Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47693.roa
File:                     AS47693.roa (raw, json)
Hash identifier:          Peb/HhOXPhvMnC0+3Q3yuBsTsC0JOiJy9lEMyNYKKsw=
Subject key identifier:   E4:D8:30:37:ED:BA:DA:0D:70:2B:C9:34:A0:CB:53:B4:AB:47:ED:C7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7B8C0C50EE21024C3A9821A5E2DDA4A8B19C4CC0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47693.roa
Signing time:             Fri 02 May 2025 11:54:05 +0000
ROA not before:           Fri 02 May 2025 11:49:05 +0000
ROA not after:            Fri 01 May 2026 11:54:05 +0000
asID:                     47693
IP address blocks:        141.11.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 21:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:8c:0c:50:ee:21:02:4c:3a:98:21:a5:e2:dd:a4:a8:b1:9c:4c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  2 11:49:05 2025 GMT
            Not After : May  1 11:54:05 2026 GMT
        Subject: CN=E4D83037EDBADA0D702BC934A0CB53B4AB47EDC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:11:67:82:7f:38:5e:21:b9:dd:ca:b4:5d:ee:
                    34:1d:37:ff:e4:ae:97:e6:68:86:c9:f1:f5:8a:b6:
                    a9:e5:19:f5:22:6c:ec:13:48:dd:8c:3f:17:fb:35:
                    a2:d2:30:1f:85:80:ad:9d:ec:44:88:0a:e7:13:58:
                    9c:98:08:46:fa:3f:12:04:b2:b9:e6:ff:93:54:9e:
                    5f:b5:1a:55:c9:10:aa:70:1e:86:9a:5c:e7:62:c1:
                    f1:53:37:c8:63:95:0f:92:4d:c4:59:22:24:fe:a9:
                    90:e6:c7:e9:74:18:38:8f:62:6f:f0:ab:e4:72:27:
                    58:ff:a6:01:fa:bf:37:38:f6:7e:c9:e8:63:53:9b:
                    24:c2:2b:db:07:00:36:d5:3a:9d:3f:81:59:82:da:
                    9a:c7:74:ed:61:30:d0:1c:86:ce:b6:f4:56:63:aa:
                    f4:1d:2b:af:8c:b8:a8:db:24:fe:ad:9c:95:ca:a8:
                    af:d3:a0:bf:3d:20:53:d3:2c:7f:64:32:3c:94:4b:
                    2a:29:04:cd:08:8f:f3:63:3f:b1:2c:82:a5:70:a6:
                    3a:17:16:e3:e1:99:b9:d1:d7:af:d4:57:f7:06:50:
                    7d:05:89:e2:b1:37:c5:ef:02:33:66:d2:16:eb:ae:
                    15:d4:3a:cf:12:e1:af:7c:cc:b1:b8:f3:4c:57:37:
                    42:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D8:30:37:ED:BA:DA:0D:70:2B:C9:34:A0:CB:53:B4:AB:47:ED:C7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:1f:6b:ba:b5:9c:e5:b6:84:2d:c3:77:4e:eb:57:94:7a:12:
         e2:33:27:f6:04:ff:ba:08:f3:99:f8:d0:55:44:74:9c:56:93:
         eb:28:f2:83:b8:fa:bf:b8:13:51:c8:8d:7d:19:b6:9e:93:06:
         98:fc:75:7d:ad:88:3d:1d:9a:3f:aa:cd:53:11:51:1b:b8:7b:
         3a:b1:9c:c7:01:35:5f:30:19:98:63:77:f9:fb:bc:2e:a4:9e:
         e8:cb:eb:dd:d3:d4:01:bb:ef:8b:4c:80:fd:cd:6f:c2:cf:76:
         b3:7a:43:e0:1f:35:5e:bc:16:da:ed:2f:17:31:05:82:f9:02:
         60:d0:72:7f:c2:d6:78:6c:f2:15:69:e7:05:24:78:22:dd:89:
         66:8a:0e:78:dd:c2:b5:d2:21:16:e1:7f:e0:0b:a7:d2:cd:1d:
         5f:e1:35:77:3c:39:25:70:87:15:07:86:37:ea:46:59:af:92:
         b5:0e:f5:6a:dd:94:7c:e5:d9:47:44:27:b2:8b:18:86:ad:be:
         b9:31:b8:19:7b:44:ed:c4:49:48:87:f8:fe:eb:ac:51:ff:4d:
         ec:55:98:fb:40:52:5c:4b:33:42:d8:b2:c4:91:a0:3d:e5:fa:
         b3:93:c4:01:fc:fa:a6:97:64:a7:e2:f0:1d:43:9e:e5:20:4e:
         eb:da:b7:bf
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUe4wMUO4hAkw6mCGl4t2kqLGcTMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA1MDIxMTQ5MDVaFw0yNjA1MDExMTU0MDVaMDMxMTAvBgNV
BAMTKEU0RDgzMDM3RURCQURBMEQ3MDJCQzkzNEEwQ0I1M0I0QUI0N0VEQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSEWeCfzheIbndyrRd7jQdN//k
rpfmaIbJ8fWKtqnlGfUibOwTSN2MPxf7NaLSMB+FgK2d7ESICucTWJyYCEb6PxIE
srnm/5NUnl+1GlXJEKpwHoaaXOdiwfFTN8hjlQ+STcRZIiT+qZDmx+l0GDiPYm/w
q+RyJ1j/pgH6vzc49n7J6GNTmyTCK9sHADbVOp0/gVmC2prHdO1hMNAchs629FZj
qvQdK6+MuKjbJP6tnJXKqK/ToL89IFPTLH9kMjyUSyopBM0Ij/NjP7EsgqVwpjoX
FuPhmbnR16/UV/cGUH0FieKxN8XvAjNm0hbrrhXUOs8S4a98zLG480xXN0LrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU5NgwN+262g1wK8k0oMtTtKtH7ccwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDc2OTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC/8w
DQYJKoZIhvcNAQELBQADggEBAGgfa7q1nOW2hC3Dd07rV5R6EuIzJ/YE/7oI85n4
0FVEdJxWk+so8oO4+r+4E1HIjX0Ztp6TBpj8dX2tiD0dmj+qzVMRURu4ezqxnMcB
NV8wGZhjd/n7vC6knujL693T1AG774tMgP3Nb8LPdrN6Q+AfNV68FtrtLxcxBYL5
AmDQcn/C1nhs8hVp5wUkeCLdiWaKDnjdwrXSIRbhf+ALp9LNHV/hNXc8OSVwhxUH
hjfqRlmvkrUO9WrdlHzl2UdEJ7KLGIatvrkxuBl7RO3ESUiH+P7rrFH/TexVmPtA
UlxLM0LYssSRoD3l+rOTxAH8+qaXZKfi8B1DnuUgTuvat78=
-----END CERTIFICATE-----