Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47693.roa
File:                     AS47693.roa (raw, json)
Hash identifier:          vtb86bua8TBlxwxKXGtfcuPdgEFpxyJ6hUDpKWsnsss=
Subject key identifier:   01:CB:6B:DA:7C:F8:E3:D8:F8:93:8C:6B:7F:F6:D9:CD:F9:59:24:42
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       666686141A6091521755F51DFB8A4166ECFD3F3E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47693.roa
Signing time:             Fri 31 May 2024 11:00:21 +0000
ROA not before:           Fri 31 May 2024 10:55:21 +0000
ROA not after:            Fri 30 May 2025 11:00:21 +0000
asID:                     47693
IP address blocks:        141.11.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:66:86:14:1a:60:91:52:17:55:f5:1d:fb:8a:41:66:ec:fd:3f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 31 10:55:21 2024 GMT
            Not After : May 30 11:00:21 2025 GMT
        Subject: CN=01CB6BDA7CF8E3D8F8938C6B7FF6D9CDF9592442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:db:97:15:02:f0:5f:c9:24:2a:8b:b3:15:38:
                    f4:c7:65:c7:30:22:88:9a:8c:16:ea:b8:2b:c6:ab:
                    54:55:98:71:3f:7a:25:15:b0:1e:4b:df:be:86:b9:
                    ec:7f:4a:e6:35:56:c2:07:8e:26:80:29:fa:5d:07:
                    95:35:3d:e7:c5:69:03:4e:6e:8a:fd:c2:38:93:5a:
                    dd:95:08:35:41:e1:31:f9:fc:85:d6:1d:f5:e1:da:
                    e4:9d:23:11:7c:ae:9a:ef:41:f6:82:f2:bb:4e:cc:
                    4f:84:e8:de:65:4d:57:c0:aa:5c:a5:11:40:05:32:
                    04:b8:cb:5a:4c:d1:87:cb:79:2f:e3:c8:bb:d8:ae:
                    2e:c9:b0:b8:bd:60:45:91:0a:73:8a:fe:f8:21:46:
                    0c:95:0e:54:47:85:46:c5:ab:d5:00:71:3e:01:a7:
                    ad:b0:b3:1f:61:d0:ac:26:97:ed:46:ab:15:76:cf:
                    31:37:99:1a:be:7f:ae:a8:bb:fe:e2:36:cf:05:28:
                    98:69:5e:b5:4c:fb:aa:fa:83:2a:e7:2e:b9:ed:06:
                    09:f7:c3:82:f7:25:37:d6:9c:d1:a4:3e:4f:5f:a8:
                    cd:57:36:8e:71:75:d5:ca:8a:ff:06:4e:b7:e6:71:
                    8b:9c:2f:b7:9f:1e:5b:38:f4:2b:6c:bb:e2:fb:c1:
                    7c:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:CB:6B:DA:7C:F8:E3:D8:F8:93:8C:6B:7F:F6:D9:CD:F9:59:24:42
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS47693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:43:ec:11:81:c5:0a:f4:b3:f9:8c:ed:34:a8:e8:d1:c8:4a:
         3a:6a:32:8f:0c:e3:51:53:25:88:ed:88:ae:df:8a:94:28:34:
         db:0b:1e:50:af:99:18:28:0d:34:92:0b:83:a6:66:16:e2:70:
         0b:39:80:6b:d7:65:69:1a:69:f8:37:b4:64:3c:fb:b2:cb:04:
         5f:0f:23:6e:be:db:75:7e:3a:fd:4b:cf:7c:81:b8:9a:03:56:
         07:51:56:3c:c6:52:74:87:72:8b:a7:de:32:ad:3f:68:6e:79:
         ce:62:e1:f5:ea:6f:42:27:df:e2:f6:46:79:33:f8:46:8a:93:
         e9:0a:c2:55:95:f8:57:37:a3:93:ed:7a:cf:ea:c3:2d:94:3e:
         de:d9:cb:5e:8e:f3:d6:95:9f:7d:8c:0f:8d:89:17:c0:6a:9d:
         ec:f1:44:f1:e7:e2:1b:fd:9c:90:4e:5f:b8:1d:c1:b3:62:7f:
         70:3b:54:27:29:39:d9:c5:d0:b9:a5:cc:e7:73:93:bd:17:03:
         d8:ed:f6:8c:db:13:5d:eb:33:54:83:68:31:43:12:63:06:3c:
         c5:bb:8a:f7:7b:8b:f1:95:10:2b:ef:87:f4:4f:21:3e:f7:38:
         94:74:ee:21:66:2b:4e:67:e3:7e:63:7d:f9:6b:ae:11:35:17:
         ae:27:1d:93
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZmaGFBpgkVIXVfUd+4pBZuz9Pz4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MzExMDU1MjFaFw0yNTA1MzAxMTAwMjFaMDMxMTAvBgNV
BAMTKDAxQ0I2QkRBN0NGOEUzRDhGODkzOEM2QjdGRjZEOUNERjk1OTI0NDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb25cVAvBfySQqi7MVOPTHZccw
IoiajBbquCvGq1RVmHE/eiUVsB5L376Guex/SuY1VsIHjiaAKfpdB5U1PefFaQNO
bor9wjiTWt2VCDVB4TH5/IXWHfXh2uSdIxF8rprvQfaC8rtOzE+E6N5lTVfAqlyl
EUAFMgS4y1pM0YfLeS/jyLvYri7JsLi9YEWRCnOK/vghRgyVDlRHhUbFq9UAcT4B
p62wsx9h0Kwml+1GqxV2zzE3mRq+f66ou/7iNs8FKJhpXrVM+6r6gyrnLrntBgn3
w4L3JTfWnNGkPk9fqM1XNo5xddXKiv8GTrfmcYucL7efHls49Ctsu+L7wXwhAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUActr2nz449j4k4xrf/bZzflZJEIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDc2OTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC/8w
DQYJKoZIhvcNAQELBQADggEBAKZD7BGBxQr0s/mM7TSo6NHISjpqMo8M41FTJYjt
iK7fipQoNNsLHlCvmRgoDTSSC4OmZhbicAs5gGvXZWkaafg3tGQ8+7LLBF8PI26+
23V+Ov1Lz3yBuJoDVgdRVjzGUnSHcoun3jKtP2huec5i4fXqb0In3+L2Rnkz+EaK
k+kKwlWV+Fc3o5Ptes/qwy2UPt7Zy16O89aVn32MD42JF8BqnezxRPHn4hv9nJBO
X7gdwbNif3A7VCcpOdnF0LmlzOdzk70XA9jt9ozbE13rM1SDaDFDEmMGPMW7ivd7
i/GVECvvh/RPIT73OJR07iFmK05n435jfflrrhE1F64nHZM=
-----END CERTIFICATE-----