42yIS9JYa+beZgx39UxN79kdeRJRdCKqmbGRGr3TIPH7Cb7CC7wvKZRR
LXz18Id0Yp2fD6gmnGNnK8RA7twUijXJkSFWFUmTpLRFj18ECjLXdHTi/PpXUtGI
Hsuv6QxwnfiBIVZQ0iPegN1gAzHJ4V7Q7cAsL6FRF82gV+T4zc7vkDkTtkL89xIJ
loLClYDJ36oIKOXzDVJD6ygJQqPzkRPW1gv88db8Ww7e32E=
-----END CERTIFICATE-----