Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS54252.roa
File:                     AS54252.roa (raw, json)
Hash identifier:          hKoXAJJ8qdy3zDkJUZTwrfMuyoheRDAvALZRgkU0ayE=
Subject key identifier:   D3:06:0A:41:2B:A1:0C:B8:D3:D2:56:54:A5:95:46:3F:36:E3:22:9A
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0E6F1619725032D88C918EB23B97ABB8D6455716
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS54252.roa
Signing time:             Tue 17 Oct 2023 12:30:06 +0000
ROA not before:           Tue 17 Oct 2023 12:25:06 +0000
ROA not after:            Tue 15 Oct 2024 12:30:06 +0000
asID:                     54252
IP address blocks:        141.11.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:6f:16:19:72:50:32:d8:8c:91:8e:b2:3b:97:ab:b8:d6:45:57:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 17 12:25:06 2023 GMT
            Not After : Oct 15 12:30:06 2024 GMT
        Subject: CN=D3060A412BA10CB8D3D25654A595463F36E3229A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7b:bc:96:4c:70:e4:01:3f:c7:45:9b:5d:00:
                    8f:7d:9c:9e:2a:c4:23:44:2e:c2:8f:32:93:d6:e6:
                    4e:47:9a:30:56:aa:a4:a1:b4:62:6b:7a:6f:e0:fa:
                    ef:aa:8b:37:bf:df:80:c6:2d:cb:73:99:bf:30:0d:
                    6c:2e:a1:6a:f2:18:58:aa:34:ba:58:bb:17:1b:02:
                    c5:11:1f:17:b5:5b:05:e6:cd:d7:7b:6b:97:95:60:
                    c9:74:d8:19:8b:e8:09:a8:f9:89:13:72:be:13:ba:
                    cd:b2:eb:0c:93:88:d3:97:9a:26:9f:43:af:69:2a:
                    6d:2b:0e:a6:10:1f:eb:60:79:01:a0:f5:8f:f4:48:
                    72:9b:20:29:a9:6b:d5:ad:90:3c:03:4a:fa:d8:f9:
                    cc:f7:93:26:4e:b0:50:b8:f8:c2:92:e1:2b:82:f6:
                    08:92:b5:56:60:85:be:88:06:fe:20:ba:3a:e6:cb:
                    68:dc:3f:ea:47:5d:0a:74:f3:65:24:11:e2:83:01:
                    4b:33:96:e7:35:05:37:36:23:12:f7:9f:35:21:24:
                    85:06:78:e9:ae:4d:25:b4:49:21:f2:cc:84:a3:c3:
                    15:78:2d:e3:6f:ab:c1:03:14:6d:bd:28:7d:78:a8:
                    d2:37:f9:6a:a8:37:aa:2c:dd:e4:81:db:16:38:df:
                    04:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:06:0A:41:2B:A1:0C:B8:D3:D2:56:54:A5:95:46:3F:36:E3:22:9A
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS54252.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:2e:f1:b7:0a:70:da:20:16:82:a1:2a:37:36:3a:f1:bc:80:
         b6:eb:26:0a:66:ea:53:50:dc:9b:84:55:b9:f1:3d:df:85:72:
         54:df:a4:d6:32:31:da:75:a6:ea:23:48:e0:42:b5:fd:ef:6f:
         9a:75:b1:a0:d5:03:9d:4d:be:8e:09:d6:a5:a8:f5:2a:b4:89:
         81:f9:c7:9e:68:f2:b2:93:cd:43:17:28:51:c2:2a:c7:64:29:
         8d:c7:5d:bc:c0:28:07:00:e2:ed:cb:cd:11:bb:30:e1:69:a1:
         0c:5e:0a:0a:00:1d:2f:8f:5c:89:ed:95:32:a6:2a:c8:94:9d:
         89:b0:1f:ea:1f:23:d2:64:28:72:6e:84:d9:9f:ae:39:98:33:
         3c:3b:85:2a:29:b5:c3:43:38:d0:42:61:ce:ff:40:90:e3:77:
         98:e9:27:13:96:ce:c3:d3:93:4d:af:a9:6c:20:bb:b7:36:aa:
         26:dd:56:ec:2b:7f:e4:26:29:66:25:c5:2d:c5:01:fc:3b:90:
         44:4f:c7:ef:8d:3f:e1:da:dd:ad:f8:60:27:e2:9d:62:8b:c0:
         d5:c1:40:ab:16:06:e5:a3:b7:8d:66:47:4a:59:5a:ed:74:51:
         d5:e5:13:c0:b3:50:38:1d:99:18:a0:e2:4e:6f:ec:a0:6f:46:
         0c:16:91:df
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDm8WGXJQMtiMkY6yO5eruNZFVxYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEwMTcxMjI1MDZaFw0yNDEwMTUxMjMwMDZaMDMxMTAvBgNV
BAMTKEQzMDYwQTQxMkJBMTBDQjhEM0QyNTY1NEE1OTU0NjNGMzZFMzIyOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBe7yWTHDkAT/HRZtdAI99nJ4q
xCNELsKPMpPW5k5HmjBWqqShtGJrem/g+u+qize/34DGLctzmb8wDWwuoWryGFiq
NLpYuxcbAsURHxe1WwXmzdd7a5eVYMl02BmL6Amo+YkTcr4Tus2y6wyTiNOXmiaf
Q69pKm0rDqYQH+tgeQGg9Y/0SHKbICmpa9WtkDwDSvrY+cz3kyZOsFC4+MKS4SuC
9giStVZghb6IBv4gujrmy2jcP+pHXQp082UkEeKDAUszluc1BTc2IxL3nzUhJIUG
eOmuTSW0SSHyzISjwxV4LeNvq8EDFG29KH14qNI3+WqoN6os3eSB2xY43wQrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU0wYKQSuhDLjT0lZUpZVGPzbjIpowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTQyNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCycw
DQYJKoZIhvcNAQELBQADggEBAK0u8bcKcNogFoKhKjc2OvG8gLbrJgpm6lNQ3JuE
VbnxPd+FclTfpNYyMdp1puojSOBCtf3vb5p1saDVA51Nvo4J1qWo9Sq0iYH5x55o
8rKTzUMXKFHCKsdkKY3HXbzAKAcA4u3LzRG7MOFpoQxeCgoAHS+PXIntlTKmKsiU
nYmwH+ofI9JkKHJuhNmfrjmYMzw7hSoptcNDONBCYc7/QJDjd5jpJxOWzsPTk02v
qWwgu7c2qibdVuwrf+QmKWYlxS3FAfw7kERPx++NP+Ha3a34YCfinWKLwNXBQKsW
BuWjt41mR0pZWu10UdXlE8CzUDgdmRig4k5v7KBvRgwWkd8=
-----END CERTIFICATE-----