Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9232.roa
File:                     AS9232.roa (raw, json)
Hash identifier:          e8f3zgtxXNgX5kcSJSAbxEXwuZf3/M0O3ESenYcRt8A=
Subject key identifier:   F7:1A:7D:3D:36:6B:BF:0D:36:C6:D0:EF:1C:15:86:5B:9E:96:34:13
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1764E61D4055F19D4E38CE70D00A4420CEFFE0E5
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9232.roa
Signing time:             Wed 26 Mar 2025 07:43:42 +0000
ROA not before:           Wed 26 Mar 2025 07:38:42 +0000
ROA not after:            Wed 25 Mar 2026 07:43:42 +0000
asID:                     9232
IP address blocks:        141.11.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:64:e6:1d:40:55:f1:9d:4e:38:ce:70:d0:0a:44:20:ce:ff:e0:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 26 07:38:42 2025 GMT
            Not After : Mar 25 07:43:42 2026 GMT
        Subject: CN=F71A7D3D366BBF0D36C6D0EF1C15865B9E963413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:60:43:f9:82:d0:59:69:14:c9:0a:50:e9:34:
                    ea:1c:a9:9e:c1:fd:36:4a:fb:1e:cb:ec:21:6b:86:
                    dc:43:44:f7:01:a5:9a:99:ea:0e:67:08:bf:07:ca:
                    8e:a8:ef:e6:89:d0:f6:e6:e4:de:51:69:8d:73:79:
                    60:95:6c:b2:93:fc:b4:ed:aa:2c:16:b1:6c:7d:e2:
                    d9:05:47:cd:17:71:82:87:93:ee:b5:90:e0:bf:6b:
                    5f:cb:bd:48:c6:18:34:5c:9b:09:18:78:d2:88:59:
                    d4:a5:24:8e:2b:c8:b8:0b:a7:a5:ab:ba:59:6c:2d:
                    38:ef:c8:18:6f:a2:d1:69:22:d7:1d:a0:87:d8:cd:
                    6c:96:5f:f1:30:4e:35:32:19:fc:a5:c3:3a:eb:e6:
                    3c:d4:5c:fe:5a:ec:e7:cc:4d:a5:16:6d:98:ce:2e:
                    01:8d:3b:22:b3:38:3d:28:d7:6a:43:44:57:d5:52:
                    42:b8:f5:7e:c5:f6:a5:3c:3c:3d:5a:04:2e:9c:26:
                    e8:88:8b:98:da:13:57:27:ad:ab:46:88:f5:f9:50:
                    a2:11:ce:43:c0:39:f4:b0:ae:74:63:5f:d2:ed:72:
                    f2:0f:fe:b4:13:70:eb:5f:ff:6b:55:c3:e5:fa:36:
                    f5:d1:5d:5e:4f:0d:4d:e2:a3:aa:24:43:20:6e:78:
                    6a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:1A:7D:3D:36:6B:BF:0D:36:C6:D0:EF:1C:15:86:5B:9E:96:34:13
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:3f:00:fc:03:38:43:c9:c8:d2:4d:4c:49:ba:28:06:ed:84:
         18:4c:7c:75:3e:c6:1c:b7:c5:5e:50:1f:58:53:8b:ec:01:d3:
         46:6e:ae:c6:47:90:bf:1e:41:81:72:45:d3:d1:ee:4f:e1:58:
         58:77:9b:e8:8c:85:d4:2e:91:a8:6c:68:a5:1a:27:5e:a8:16:
         83:a3:7e:7e:6e:1b:bf:31:bc:bf:38:35:f6:db:20:39:ae:d3:
         8d:62:15:4c:fa:be:2a:25:6f:19:26:89:e9:ea:d7:33:d6:3f:
         38:3c:ed:2e:ce:cb:27:4a:f2:f1:5d:95:8b:58:d0:5d:d5:0b:
         3f:42:96:00:8d:87:94:e2:fa:1d:dc:6d:90:71:ee:b8:2d:94:
         2f:d0:4a:40:cf:a8:64:76:b3:40:ea:cd:fb:79:1f:83:0a:b9:
         92:a5:b9:39:ef:df:1b:ab:84:d1:2f:21:a4:21:64:cb:5c:c4:
         ed:3b:83:f7:3e:17:7e:57:17:54:24:b1:2c:08:04:c0:ba:25:
         ed:6a:36:05:0c:c2:11:2b:fc:70:94:3d:df:c5:8d:91:58:66:
         43:49:d9:a9:aa:95:6f:dd:45:4e:7b:19:b1:96:54:f5:49:1c:
         da:79:cc:8e:b6:b1:e7:28:93:bd:4f:33:3e:c4:47:5c:5f:09:
         c5:ff:bd:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUF2TmHUBV8Z1OOM5w0ApEIM7/4OUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAzMjYwNzM4NDJaFw0yNjAzMjUwNzQzNDJaMDMxMTAvBgNV
BAMTKEY3MUE3RDNEMzY2QkJGMEQzNkM2RDBFRjFDMTU4NjVCOUU5NjM0MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBYEP5gtBZaRTJClDpNOocqZ7B
/TZK+x7L7CFrhtxDRPcBpZqZ6g5nCL8Hyo6o7+aJ0Pbm5N5RaY1zeWCVbLKT/LTt
qiwWsWx94tkFR80XcYKHk+61kOC/a1/LvUjGGDRcmwkYeNKIWdSlJI4ryLgLp6Wr
ullsLTjvyBhvotFpItcdoIfYzWyWX/EwTjUyGfylwzrr5jzUXP5a7OfMTaUWbZjO
LgGNOyKzOD0o12pDRFfVUkK49X7F9qU8PD1aBC6cJuiIi5jaE1cnratGiPX5UKIR
zkPAOfSwrnRjX9LtcvIP/rQTcOtf/2tVw+X6NvXRXV5PDU3io6okQyBueGpjAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU9xp9PTZrvw02xtDvHBWGW56WNBMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTOTIzMi5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI0LOTAN
BgkqhkiG9w0BAQsFAAOCAQEAgz8A/AM4Q8nI0k1MSbooBu2EGEx8dT7GHLfFXlAf
WFOL7AHTRm6uxkeQvx5BgXJF09HuT+FYWHeb6IyF1C6RqGxopRonXqgWg6N+fm4b
vzG8vzg19tsgOa7TjWIVTPq+KiVvGSaJ6erXM9Y/ODztLs7LJ0ry8V2Vi1jQXdUL
P0KWAI2HlOL6HdxtkHHuuC2UL9BKQM+oZHazQOrN+3kfgwq5kqW5Oe/fG6uE0S8h
pCFky1zE7TuD9z4XflcXVCSxLAgEwLol7Wo2BQzCESv8cJQ938WNkVhmQ0nZqaqV
b91FTnsZsZZU9Ukc2nnMjrax5yiTvU8zPsRHXF8Jxf+9EQ==
-----END CERTIFICATE-----