Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa
File:                     AS60949.roa (raw, json)
Hash identifier:          dp/RQW/q7nTGrsCFBYQt9jQQVQb+UWnrlCfL9WJXKH4=
Subject key identifier:   CD:58:DB:09:86:10:63:FD:94:5E:C4:FD:00:E1:74:53:5F:E4:C6:41
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3376CAB275893A064E7BE6636271278A88617E9F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa
Signing time:             Tue 28 Nov 2023 18:03:45 +0000
ROA not before:           Tue 28 Nov 2023 17:58:45 +0000
ROA not after:            Tue 26 Nov 2024 18:03:45 +0000
asID:                     60949
IP address blocks:        141.11.28.0/24 maxlen: 24
                          141.11.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:76:ca:b2:75:89:3a:06:4e:7b:e6:63:62:71:27:8a:88:61:7e:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 17:58:45 2023 GMT
            Not After : Nov 26 18:03:45 2024 GMT
        Subject: CN=CD58DB09861063FD945EC4FD00E174535FE4C641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:17:74:59:9e:5a:1c:a2:01:33:50:66:21:97:
                    c2:be:d5:e7:fa:eb:c9:0b:ba:a0:d8:b6:89:e6:70:
                    f2:cc:d9:e9:75:14:1a:1c:f4:ff:d6:23:ba:79:85:
                    98:36:ff:e6:8c:63:d7:2a:e7:f6:aa:9e:a4:87:9c:
                    c3:3e:77:95:c5:d6:3d:0d:ed:f4:3d:22:db:4a:15:
                    11:d4:cb:af:9a:de:40:c7:9b:63:9c:a5:1b:bf:1b:
                    6e:43:32:59:f7:fd:ae:eb:65:31:4c:11:1a:49:96:
                    9d:92:cf:98:09:6a:d5:8e:ab:88:65:aa:e5:b0:64:
                    95:15:ef:14:6f:01:a7:82:34:3e:ee:39:0c:40:25:
                    00:9d:ae:92:52:a0:ce:c5:ca:96:38:fa:3f:75:7a:
                    f0:65:cb:c0:31:40:91:8a:48:e4:61:6a:f5:28:4c:
                    a6:e1:4b:1c:18:87:e6:f8:ab:c3:16:d5:5c:f2:ba:
                    60:2b:c2:51:a5:8b:64:05:60:1f:0e:60:f1:12:e6:
                    31:7e:78:70:8c:ea:91:b4:f3:68:e7:dc:3d:a9:88:
                    01:cb:3c:59:dc:88:0b:24:e1:a9:40:a2:91:ba:b8:
                    d3:ee:7d:70:c4:4a:94:8d:06:b3:04:49:2b:ce:cf:
                    9a:8c:b1:fe:eb:ad:85:31:58:59:85:f2:4a:b0:93:
                    51:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:58:DB:09:86:10:63:FD:94:5E:C4:FD:00:E1:74:53:5F:E4:C6:41
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.28.0/24
                  141.11.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:36:67:a7:78:c1:fd:b4:10:d9:43:00:33:be:6a:7b:89:63:
         49:bf:78:d6:8a:44:4c:bd:e1:ba:91:09:00:81:b2:f0:af:8c:
         29:f1:c3:5b:43:d0:53:3e:96:7d:ef:f5:d4:2b:85:fc:ca:c1:
         8f:66:dd:9a:15:aa:ff:53:d1:cc:93:60:28:f2:35:7e:9a:91:
         74:ee:69:c2:34:c3:b3:fe:31:eb:3d:24:3b:8a:0c:4c:a9:56:
         b4:89:e9:62:4c:9f:ec:96:8a:71:18:b2:82:90:82:49:3f:8a:
         8b:13:75:5b:50:3a:2e:94:b6:a3:15:89:09:8a:0d:c2:ee:2c:
         1a:18:ff:21:2c:31:62:10:1c:84:5b:f5:61:cf:6e:8d:d5:54:
         f7:4a:1c:32:5e:30:b8:d0:12:c1:37:55:01:22:55:ec:25:98:
         67:8f:4e:a5:fd:96:97:12:79:ea:4e:bf:43:d7:c9:6e:d7:b5:
         a0:61:7a:75:a5:53:82:de:01:74:d2:11:1f:21:e7:cd:65:38:
         1b:75:51:58:b6:d5:02:a8:9a:89:f6:68:93:e4:3e:a5:24:4e:
         bf:0c:f7:6f:a9:ae:fa:1d:c7:13:6d:b6:94:68:8f:21:87:cc:
         d9:09:39:1f:94:06:21:d4:d8:07:57:81:f4:b5:6c:78:09:68:
         a2:b4:8d:1c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUM3bKsnWJOgZOe+ZjYnEniohhfp8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNzU4NDVaFw0yNDExMjYxODAzNDVaMDMxMTAvBgNV
BAMTKENENThEQjA5ODYxMDYzRkQ5NDVFQzRGRDAwRTE3NDUzNUZFNEM2NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzF3RZnlocogEzUGYhl8K+1ef6
68kLuqDYtonmcPLM2el1FBoc9P/WI7p5hZg2/+aMY9cq5/aqnqSHnMM+d5XF1j0N
7fQ9IttKFRHUy6+a3kDHm2OcpRu/G25DMln3/a7rZTFMERpJlp2Sz5gJatWOq4hl
quWwZJUV7xRvAaeCND7uOQxAJQCdrpJSoM7FypY4+j91evBly8AxQJGKSORhavUo
TKbhSxwYh+b4q8MW1VzyumArwlGli2QFYB8OYPES5jF+eHCM6pG082jn3D2piAHL
PFnciAsk4alAopG6uNPufXDESpSNBrMESSvOz5qMsf7rrYUxWFmF8kqwk1ETAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUzVjbCYYQY/2UXsT9AOF0U1/kxkEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNjA5NDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCxwD
BACNC2owDQYJKoZIhvcNAQELBQADggEBABU2Z6d4wf20ENlDADO+anuJY0m/eNaK
REy94bqRCQCBsvCvjCnxw1tD0FM+ln3v9dQrhfzKwY9m3ZoVqv9T0cyTYCjyNX6a
kXTuacI0w7P+Mes9JDuKDEypVrSJ6WJMn+yWinEYsoKQgkk/iosTdVtQOi6UtqMV
iQmKDcLuLBoY/yEsMWIQHIRb9WHPbo3VVPdKHDJeMLjQEsE3VQEiVewlmGePTqX9
lpcSeepOv0PXyW7XtaBhenWlU4LeAXTSER8h581lOBt1UVi21QKomon2aJPkPqUk
Tr8M92+prvodxxNttpRojyGHzNkJOR+UBiHU2AdXgfS1bHgJaKK0jRw=
-----END CERTIFICATE-----