Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa
File:                     AS56962.roa (raw, json)
Hash identifier:          87ujvg8vKZTJGpnLoLnAhnMHKCAY8ZmAjqOlmhAcryM=
Subject key identifier:   CF:22:17:04:35:CD:FA:BD:35:5E:0A:B6:4B:0C:E0:73:58:1F:26:52
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       47F0ECA52E84824F82621A29853EBAA3C255835F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa
Signing time:             Tue 02 Jul 2024 06:34:54 +0000
ROA not before:           Tue 02 Jul 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 06:34:54 +0000
asID:                     56962
IP address blocks:        141.11.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:f0:ec:a5:2e:84:82:4f:82:62:1a:29:85:3e:ba:a3:c2:55:83:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul  2 06:29:54 2024 GMT
            Not After : Jul  1 06:34:54 2025 GMT
        Subject: CN=CF22170435CDFABD355E0AB64B0CE073581F2652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9d:7f:76:9e:2e:13:0e:5c:fe:30:d0:f7:0f:
                    46:c1:d7:36:88:95:51:3c:3b:cb:14:83:a4:ed:91:
                    04:b7:98:2c:65:42:94:6c:66:29:ed:a1:47:d2:23:
                    a0:c9:66:f6:16:f8:ce:67:70:4d:a3:65:5b:99:74:
                    28:87:84:f0:98:8c:da:95:c8:1d:e3:ec:d6:f1:60:
                    a3:f2:c9:4d:e3:93:40:43:1c:2c:5c:c2:73:fe:64:
                    d0:c3:b2:a8:e3:8b:33:85:f9:dc:60:c5:66:c6:39:
                    61:5d:30:52:de:58:e1:54:1e:63:e1:f0:9f:93:7c:
                    41:0a:c8:3e:97:17:40:fb:0e:d2:b8:c6:38:71:3e:
                    2c:de:7a:2e:76:11:21:a1:fc:b3:e5:d6:5b:50:ba:
                    f4:6a:df:8b:ee:65:3b:b4:3f:1b:44:f8:de:12:1d:
                    cf:d3:8d:dd:50:6a:a7:3e:64:a2:eb:03:71:0f:33:
                    33:25:cc:7c:78:5d:59:da:ba:fb:77:ae:e8:af:13:
                    c6:55:15:09:f1:66:13:32:13:0a:53:b2:4e:78:97:
                    d7:4c:83:4f:36:ff:76:b2:e0:5f:51:12:32:6c:c2:
                    37:70:f9:b6:01:e0:64:f5:e7:aa:f6:09:d4:e7:71:
                    61:03:b8:be:80:f7:99:e8:94:0d:cb:fc:de:1d:f1:
                    d0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:22:17:04:35:CD:FA:BD:35:5E:0A:B6:4B:0C:E0:73:58:1F:26:52
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS56962.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:47:ea:cc:d5:75:d1:34:c4:c2:6d:6a:a1:05:1a:47:3f:a0:
         b0:4a:56:f0:a4:f4:16:cd:ff:65:d3:6f:6a:30:23:11:b4:ab:
         27:08:ae:47:cb:8e:0d:12:db:97:c7:7f:d2:22:e3:1f:d0:05:
         bd:85:25:45:b9:e1:ec:57:a0:16:56:ff:c5:bd:31:d2:0c:49:
         62:97:94:06:39:d0:43:c0:86:d4:e5:fe:e8:4c:5b:55:2d:0e:
         62:22:0b:a2:03:8f:94:ce:86:66:7d:25:57:28:0d:2b:01:eb:
         e2:81:b1:4c:6c:eb:bd:e4:31:6e:2a:4f:b1:79:a8:69:4e:f2:
         a6:ad:b7:76:80:65:6e:29:c8:6a:d4:79:52:cd:e9:4a:b1:fe:
         1c:66:32:95:e2:d1:8c:58:ec:40:3d:86:ab:de:81:dc:27:13:
         59:fe:2a:82:17:80:a1:31:fb:7e:b4:61:a5:d3:e8:b3:5c:29:
         5d:f6:bb:6e:90:31:6a:21:b3:5e:d6:d9:25:6d:c7:40:2c:c5:
         aa:ae:55:9c:fe:ac:05:29:7e:ef:07:2b:0e:ca:0f:37:bf:51:
         45:c0:ce:51:2f:b3:d1:3c:83:93:02:59:02:ee:d3:14:e2:d1:
         21:f9:00:a2:9c:96:26:85:d4:15:06:88:63:48:7e:05:ed:66:
         f5:32:f4:d2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUR/DspS6Egk+CYhophT66o8JVg18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA3MDIwNjI5NTRaFw0yNTA3MDEwNjM0NTRaMDMxMTAvBgNV
BAMTKENGMjIxNzA0MzVDREZBQkQzNTVFMEFCNjRCMENFMDczNTgxRjI2NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCenX92ni4TDlz+MND3D0bB1zaI
lVE8O8sUg6TtkQS3mCxlQpRsZintoUfSI6DJZvYW+M5ncE2jZVuZdCiHhPCYjNqV
yB3j7NbxYKPyyU3jk0BDHCxcwnP+ZNDDsqjjizOF+dxgxWbGOWFdMFLeWOFUHmPh
8J+TfEEKyD6XF0D7DtK4xjhxPizeei52ESGh/LPl1ltQuvRq34vuZTu0PxtE+N4S
Hc/Tjd1Qaqc+ZKLrA3EPMzMlzHx4XVnauvt3ruivE8ZVFQnxZhMyEwpTsk54l9dM
g082/3ay4F9REjJswjdw+bYB4GT156r2CdTncWEDuL6A95nolA3L/N4d8dDxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUzyIXBDXN+r01Xgq2Swzgc1gfJlIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTY5NjIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCxgw
DQYJKoZIhvcNAQELBQADggEBAJtH6szVddE0xMJtaqEFGkc/oLBKVvCk9BbN/2XT
b2owIxG0qycIrkfLjg0S25fHf9Ii4x/QBb2FJUW54exXoBZW/8W9MdIMSWKXlAY5
0EPAhtTl/uhMW1UtDmIiC6IDj5TOhmZ9JVcoDSsB6+KBsUxs673kMW4qT7F5qGlO
8qatt3aAZW4pyGrUeVLN6Uqx/hxmMpXi0YxY7EA9hqvegdwnE1n+KoIXgKEx+360
YaXT6LNcKV32u26QMWohs17W2SVtx0AsxaquVZz+rAUpfu8HKw7KDze/UUXAzlEv
s9E8g5MCWQLu0xTi0SH5AKKcliaF1BUGiGNIfgXtZvUy9NI=
-----END CERTIFICATE-----