Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa
File:                     AS9087.roa (raw, json)
Hash identifier:          vHLLRlhDMi2z1plplcT1qGm+cfxMtdTsYxXHcjnaTBg=
Subject key identifier:   DF:6E:1C:8F:BF:C9:41:E4:1C:7D:2A:0A:49:52:0E:5F:01:44:5F:03
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2212C8BA8BFBC0757A7A6715D66D9D33E3923053
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa
Signing time:             Sat 16 Dec 2023 10:42:48 +0000
ROA not before:           Sat 16 Dec 2023 10:37:48 +0000
ROA not after:            Sat 14 Dec 2024 10:42:48 +0000
asID:                     9087
IP address blocks:        141.11.170.0/23 maxlen: 23
                          141.11.224.0/23 maxlen: 24
                          141.11.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:12:c8:ba:8b:fb:c0:75:7a:7a:67:15:d6:6d:9d:33:e3:92:30:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec 16 10:37:48 2023 GMT
            Not After : Dec 14 10:42:48 2024 GMT
        Subject: CN=DF6E1C8FBFC941E41C7D2A0A49520E5F01445F03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c9:3a:1d:90:4d:d2:2c:01:ca:b6:00:2d:1d:
                    a0:61:87:92:f7:0c:2d:fb:4e:62:ed:b3:fc:6f:f3:
                    22:02:00:b3:a8:a2:9a:45:1f:62:54:e3:df:a9:fd:
                    b8:95:e5:ac:94:11:d1:6b:c8:62:fa:df:be:52:2b:
                    d0:e1:97:d8:89:d9:62:a5:66:21:53:04:21:f5:04:
                    84:f7:3e:05:7f:05:a2:84:89:17:c7:55:ca:98:12:
                    92:28:ea:e3:79:e9:dd:1d:fb:33:7d:14:fe:c1:23:
                    4c:8c:6f:62:29:90:8c:98:d0:a0:2c:44:5a:5d:6b:
                    e5:5d:b7:fd:e8:05:b4:b1:bc:a8:77:ed:87:09:0e:
                    5b:94:c1:70:7d:9a:28:bd:35:cc:68:7e:66:22:10:
                    5d:6b:d0:d6:f6:f9:8a:09:5e:28:ab:b7:26:63:b6:
                    e8:33:3d:4e:98:64:42:27:af:30:05:22:42:0d:5a:
                    62:09:a8:5d:e3:bc:7a:c6:12:b9:62:ed:84:32:7e:
                    d8:a7:8e:7b:5c:f7:a5:17:35:30:78:7a:b5:54:d4:
                    7b:ef:8f:fb:db:4b:45:59:a9:8a:d2:69:c8:29:05:
                    79:f7:35:c5:1a:2c:b0:d6:43:36:66:d6:a9:d3:15:
                    a3:2a:ed:5b:bc:10:d9:bb:b2:b5:f4:09:61:3e:f7:
                    81:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:6E:1C:8F:BF:C9:41:E4:1C:7D:2A:0A:49:52:0E:5F:01:44:5F:03
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.170.0/23
                  141.11.224.0/23
                  141.11.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:54:b3:b9:06:ed:88:4f:c8:0b:c7:b3:15:71:65:04:c6:af:
         e7:67:ef:dc:5f:42:c6:c2:a2:13:3d:f9:3a:71:f8:ad:2d:80:
         01:89:21:ad:48:f9:97:7e:de:8b:28:5a:cf:6e:e3:c5:cf:54:
         40:b6:6f:33:1f:98:22:59:51:8f:08:65:97:c1:bc:2c:44:3d:
         17:b6:f5:94:24:2a:19:2d:e2:0a:1d:c5:47:74:23:74:6a:73:
         a2:94:a1:c2:a1:40:2d:e3:a3:6c:5f:fe:08:e3:8d:72:7c:c0:
         26:4e:e1:92:08:a2:1d:17:21:07:a2:5a:73:6d:d4:11:3a:fb:
         60:d7:5e:04:1d:b4:b2:5a:b7:2e:63:6b:b2:e5:ea:c6:f3:c3:
         87:1b:10:b3:82:8f:88:55:bf:5d:7a:25:95:71:0f:70:db:0e:
         f2:78:21:99:f9:d2:b2:58:b2:f0:91:15:76:f1:31:fd:6c:58:
         56:75:ed:b5:39:ab:d1:44:7f:35:84:b2:d0:88:de:00:8f:b2:
         3c:f2:7b:f4:b0:7a:d3:bc:20:b0:61:58:03:26:e0:53:5b:41:
         6f:5a:6c:60:78:ac:97:03:62:f3:5b:84:d4:bd:b0:ac:d3:3f:
         93:40:0a:bb:4a:a5:53:43:90:b5:bb:71:07:b2:39:30:fc:ee:
         d5:01:a2:50
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUIhLIuov7wHV6emcV1m2dM+OSMFMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzEyMTYxMDM3NDhaFw0yNDEyMTQxMDQyNDhaMDMxMTAvBgNV
BAMTKERGNkUxQzhGQkZDOTQxRTQxQzdEMkEwQTQ5NTIwRTVGMDE0NDVGMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiyTodkE3SLAHKtgAtHaBhh5L3
DC37TmLts/xv8yICALOooppFH2JU49+p/biV5ayUEdFryGL6375SK9Dhl9iJ2WKl
ZiFTBCH1BIT3PgV/BaKEiRfHVcqYEpIo6uN56d0d+zN9FP7BI0yMb2IpkIyY0KAs
RFpda+Vdt/3oBbSxvKh37YcJDluUwXB9mii9NcxofmYiEF1r0Nb2+YoJXiirtyZj
tugzPU6YZEInrzAFIkINWmIJqF3jvHrGErli7YQyftinjntc96UXNTB4erVU1Hvv
j/vbS0VZqYrSacgpBXn3NcUaLLDWQzZm1qnTFaMq7Vu8ENm7srX0CWE+94GzAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQU324cj7/JQeQcfSoKSVIOXwFEXwMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTOTA4Ny5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAY0LqgME
AY0L4AMEAI0L+TANBgkqhkiG9w0BAQsFAAOCAQEALFSzuQbtiE/IC8ezFXFlBMav
52fv3F9CxsKiEz35OnH4rS2AAYkhrUj5l37eiyhaz27jxc9UQLZvMx+YIllRjwhl
l8G8LEQ9F7b1lCQqGS3iCh3FR3QjdGpzopShwqFALeOjbF/+COONcnzAJk7hkgii
HRchB6Jac23UETr7YNdeBB20slq3LmNrsuXqxvPDhxsQs4KPiFW/XXollXEPcNsO
8nghmfnSsliy8JEVdvEx/WxYVnXttTmr0UR/NYSy0IjeAI+yPPJ79LB607wgsGFY
AybgU1tBb1psYHislwNi81uE1L2wrNM/k0AKu0qlU0OQtbtxB7I5MPzu1QGiUA==
-----END CERTIFICATE-----