Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49367.roa
File:                     AS49367.roa (raw, json)
Hash identifier:          vq1FlGYh3coYuR0JMYcau4RBpZgaD6yEr7Ehwtrsdw0=
Subject key identifier:   49:22:11:EC:7B:67:8B:D4:9B:E0:05:83:E4:1D:D2:76:4C:85:5D:62
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2895DE0B46DA497109BEF653B5D336452D25EC14
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49367.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     49367
IP address blocks:        141.11.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:95:de:0b:46:da:49:71:09:be:f6:53:b5:d3:36:45:2d:25:ec:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=492211EC7B678BD49BE00583E41DD2764C855D62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:93:df:40:b4:af:47:0c:d7:d3:0f:f5:9d:c8:
                    a9:1b:04:59:d4:38:3d:65:84:a4:15:39:66:f9:cd:
                    f0:81:28:8d:9d:ab:5c:9f:b7:75:a8:ac:65:50:aa:
                    32:a6:c9:08:e2:f4:63:91:00:83:bf:32:2c:a4:6c:
                    32:03:8c:15:4f:50:4a:96:c6:cf:b8:79:d5:13:2b:
                    d0:26:56:1d:e3:36:da:99:67:e6:f8:b4:4b:72:bc:
                    14:e5:71:c9:6f:07:d4:0b:01:82:c0:9a:fb:c3:be:
                    60:a3:6d:3b:75:33:a4:4c:07:e5:68:b5:1a:d6:10:
                    66:bf:3a:14:00:ac:73:ed:2d:5c:8c:63:5f:fd:c2:
                    93:ac:2c:96:fa:6b:95:76:62:09:8d:49:8c:be:37:
                    8d:d6:a2:78:35:e6:f7:98:37:b2:73:ee:69:00:45:
                    02:12:2a:9e:5c:de:b0:2e:e1:56:97:ca:c0:c2:11:
                    e0:08:c1:ca:a4:28:89:b5:23:5b:19:d6:8a:3c:a0:
                    f1:db:95:57:61:59:72:a1:c0:56:1b:87:ef:61:e4:
                    82:bb:2e:00:c3:53:ec:a5:e3:1a:68:b9:2d:e3:a4:
                    72:d2:e4:9b:5e:dc:27:b7:81:2f:72:15:d9:0b:b1:
                    de:38:ac:5f:cf:6a:ed:bb:6e:c0:b9:12:1e:95:0c:
                    38:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:22:11:EC:7B:67:8B:D4:9B:E0:05:83:E4:1D:D2:76:4C:85:5D:62
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49367.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:5f:71:09:c2:d0:57:d0:eb:9e:85:7f:43:62:27:1d:1c:0a:
         40:2a:98:cf:35:ad:00:a4:28:a8:42:58:f0:99:75:1a:c7:fc:
         e2:5b:e9:dd:0e:4e:1e:98:45:c2:f7:16:51:1d:17:46:49:8a:
         86:14:48:91:d2:b1:a5:71:61:81:08:9f:cc:1e:1e:c2:bb:02:
         1f:1f:72:1a:f8:49:2b:da:6b:54:38:04:e9:5b:75:29:33:51:
         b0:97:67:29:d6:38:d1:28:01:0d:bb:d9:cf:b5:26:f7:65:9a:
         4b:8d:1e:67:a2:09:67:0e:85:fe:8d:58:44:fa:4a:b9:6c:fc:
         bf:45:72:d4:ee:a6:b8:93:63:82:6b:3b:15:e9:a2:b0:03:2b:
         73:09:51:d5:65:95:10:5e:e4:81:0b:44:74:5d:f4:83:49:73:
         bf:26:ca:03:16:c9:ca:76:64:2b:2d:20:55:9b:4c:5f:66:9e:
         db:7d:17:34:b7:10:4e:b1:3f:b7:25:7b:5e:d4:ed:31:f4:1d:
         fe:24:b3:a9:11:08:3c:2c:30:a0:83:d9:ba:b1:f7:54:be:7f:
         ef:93:74:63:01:59:7f:bd:3e:cc:d0:90:46:3f:a6:72:5b:1a:
         78:12:33:12:7f:61:b2:a3:8b:84:a7:2e:56:9f:1d:30:3f:65:
         33:3a:22:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKJXeC0baSXEJvvZTtdM2RS0l7BQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKDQ5MjIxMUVDN0I2NzhCRDQ5QkUwMDU4M0U0MUREMjc2NEM4NTVENjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2k99AtK9HDNfTD/WdyKkbBFnU
OD1lhKQVOWb5zfCBKI2dq1yft3WorGVQqjKmyQji9GORAIO/MiykbDIDjBVPUEqW
xs+4edUTK9AmVh3jNtqZZ+b4tEtyvBTlcclvB9QLAYLAmvvDvmCjbTt1M6RMB+Vo
tRrWEGa/OhQArHPtLVyMY1/9wpOsLJb6a5V2YgmNSYy+N43Wong15veYN7Jz7mkA
RQISKp5c3rAu4VaXysDCEeAIwcqkKIm1I1sZ1oo8oPHblVdhWXKhwFYbh+9h5IK7
LgDDU+yl4xpouS3jpHLS5Jte3Ce3gS9yFdkLsd44rF/Pau27bsC5Eh6VDDhPAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUSSIR7Htni9Sb4AWD5B3SdkyFXWIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDkzNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCx8w
DQYJKoZIhvcNAQELBQADggEBAMBfcQnC0FfQ656Ff0NiJx0cCkAqmM81rQCkKKhC
WPCZdRrH/OJb6d0OTh6YRcL3FlEdF0ZJioYUSJHSsaVxYYEIn8weHsK7Ah8fchr4
SSvaa1Q4BOlbdSkzUbCXZynWONEoAQ272c+1JvdlmkuNHmeiCWcOhf6NWET6Srls
/L9FctTupriTY4JrOxXporADK3MJUdVllRBe5IELRHRd9INJc78mygMWycp2ZCst
IFWbTF9mntt9FzS3EE6xP7cle17U7TH0Hf4ks6kRCDwsMKCD2bqx91S+f++TdGMB
WX+9PszQkEY/pnJbGngSMxJ/YbKji4SnLlafHTA/ZTM6IuA=
-----END CERTIFICATE-----