Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49678.roa
File:                     AS49678.roa (raw, json)
Hash identifier:          cBIzJjXGBIM7ABMZmbKRbaOWj56RwXZhHhRaRef3OEM=
Subject key identifier:   B9:71:76:C1:9C:1F:C1:EA:B1:CA:34:7A:7B:E5:B5:5D:FC:E1:C1:90
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       78EC8C1347A3A8BD3AC0E109B1BB1AE28136DDFC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49678.roa
Signing time:             Thu 01 Aug 2024 13:57:46 +0000
ROA not before:           Thu 01 Aug 2024 13:52:46 +0000
ROA not after:            Thu 31 Jul 2025 13:57:46 +0000
asID:                     49678
IP address blocks:        141.11.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:ec:8c:13:47:a3:a8:bd:3a:c0:e1:09:b1:bb:1a:e2:81:36:dd:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug  1 13:52:46 2024 GMT
            Not After : Jul 31 13:57:46 2025 GMT
        Subject: CN=B97176C19C1FC1EAB1CA347A7BE5B55DFCE1C190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0f:4f:a7:6d:5f:e4:71:02:4f:28:b7:4d:39:
                    96:7a:a1:4d:d5:ff:d5:a5:b8:a5:7e:74:e3:95:72:
                    55:53:0c:1e:9b:69:c5:4d:9e:2e:e7:57:2f:0e:d1:
                    e6:a3:4c:b5:aa:93:9f:5e:ad:33:c3:7e:62:83:54:
                    c1:e6:cc:2a:36:19:36:ca:92:90:db:60:9e:b4:0b:
                    16:ca:b2:0d:c6:db:43:82:5b:d7:3e:cf:3f:7d:f5:
                    18:26:88:15:f9:39:11:e1:58:1c:b3:a5:c8:df:4b:
                    1e:6b:c4:6e:e2:5e:71:15:70:7a:4c:14:e5:00:16:
                    ea:74:cd:1c:07:37:47:41:52:86:84:ce:ef:be:9f:
                    80:0c:71:8b:09:62:be:8b:dd:99:8f:aa:77:c9:d4:
                    91:f2:c0:da:e3:14:ab:3e:5a:35:3f:2b:46:82:fc:
                    35:9f:95:2d:e9:30:ec:9d:e8:5a:7c:b4:f3:24:3d:
                    20:61:09:61:bb:f1:bc:24:ff:ce:7a:58:47:78:af:
                    1c:19:d8:b4:ce:40:19:6a:19:95:e6:b1:6f:26:f4:
                    c0:ce:cc:fe:d5:7d:1c:e1:52:a7:b3:02:98:ff:82:
                    a8:88:e4:c1:e4:cc:fd:d2:20:3c:af:c1:6b:07:ee:
                    08:6f:d3:81:63:33:41:6c:4c:23:00:e2:e3:05:f5:
                    03:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:71:76:C1:9C:1F:C1:EA:B1:CA:34:7A:7B:E5:B5:5D:FC:E1:C1:90
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS49678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:cb:cd:e8:e9:46:bf:51:85:51:e4:e8:44:a5:83:10:a6:f4:
         ca:2f:2a:c3:ff:5b:9d:69:ed:7f:90:c7:1d:34:1a:55:85:b6:
         ce:ca:0b:f2:bb:d0:3f:cc:d0:9a:1e:de:85:91:1d:c4:be:0b:
         93:f9:25:51:ba:78:ea:09:43:30:98:f4:00:10:8f:9e:1c:58:
         0d:be:f9:bb:f5:28:ae:30:b7:e7:33:a9:87:a4:3b:3d:15:6f:
         5d:e0:2e:66:fc:7a:7b:b4:ff:5c:e7:33:d0:19:54:5e:e4:cf:
         90:d4:d7:d1:3d:4b:26:91:21:c6:06:df:96:de:b5:3f:bb:e4:
         83:49:00:ed:78:4c:46:94:69:5b:2c:4f:90:7b:c5:ff:7e:c5:
         07:7e:ec:27:ed:1a:f9:56:fc:c4:f0:39:90:15:3c:cb:89:43:
         86:f6:ff:85:da:22:cb:79:41:e0:e5:55:0c:92:7b:b1:49:06:
         19:30:30:b9:77:03:de:8d:73:22:15:52:c7:20:1f:4e:27:b5:
         d6:3f:39:f6:c3:16:98:30:42:8f:ec:49:85:3c:36:ec:47:f1:
         63:20:82:09:ee:42:f6:1a:12:0e:0d:51:0c:0d:e9:a2:d6:3e:
         36:88:7d:64:98:94:ce:ef:23:54:71:2c:9b:81:8e:a0:4f:cd:
         34:29:b7:c3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeOyME0ejqL06wOEJsbsa4oE23fwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA4MDExMzUyNDZaFw0yNTA3MzExMzU3NDZaMDMxMTAvBgNV
BAMTKEI5NzE3NkMxOUMxRkMxRUFCMUNBMzQ3QTdCRTVCNTVERkNFMUMxOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsD0+nbV/kcQJPKLdNOZZ6oU3V
/9WluKV+dOOVclVTDB6bacVNni7nVy8O0eajTLWqk59erTPDfmKDVMHmzCo2GTbK
kpDbYJ60CxbKsg3G20OCW9c+zz999RgmiBX5ORHhWByzpcjfSx5rxG7iXnEVcHpM
FOUAFup0zRwHN0dBUoaEzu++n4AMcYsJYr6L3ZmPqnfJ1JHywNrjFKs+WjU/K0aC
/DWflS3pMOyd6Fp8tPMkPSBhCWG78bwk/856WEd4rxwZ2LTOQBlqGZXmsW8m9MDO
zP7VfRzhUqezApj/gqiI5MHkzP3SIDyvwWsH7ghv04FjM0FsTCMA4uMF9QOrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUuXF2wZwfweqxyjR6e+W1XfzhwZAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDk2Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC0Aw
DQYJKoZIhvcNAQELBQADggEBAKbLzejpRr9RhVHk6ESlgxCm9MovKsP/W51p7X+Q
xx00GlWFts7KC/K70D/M0Joe3oWRHcS+C5P5JVG6eOoJQzCY9AAQj54cWA2++bv1
KK4wt+czqYekOz0Vb13gLmb8enu0/1znM9AZVF7kz5DU19E9SyaRIcYG35betT+7
5INJAO14TEaUaVssT5B7xf9+xQd+7CftGvlW/MTwOZAVPMuJQ4b2/4XaIst5QeDl
VQySe7FJBhkwMLl3A96NcyIVUscgH04ntdY/OfbDFpgwQo/sSYU8NuxH8WMgggnu
QvYaEg4NUQwN6aLWPjaIfWSYlM7vI1RxLJuBjqBPzTQpt8M=
-----END CERTIFICATE-----