Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa
File:                     AS60949.roa (raw, json)
Hash identifier:          tTEkkskEPXtOrsofGB/xJaahgU6YW5hHHwzZDx2wAwE=
Subject key identifier:   C4:28:1D:15:1D:00:2F:B0:90:D5:9F:40:32:19:0E:B4:12:B5:86:A2
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0545F02310E94F23963AA2947BF005528FC3CB13
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa
Signing time:             Tue 29 Oct 2024 18:43:26 +0000
ROA not before:           Tue 29 Oct 2024 18:38:26 +0000
ROA not after:            Tue 28 Oct 2025 18:43:26 +0000
asID:                     60949
IP address blocks:        141.11.28.0/24 maxlen: 24
                          141.11.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:45:f0:23:10:e9:4f:23:96:3a:a2:94:7b:f0:05:52:8f:c3:cb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 18:38:26 2024 GMT
            Not After : Oct 28 18:43:26 2025 GMT
        Subject: CN=C4281D151D002FB090D59F4032190EB412B586A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:57:1f:ed:66:a4:7b:c5:29:3e:b3:1e:23:28:
                    2a:eb:e8:b5:c9:4b:28:52:0c:ba:01:3e:ca:d0:5d:
                    3c:f3:7e:ee:69:18:a9:e8:6b:df:f7:fd:34:79:00:
                    9e:0f:24:4f:17:b5:4b:7a:37:08:df:80:7f:1c:1c:
                    32:36:b4:aa:17:08:b0:7f:c2:ce:c5:9a:89:a0:64:
                    a0:ea:ec:31:cf:08:d8:d7:a4:81:99:eb:fd:b9:38:
                    64:e0:32:8e:43:fe:49:41:54:27:80:5e:27:5e:99:
                    31:6e:7d:33:37:67:3a:e9:28:9a:ad:68:89:ed:9b:
                    be:ed:52:15:bb:0b:83:19:51:51:cf:cb:dc:63:c6:
                    b2:0f:c0:e9:10:de:3a:34:7b:e7:1a:a1:35:f5:4b:
                    d3:44:9b:f6:07:e4:67:09:99:89:a8:03:54:2a:de:
                    8d:b6:8c:17:0d:30:41:cf:01:5b:ce:07:b3:f2:b3:
                    81:71:83:26:dc:c3:fd:11:b3:29:46:fe:c7:34:1b:
                    46:1c:4a:f6:6d:b5:cb:23:ad:3c:54:ba:df:83:ca:
                    00:fd:67:be:dd:41:6e:42:24:50:61:91:4f:2b:7a:
                    35:44:6f:e3:55:5e:4b:16:2f:1e:9d:58:61:52:92:
                    df:8f:28:29:a7:49:e7:56:3c:49:62:a3:01:34:d1:
                    e9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:28:1D:15:1D:00:2F:B0:90:D5:9F:40:32:19:0E:B4:12:B5:86:A2
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.28.0/24
                  141.11.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:3b:0d:f4:be:52:b0:02:10:f2:53:72:f3:e2:9a:32:1e:e2:
         47:54:22:a0:40:96:cf:b5:23:d9:03:a9:6f:5f:1b:92:a5:56:
         64:ce:61:7c:66:ed:cd:86:e9:41:db:59:da:2c:eb:f8:b3:aa:
         f1:74:d1:de:82:8c:cc:41:cc:59:23:79:dc:fb:83:3d:12:ae:
         f3:90:66:3b:72:10:c4:15:80:d7:ad:e4:e6:9c:b9:45:52:8d:
         45:30:e2:58:fd:4b:6f:86:4d:0e:b2:96:fe:16:49:1d:5f:1f:
         aa:46:11:ae:75:84:69:8c:97:14:2d:58:66:6b:ea:92:26:7d:
         d9:11:18:62:e1:5b:88:05:32:bd:7a:94:0d:6c:e4:c8:18:14:
         6a:2d:52:12:37:09:06:e2:7b:d2:b4:65:67:ae:e9:71:5a:8a:
         fd:af:7e:5d:36:b6:4c:7e:97:79:7f:82:08:44:73:6e:b0:62:
         93:cc:4e:81:11:e4:70:cc:0f:31:ac:b8:96:56:8f:ef:c3:ea:
         d8:df:30:56:12:a4:29:14:41:75:ba:06:9f:b6:fb:df:f3:30:
         58:da:89:bf:31:20:a7:a0:68:b4:f6:52:2a:c9:79:0a:08:ca:
         2f:9b:46:5f:db:07:b2:0f:f9:01:e3:25:91:a8:50:3e:7b:a0:
         09:47:72:65
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUBUXwIxDpTyOWOqKUe/AFUo/DyxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxODM4MjZaFw0yNTEwMjgxODQzMjZaMDMxMTAvBgNV
BAMTKEM0MjgxRDE1MUQwMDJGQjA5MEQ1OUY0MDMyMTkwRUI0MTJCNTg2QTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMVx/tZqR7xSk+sx4jKCrr6LXJ
SyhSDLoBPsrQXTzzfu5pGKnoa9/3/TR5AJ4PJE8XtUt6NwjfgH8cHDI2tKoXCLB/
ws7FmomgZKDq7DHPCNjXpIGZ6/25OGTgMo5D/klBVCeAXidemTFufTM3ZzrpKJqt
aIntm77tUhW7C4MZUVHPy9xjxrIPwOkQ3jo0e+caoTX1S9NEm/YH5GcJmYmoA1Qq
3o22jBcNMEHPAVvOB7Pys4Fxgybcw/0RsylG/sc0G0YcSvZttcsjrTxUut+DygD9
Z77dQW5CJFBhkU8rejVEb+NVXksWLx6dWGFSkt+PKCmnSedWPEliowE00enrAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUxCgdFR0AL7CQ1Z9AMhkOtBK1hqIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNjA5NDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCxwD
BACNC2owDQYJKoZIhvcNAQELBQADggEBAAM7DfS+UrACEPJTcvPimjIe4kdUIqBA
ls+1I9kDqW9fG5KlVmTOYXxm7c2G6UHbWdos6/izqvF00d6CjMxBzFkjedz7gz0S
rvOQZjtyEMQVgNet5OacuUVSjUUw4lj9S2+GTQ6ylv4WSR1fH6pGEa51hGmMlxQt
WGZr6pImfdkRGGLhW4gFMr16lA1s5MgYFGotUhI3CQbie9K0ZWeu6XFaiv2vfl02
tkx+l3l/gghEc26wYpPMToER5HDMDzGsuJZWj+/D6tjfMFYSpCkUQXW6Bp+2+9/z
MFjaib8xIKegaLT2UirJeQoIyi+bRl/bB7IP+QHjJZGoUD57oAlHcmU=
-----END CERTIFICATE-----