Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa
File:                     AS9009.roa (raw, json)
Hash identifier:          mini7/Nj477/gUHrxyRTyDOvKcNdEP6bUWb8EDQTuoA=
Subject key identifier:   C2:73:EE:DC:6C:D9:72:6B:F5:34:87:5F:DE:8E:DD:1D:67:DA:5E:23
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       420965039D8773694B4A34CA6A47269BAB9099DA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa
Signing time:             Mon 13 May 2024 12:38:01 +0000
ROA not before:           Mon 13 May 2024 12:33:01 +0000
ROA not after:            Mon 12 May 2025 12:38:01 +0000
asID:                     9009
IP address blocks:        141.11.18.0/24 maxlen: 24
                          141.11.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:09:65:03:9d:87:73:69:4b:4a:34:ca:6a:47:26:9b:ab:90:99:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 13 12:33:01 2024 GMT
            Not After : May 12 12:38:01 2025 GMT
        Subject: CN=C273EEDC6CD9726BF534875FDE8EDD1D67DA5E23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fa:b9:6d:43:39:00:58:39:38:47:b8:ca:bd:
                    39:f1:33:3a:e8:59:ca:e0:cf:26:75:40:34:71:91:
                    6f:76:ac:a9:02:9c:51:a6:ef:8a:f2:cf:d7:f9:d7:
                    e4:12:55:67:0d:00:0c:f1:6b:cb:60:cb:2b:cd:80:
                    ee:82:58:e0:88:05:33:e0:f9:45:c0:88:a2:3f:37:
                    bc:68:1e:88:9f:1c:52:39:3f:7b:6b:08:ab:f3:87:
                    0f:63:2e:bf:22:da:0a:6f:6f:27:29:83:f4:41:d1:
                    e3:30:79:99:aa:a9:e6:a7:5a:c2:75:9a:c4:c3:2d:
                    58:0c:9a:24:6a:36:61:a6:d0:78:ed:d6:20:2d:d0:
                    6a:84:ad:d5:d5:95:9d:52:c1:c3:9c:b8:9f:18:67:
                    dc:d7:82:61:36:a5:ab:f6:e4:79:eb:8e:34:d2:31:
                    33:b6:42:73:38:6b:5b:35:53:d3:9e:96:40:b3:2e:
                    37:5a:df:47:d0:d3:ce:e7:fa:d4:29:1f:72:b3:05:
                    bd:30:7f:31:75:79:ea:ce:96:4d:46:da:bb:e6:67:
                    c3:7f:b3:de:dc:f0:5d:13:c3:fb:d5:d7:53:88:b5:
                    15:55:3b:19:f5:5b:98:f0:21:66:d7:0c:af:24:54:
                    a0:96:02:20:36:46:d5:a5:d5:16:16:22:54:7e:b3:
                    ba:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:73:EE:DC:6C:D9:72:6B:F5:34:87:5F:DE:8E:DD:1D:67:DA:5E:23
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.18.0/24
                  141.11.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:24:14:2a:1f:88:ec:1d:c3:a6:2c:b6:aa:ed:9f:ab:3d:57:
         b6:d3:be:8d:86:56:de:68:d5:cc:7d:3a:0d:ae:9f:f7:5d:3b:
         39:f0:c3:e9:7a:e4:d7:ba:93:d3:f2:5e:b9:5b:dd:3c:a1:f2:
         af:9d:b0:57:40:8c:f3:dd:06:84:e2:0d:7a:7f:00:f3:98:58:
         61:a4:f4:78:d1:46:f2:3a:db:cd:2a:12:0a:a1:3f:f3:af:b3:
         1e:a6:00:ba:b5:78:4f:17:1a:1e:81:92:8e:cb:be:65:24:3f:
         4d:82:19:4b:fe:61:47:a8:0e:aa:5d:5a:a8:68:1d:b8:3b:97:
         f4:fb:c5:c9:7f:87:24:23:09:48:30:08:a0:a7:89:26:37:1a:
         4c:60:e9:f1:45:48:ec:4e:81:fc:de:46:09:2f:c7:88:7c:9c:
         ed:e5:d1:13:44:91:cb:20:73:a8:b6:bb:9b:f5:9e:94:5e:7b:
         d6:c0:6e:f1:85:e2:ae:ec:3f:9f:e1:b0:4d:30:be:c0:b8:65:
         b7:c5:ac:06:ec:cc:5d:e9:33:0a:a0:11:62:bd:20:52:3f:79:
         02:8a:bc:ae:d3:33:b1:75:17:37:2a:ca:16:66:d8:19:95:2b:
         82:f6:23:84:4d:26:05:ea:84:75:93:9c:7a:72:0e:1a:49:a4:
         8b:ef:0a:b4
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUQgllA52Hc2lLSjTKakcmm6uQmdowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA1MTMxMjMzMDFaFw0yNTA1MTIxMjM4MDFaMDMxMTAvBgNV
BAMTKEMyNzNFRURDNkNEOTcyNkJGNTM0ODc1RkRFOEVERDFENjdEQTVFMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj+rltQzkAWDk4R7jKvTnxMzro
WcrgzyZ1QDRxkW92rKkCnFGm74ryz9f51+QSVWcNAAzxa8tgyyvNgO6CWOCIBTPg
+UXAiKI/N7xoHoifHFI5P3trCKvzhw9jLr8i2gpvbycpg/RB0eMweZmqqeanWsJ1
msTDLVgMmiRqNmGm0Hjt1iAt0GqErdXVlZ1SwcOcuJ8YZ9zXgmE2pav25HnrjjTS
MTO2QnM4a1s1U9OelkCzLjda30fQ087n+tQpH3KzBb0wfzF1eerOlk1G2rvmZ8N/
s97c8F0Tw/vV11OItRVVOxn1W5jwIWbXDK8kVKCWAiA2RtWl1RYWIlR+s7p/AgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUwnPu3GzZcmv1NIdf3o7dHWfaXiMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAI0LEgME
AI0LYDANBgkqhkiG9w0BAQsFAAOCAQEAMyQUKh+I7B3Dpiy2qu2fqz1XttO+jYZW
3mjVzH06Da6f9107OfDD6Xrk17qT0/JeuVvdPKHyr52wV0CM890GhOINen8A85hY
YaT0eNFG8jrbzSoSCqE/86+zHqYAurV4TxcaHoGSjsu+ZSQ/TYIZS/5hR6gOql1a
qGgduDuX9PvFyX+HJCMJSDAIoKeJJjcaTGDp8UVI7E6B/N5GCS/HiHyc7eXRE0SR
yyBzqLa7m/WelF571sBu8YXiruw/n+GwTTC+wLhlt8WsBuzMXekzCqARYr0gUj95
Aoq8rtMzsXUXNyrKFmbYGZUrgvYjhE0mBeqEdZOcenIOGkmki+8KtA==
-----END CERTIFICATE-----