Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS51847.roa
File:                     AS51847.roa (raw, json)
Hash identifier:          gsKncNXR+XApcNMJcrOaxkY34a1jZQjgSjDwwMFZ1ew=
Subject key identifier:   5A:1A:9A:40:D1:A2:9F:77:F8:C8:69:35:8C:67:C0:63:DB:DC:5A:BD
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2F3D04936088E4F392FBF24BB2520EE1E8ED71D7
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS51847.roa
Signing time:             Mon 10 Feb 2025 11:04:57 +0000
ROA not before:           Mon 10 Feb 2025 10:59:57 +0000
ROA not after:            Mon 09 Feb 2026 11:04:57 +0000
asID:                     51847
IP address blocks:        141.11.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:3d:04:93:60:88:e4:f3:92:fb:f2:4b:b2:52:0e:e1:e8:ed:71:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 10 10:59:57 2025 GMT
            Not After : Feb  9 11:04:57 2026 GMT
        Subject: CN=5A1A9A40D1A29F77F8C869358C67C063DBDC5ABD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a6:0c:8d:5c:db:2d:f3:3b:02:dc:5b:7b:7b:
                    b7:dd:3d:0c:51:b3:30:c1:c7:58:61:c5:88:66:fa:
                    63:94:9f:a7:55:87:58:de:25:92:0e:7a:01:64:1b:
                    ea:3c:de:34:95:ee:e1:83:4c:91:8d:93:72:f4:3c:
                    3a:c2:0d:f3:0e:f9:32:b6:09:7d:82:5b:7c:0e:e6:
                    6e:a1:98:0e:00:46:02:d8:36:cc:10:f2:74:1e:e2:
                    70:37:32:b1:7e:b5:5f:ab:96:31:7c:04:9f:47:b7:
                    f9:1d:2b:5d:7f:b1:91:01:10:30:75:de:b5:b2:ba:
                    91:13:cc:63:6d:a0:9c:81:9f:ff:c3:65:1c:82:9a:
                    cd:27:54:79:6e:9d:7c:59:5a:4b:34:c6:ff:d6:cd:
                    bf:1b:81:b6:98:ef:68:b0:bf:ed:29:dd:ba:ca:3c:
                    20:ff:bf:1e:86:59:44:ba:5d:ef:67:c0:13:67:be:
                    3a:17:b6:a9:18:69:3c:ae:cd:f3:71:95:36:b9:b5:
                    74:1c:c7:2c:e0:fc:f3:4a:03:d6:58:dc:8e:07:a1:
                    c1:3e:a4:c7:2b:cb:a9:b8:73:83:ed:79:7c:00:0e:
                    84:59:22:19:d1:9e:44:e8:9d:aa:30:ba:22:75:01:
                    b2:30:7e:2a:3e:28:75:78:4d:30:19:e0:a7:84:3c:
                    79:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:1A:9A:40:D1:A2:9F:77:F8:C8:69:35:8C:67:C0:63:DB:DC:5A:BD
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS51847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:3e:f5:40:2a:62:21:76:e4:7f:85:8c:7d:3b:f9:6c:f0:63:
         91:3e:73:4c:03:3c:d6:30:c1:3e:e8:38:0b:44:0a:3b:19:26:
         58:15:35:1c:44:2f:d0:f9:6e:1e:ae:2d:c6:c5:db:17:aa:95:
         f3:e6:78:d0:50:c3:9b:a9:0c:b1:bd:b4:c1:2e:1f:0b:ad:47:
         df:c2:04:64:82:10:a1:33:4d:74:54:49:b6:0d:c2:67:5a:17:
         2e:30:db:ba:0f:cd:01:3c:c3:d6:75:e7:89:55:b3:3f:6e:f0:
         db:e4:ae:f9:ce:46:10:03:c5:23:95:a6:4f:51:06:0a:5e:c8:
         e5:ca:9f:3e:cd:32:07:8b:07:b8:9e:93:de:0f:e7:30:02:ef:
         34:36:9a:94:e9:a0:4e:e6:d4:fb:ff:2b:ff:37:e5:ad:82:5f:
         55:7b:98:16:56:87:0f:11:d6:f0:e0:29:a2:51:dc:47:99:b0:
         02:43:fa:e2:0f:1d:79:74:31:76:bf:eb:94:44:8d:d0:33:ce:
         e7:69:1d:da:44:c5:be:ad:3a:7e:a0:85:8b:3a:01:76:a8:e7:
         94:42:c5:de:91:73:00:26:2a:34:f0:95:8b:3b:e9:1c:13:0c:
         c0:58:57:79:58:84:ad:44:0f:0d:84:1a:a0:57:21:25:88:a1:
         ec:d4:0b:10
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULz0Ek2CI5POS+/JLslIO4ejtcdcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAyMTAxMDU5NTdaFw0yNjAyMDkxMTA0NTdaMDMxMTAvBgNV
BAMTKDVBMUE5QTQwRDFBMjlGNzdGOEM4NjkzNThDNjdDMDYzREJEQzVBQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkpgyNXNst8zsC3Ft7e7fdPQxR
szDBx1hhxYhm+mOUn6dVh1jeJZIOegFkG+o83jSV7uGDTJGNk3L0PDrCDfMO+TK2
CX2CW3wO5m6hmA4ARgLYNswQ8nQe4nA3MrF+tV+rljF8BJ9Ht/kdK11/sZEBEDB1
3rWyupETzGNtoJyBn//DZRyCms0nVHlunXxZWks0xv/Wzb8bgbaY72iwv+0p3brK
PCD/vx6GWUS6Xe9nwBNnvjoXtqkYaTyuzfNxlTa5tXQcxyzg/PNKA9ZY3I4HocE+
pMcry6m4c4PteXwADoRZIhnRnkTonaowuiJ1AbIwfio+KHV4TTAZ4KeEPHlHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUWhqaQNGin3f4yGk1jGfAY9vcWr0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTE4NDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCxYw
DQYJKoZIhvcNAQELBQADggEBAKM+9UAqYiF25H+FjH07+WzwY5E+c0wDPNYwwT7o
OAtECjsZJlgVNRxEL9D5bh6uLcbF2xeqlfPmeNBQw5upDLG9tMEuHwutR9/CBGSC
EKEzTXRUSbYNwmdaFy4w27oPzQE8w9Z154lVsz9u8NvkrvnORhADxSOVpk9RBgpe
yOXKnz7NMgeLB7iek94P5zAC7zQ2mpTpoE7m1Pv/K/835a2CX1V7mBZWhw8R1vDg
KaJR3EeZsAJD+uIPHXl0MXa/65REjdAzzudpHdpExb6tOn6ghYs6AXao55RCxd6R
cwAmKjTwlYs76RwTDMBYV3lYhK1EDw2EGqBXISWIoezUCxA=
-----END CERTIFICATE-----