Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa
File:                     AS60949.roa (raw, json)
Hash identifier:          etOxITuKb5V5wbzE/lfN5NKX8JjP36EJv+6yc/CAc5Y=
Subject key identifier:   BB:C0:D5:8A:B3:0F:F2:1C:16:C2:3E:3E:6E:CA:A5:7E:9C:37:0B:3E
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       40A334150F206525E295AAE047A1A862B9FCEBA9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa
Signing time:             Wed 29 Jan 2025 13:39:18 +0000
ROA not before:           Wed 29 Jan 2025 13:34:18 +0000
ROA not after:            Wed 28 Jan 2026 13:39:18 +0000
asID:                     60949
IP address blocks:        141.11.28.0/24 maxlen: 24
                          141.11.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:43:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:a3:34:15:0f:20:65:25:e2:95:aa:e0:47:a1:a8:62:b9:fc:eb:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan 29 13:34:18 2025 GMT
            Not After : Jan 28 13:39:18 2026 GMT
        Subject: CN=BBC0D58AB30FF21C16C23E3E6ECAA57E9C370B3E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6d:b8:65:bc:61:74:ce:00:af:16:1e:9d:5f:
                    01:4d:d7:68:4e:56:a9:9d:51:a2:84:34:14:13:3e:
                    8f:da:fe:59:e8:e7:e6:4f:05:e1:84:83:9b:54:9a:
                    67:bf:4e:c1:e1:0e:d4:2b:78:c4:91:7c:ac:f1:24:
                    fd:47:9e:44:eb:8f:e3:39:be:72:99:ba:ba:a3:12:
                    2d:cd:50:23:e7:06:62:89:af:db:07:dd:06:b4:e1:
                    43:04:5d:a6:bb:d5:af:4e:63:6a:53:74:ea:0f:84:
                    39:b4:66:2c:42:74:79:b3:ae:34:86:7e:ff:db:0d:
                    45:c2:62:f7:68:3c:4c:1f:62:d1:ed:0b:73:3a:d2:
                    cf:0c:c3:2b:61:af:41:38:14:8f:6a:58:89:51:15:
                    34:87:34:01:3d:8d:58:a1:71:ab:5a:ba:25:75:fb:
                    ad:db:7a:a4:37:99:6b:74:fe:26:df:9b:7b:b5:67:
                    85:b8:69:3f:8d:7e:b1:84:a0:f1:fb:13:73:df:8b:
                    fb:75:b5:af:32:1f:8b:88:cd:38:9d:3a:7d:4f:f9:
                    bb:a0:83:e5:e7:58:86:3c:e8:30:8a:5f:75:b5:3b:
                    80:26:b8:7f:c2:a7:7d:8d:c9:8b:f8:58:5a:e4:88:
                    d9:8c:e7:0d:0b:ab:47:cf:30:b8:b6:1c:e0:8e:24:
                    49:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C0:D5:8A:B3:0F:F2:1C:16:C2:3E:3E:6E:CA:A5:7E:9C:37:0B:3E
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS60949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.28.0/24
                  141.11.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:e1:a8:37:d9:28:be:98:4a:49:d1:f5:5b:98:6d:8b:c8:89:
         73:44:62:f4:25:c1:e4:db:f9:70:68:ee:36:37:3a:48:ae:06:
         01:3b:dd:2b:a8:ca:a1:86:7e:bf:eb:d9:30:48:68:a9:83:7a:
         b6:32:2b:ee:73:44:f5:5f:2d:9a:35:98:b8:c4:12:f9:7d:ea:
         36:28:ad:a6:dc:64:70:ca:c0:10:f3:24:31:bc:9f:ee:47:76:
         8e:60:63:b7:3d:95:4a:21:84:24:6a:88:7a:0c:84:26:cc:7b:
         32:3c:d4:48:0b:87:6d:16:30:95:b2:1d:1e:8b:3a:34:a9:43:
         6f:10:d1:8a:66:a2:87:0f:c2:b2:fe:19:a9:cd:79:4a:cb:8d:
         de:d3:01:f2:af:ff:16:6b:26:ad:67:03:13:cb:62:a3:b5:a1:
         a3:ac:bf:d3:b1:43:83:91:d8:12:d7:9b:a6:0d:14:c3:12:a8:
         9c:58:aa:7f:96:a7:f0:9a:42:38:6b:2b:df:74:e6:62:83:d2:
         28:51:d9:c2:bf:ee:c8:25:b7:e8:fa:83:92:2d:e1:1b:44:12:
         1a:08:5b:dd:08:f6:11:5d:1a:a0:a5:64:64:fd:50:86:ec:1b:
         7b:46:c8:17:68:a7:14:52:4a:bb:5a:f9:c5:c0:94:6c:ce:a6:
         85:dd:15:df
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUQKM0FQ8gZSXilargR6GoYrn866kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAxMjkxMzM0MThaFw0yNjAxMjgxMzM5MThaMDMxMTAvBgNV
BAMTKEJCQzBENThBQjMwRkYyMUMxNkMyM0UzRTZFQ0FBNTdFOUMzNzBCM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFbbhlvGF0zgCvFh6dXwFN12hO
VqmdUaKENBQTPo/a/lno5+ZPBeGEg5tUmme/TsHhDtQreMSRfKzxJP1HnkTrj+M5
vnKZurqjEi3NUCPnBmKJr9sH3Qa04UMEXaa71a9OY2pTdOoPhDm0ZixCdHmzrjSG
fv/bDUXCYvdoPEwfYtHtC3M60s8Mwythr0E4FI9qWIlRFTSHNAE9jVihcatauiV1
+63beqQ3mWt0/ibfm3u1Z4W4aT+NfrGEoPH7E3Pfi/t1ta8yH4uIzTidOn1P+bug
g+XnWIY86DCKX3W1O4AmuH/Cp32NyYv4WFrkiNmM5w0Lq0fPMLi2HOCOJEnRAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUu8DVirMP8hwWwj4+bsqlfpw3Cz4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNjA5NDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCxwD
BACNC2owDQYJKoZIhvcNAQELBQADggEBANfhqDfZKL6YSknR9VuYbYvIiXNEYvQl
weTb+XBo7jY3OkiuBgE73SuoyqGGfr/r2TBIaKmDerYyK+5zRPVfLZo1mLjEEvl9
6jYorabcZHDKwBDzJDG8n+5Hdo5gY7c9lUohhCRqiHoMhCbMezI81EgLh20WMJWy
HR6LOjSpQ28Q0YpmoocPwrL+GanNeUrLjd7TAfKv/xZrJq1nAxPLYqO1oaOsv9Ox
Q4OR2BLXm6YNFMMSqJxYqn+Wp/CaQjhrK9905mKD0ihR2cK/7sglt+j6g5It4RtE
EhoIW90I9hFdGqClZGT9UIbsG3tGyBdopxRSSrta+cXAlGzOpoXdFd8=
-----END CERTIFICATE-----