Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa
File:                     AS9087.roa (raw, json)
Hash identifier:          Vjoz8z0LPh5taAF32mKV0U1UvqzrnLqvhNu2q8W5EUQ=
Subject key identifier:   01:3F:40:42:7E:57:4F:53:F7:EF:08:2E:E1:C2:04:FE:68:CB:B1:C4
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       176C17E2ED86877BE4F8B5011E78E49FB417DEB9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa
Signing time:             Sat 16 Nov 2024 10:43:28 +0000
ROA not before:           Sat 16 Nov 2024 10:38:28 +0000
ROA not after:            Sat 15 Nov 2025 10:43:28 +0000
asID:                     9087
IP address blocks:        141.11.170.0/23 maxlen: 23
                          141.11.224.0/23 maxlen: 24
                          141.11.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:6c:17:e2:ed:86:87:7b:e4:f8:b5:01:1e:78:e4:9f:b4:17:de:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 16 10:38:28 2024 GMT
            Not After : Nov 15 10:43:28 2025 GMT
        Subject: CN=013F40427E574F53F7EF082EE1C204FE68CBB1C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c9:b1:8a:1c:46:19:eb:18:69:2b:40:1b:21:
                    57:d8:3e:87:58:d6:1f:2a:96:ba:02:f1:2d:01:b5:
                    9d:dc:45:39:40:91:3a:3d:df:fe:2d:46:52:ed:e7:
                    68:4c:cb:f2:53:87:d1:d3:2d:3a:ea:3c:7e:44:41:
                    7b:ba:7e:2d:22:f2:41:33:ed:f2:5d:57:6d:2d:01:
                    78:3e:91:11:d4:4b:7f:d0:63:bb:25:28:29:00:84:
                    68:05:f7:38:c2:05:4e:4a:1d:fc:17:e5:1b:10:47:
                    12:17:fc:fd:1d:3c:84:44:6a:68:82:c0:27:77:2f:
                    37:25:f9:1c:89:40:55:ae:46:fc:5f:f0:17:a6:7b:
                    a6:6d:57:bd:85:11:02:4e:80:60:c3:f0:95:98:e9:
                    8f:ba:0e:19:ed:98:bd:81:b1:50:82:49:0e:78:cc:
                    90:95:84:78:98:1a:86:fb:49:69:83:28:f4:e9:d6:
                    98:c7:9f:7c:78:f4:84:e3:6a:2a:88:ac:b0:10:be:
                    8c:50:22:9d:46:af:a3:3b:b1:1c:ad:53:38:aa:36:
                    35:ca:fc:81:02:cb:09:9c:c2:4e:59:73:f8:6d:a7:
                    c3:61:4e:87:6d:7c:3d:60:3d:4a:b4:0a:e7:e8:00:
                    6d:65:35:de:db:e1:4e:74:29:31:ac:2b:0a:35:81:
                    b1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:3F:40:42:7E:57:4F:53:F7:EF:08:2E:E1:C2:04:FE:68:CB:B1:C4
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.170.0/23
                  141.11.224.0/23
                  141.11.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:1f:bc:fe:c2:62:3d:c0:75:25:c2:09:d8:e0:82:40:3f:74:
         c7:5d:d3:38:cc:17:99:5d:76:56:52:5f:af:d7:ac:40:eb:72:
         e3:0d:a2:e2:eb:0d:c3:9c:e1:0b:07:3b:61:bb:df:43:e2:d8:
         fd:63:88:37:a1:a9:61:7c:f6:f3:6c:43:79:5d:b9:d3:51:68:
         45:19:3d:1c:ee:0b:b4:7d:9e:03:47:40:71:69:b1:c5:88:0d:
         54:ed:59:2c:1b:c8:41:8f:72:b3:ae:64:09:5a:15:39:18:e0:
         53:30:6f:c9:bf:0b:a4:93:75:b5:ff:c1:a0:31:74:84:f1:78:
         4c:04:0b:52:4e:c4:95:2a:5a:58:c6:03:e4:ae:5e:4a:aa:b4:
         db:fd:ff:53:95:27:5c:99:c2:4d:77:89:97:c5:48:4b:9d:45:
         0b:ca:a6:40:10:5a:e6:84:94:35:a3:a0:37:45:8e:1a:06:c5:
         b4:63:d5:ba:4c:06:56:bd:c3:ae:27:25:5d:19:84:53:ae:41:
         93:57:4e:b8:e5:45:b4:72:ab:f7:0c:21:58:55:ec:04:dc:14:
         cf:27:e9:75:81:4f:e8:df:99:b8:ec:99:f1:55:68:c5:cd:ef:
         8a:87:cf:06:79:14:48:fb:84:bd:c7:2c:1a:ee:92:85:69:91:
         e5:a6:94:1a
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUF2wX4u2Gh3vk+LUBHnjkn7QX3rkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDExMTYxMDM4MjhaFw0yNTExMTUxMDQzMjhaMDMxMTAvBgNV
BAMTKDAxM0Y0MDQyN0U1NzRGNTNGN0VGMDgyRUUxQzIwNEZFNjhDQkIxQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVybGKHEYZ6xhpK0AbIVfYPodY
1h8qlroC8S0BtZ3cRTlAkTo93/4tRlLt52hMy/JTh9HTLTrqPH5EQXu6fi0i8kEz
7fJdV20tAXg+kRHUS3/QY7slKCkAhGgF9zjCBU5KHfwX5RsQRxIX/P0dPIREamiC
wCd3Lzcl+RyJQFWuRvxf8Beme6ZtV72FEQJOgGDD8JWY6Y+6DhntmL2BsVCCSQ54
zJCVhHiYGob7SWmDKPTp1pjHn3x49ITjaiqIrLAQvoxQIp1Gr6M7sRytUziqNjXK
/IECywmcwk5Zc/htp8NhTodtfD1gPUq0CufoAG1lNd7b4U50KTGsKwo1gbGhAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUAT9AQn5XT1P37wgu4cIE/mjLscQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTOTA4Ny5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAY0LqgME
AY0L4AMEAI0L+TANBgkqhkiG9w0BAQsFAAOCAQEAMR+8/sJiPcB1JcIJ2OCCQD90
x13TOMwXmV12VlJfr9esQOty4w2i4usNw5zhCwc7YbvfQ+LY/WOIN6GpYXz282xD
eV2501FoRRk9HO4LtH2eA0dAcWmxxYgNVO1ZLBvIQY9ys65kCVoVORjgUzBvyb8L
pJN1tf/BoDF0hPF4TAQLUk7ElSpaWMYD5K5eSqq02/3/U5UnXJnCTXeJl8VIS51F
C8qmQBBa5oSUNaOgN0WOGgbFtGPVukwGVr3DriclXRmEU65Bk1dOuOVFtHKr9wwh
WFXsBNwUzyfpdYFP6N+ZuOyZ8VVoxc3viofPBnkUSPuEvccsGu6ShWmR5aaUGg==
-----END CERTIFICATE-----