Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa
File:                     AS50321.roa (raw, json)
Hash identifier:          xrrpATV06y6dK3V3aP1i/h4wswk1C+G6tsaoGUWsh/E=
Subject key identifier:   ED:98:93:85:76:FA:24:F3:DB:0C:49:2A:98:D7:AF:93:65:76:CF:50
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2DDD0F9E50F6DD4F11BF2CF46D56251AEA905513
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa
Signing time:             Wed 21 Aug 2024 19:17:34 +0000
ROA not before:           Wed 21 Aug 2024 19:12:34 +0000
ROA not after:            Wed 20 Aug 2025 19:17:34 +0000
asID:                     50321
IP address blocks:        141.11.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:dd:0f:9e:50:f6:dd:4f:11:bf:2c:f4:6d:56:25:1a:ea:90:55:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 21 19:12:34 2024 GMT
            Not After : Aug 20 19:17:34 2025 GMT
        Subject: CN=ED98938576FA24F3DB0C492A98D7AF936576CF50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ee:2a:d9:8f:df:36:66:8c:79:35:b7:af:31:
                    78:68:72:1d:04:bf:56:f9:41:cb:c9:cb:46:4c:22:
                    b7:ed:0d:d9:43:b7:08:ae:b5:04:33:db:0b:cd:bd:
                    eb:ed:fe:b3:1f:98:37:47:88:bf:3a:82:62:a9:5f:
                    ee:4d:07:ca:3f:8f:26:3c:07:18:cb:dc:2a:ef:cc:
                    0a:23:09:dc:f5:20:b8:2a:54:f0:25:37:67:94:95:
                    82:b4:18:0e:3e:08:0a:c2:b7:a7:f7:65:48:72:d9:
                    8e:05:fb:41:ae:d6:d7:1b:7f:99:ab:75:f0:d7:ec:
                    77:46:54:29:29:6d:2e:8c:8a:b0:e3:2b:31:a5:9a:
                    06:c3:0f:c6:da:4c:82:8f:23:0e:0c:a5:a4:71:34:
                    a5:3c:d7:25:f9:13:d7:00:0d:0a:27:c3:d0:a8:ef:
                    60:90:c3:0d:39:22:84:be:12:08:7e:22:c1:eb:b5:
                    31:2c:6a:53:30:ca:4a:e5:2e:6e:d6:ae:d3:99:e8:
                    d7:50:0e:63:64:16:ff:b3:dd:e1:89:f0:3e:3d:c1:
                    00:f1:91:7d:b2:9e:44:23:62:8f:19:a6:5e:d1:32:
                    be:f1:21:a5:0f:c0:89:1f:e9:51:74:26:cf:08:c4:
                    a0:cf:9e:5a:2f:01:cd:c4:b8:da:8f:2f:62:57:50:
                    f3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:98:93:85:76:FA:24:F3:DB:0C:49:2A:98:D7:AF:93:65:76:CF:50
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:95:90:92:1f:8b:dd:16:ed:9f:8f:c2:61:d8:42:ab:7c:5d:
         dd:1c:81:b9:0b:44:7a:7b:00:d0:2d:f8:f0:41:48:aa:7c:cd:
         4a:5b:6e:59:35:64:55:8c:8d:88:7f:ed:0b:ee:80:46:b9:68:
         78:d3:90:b2:cf:3d:67:da:02:8b:41:9b:50:b3:c6:c7:63:ed:
         50:a4:55:15:c6:a0:69:96:ae:8d:54:84:19:b7:a3:7a:f9:3b:
         22:5b:4d:5c:8a:7b:9b:78:65:94:67:f6:75:5a:34:44:b8:c5:
         83:32:86:11:25:64:9f:03:a2:13:0f:8c:19:ed:6c:c8:74:db:
         34:50:5c:74:cb:50:81:fd:1a:63:35:6e:60:85:91:af:8e:d9:
         64:51:5f:8e:c0:92:4d:ed:73:f7:d7:30:dd:ee:d5:1d:2d:16:
         7a:b3:75:d4:82:28:0c:68:ca:6d:e2:c9:64:89:9a:6d:fb:90:
         b4:94:27:c3:a6:5e:68:da:34:1a:e3:41:01:62:1b:7c:0f:8f:
         23:78:75:1e:e3:08:b5:9a:12:82:52:56:cb:32:12:19:a0:e0:
         c4:ac:ab:0c:67:15:6b:f6:6a:5b:37:44:dd:8a:28:c7:7b:a1:
         28:72:48:d8:78:ed:32:a1:05:27:56:9e:2d:b5:89:b6:c8:49:
         9d:84:70:19
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULd0PnlD23U8Rvyz0bVYlGuqQVRMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA4MjExOTEyMzRaFw0yNTA4MjAxOTE3MzRaMDMxMTAvBgNV
BAMTKEVEOTg5Mzg1NzZGQTI0RjNEQjBDNDkyQTk4RDdBRjkzNjU3NkNGNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg7irZj982Zox5NbevMXhoch0E
v1b5QcvJy0ZMIrftDdlDtwiutQQz2wvNvevt/rMfmDdHiL86gmKpX+5NB8o/jyY8
BxjL3CrvzAojCdz1ILgqVPAlN2eUlYK0GA4+CArCt6f3ZUhy2Y4F+0Gu1tcbf5mr
dfDX7HdGVCkpbS6MirDjKzGlmgbDD8baTIKPIw4MpaRxNKU81yX5E9cADQonw9Co
72CQww05IoS+Egh+IsHrtTEsalMwykrlLm7WrtOZ6NdQDmNkFv+z3eGJ8D49wQDx
kX2ynkQjYo8Zpl7RMr7xIaUPwIkf6VF0Js8IxKDPnlovAc3EuNqPL2JXUPPTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU7ZiThXb6JPPbDEkqmNevk2V2z1AwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTAzMjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC/ww
DQYJKoZIhvcNAQELBQADggEBAICVkJIfi90W7Z+PwmHYQqt8Xd0cgbkLRHp7ANAt
+PBBSKp8zUpbblk1ZFWMjYh/7QvugEa5aHjTkLLPPWfaAotBm1Czxsdj7VCkVRXG
oGmWro1UhBm3o3r5OyJbTVyKe5t4ZZRn9nVaNES4xYMyhhElZJ8DohMPjBntbMh0
2zRQXHTLUIH9GmM1bmCFka+O2WRRX47Akk3tc/fXMN3u1R0tFnqzddSCKAxoym3i
yWSJmm37kLSUJ8OmXmjaNBrjQQFiG3wPjyN4dR7jCLWaEoJSVssyEhmg4MSsqwxn
FWv2als3RN2KKMd7oShySNh47TKhBSdWni21ibbISZ2EcBk=
-----END CERTIFICATE-----