Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2110.roa
File:                     AS2110.roa (raw, json)
Hash identifier:          J62FSNDFGEeLHnhg0dJeNL0zddKOR+W1GtIR03ztE3Y=
Subject key identifier:   FC:FF:9E:4D:CA:68:68:6B:5D:85:91:55:5C:01:36:32:7A:E1:9F:10
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3391AC70B984CDEF89EBA04716F40B5F6618EBD9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2110.roa
Signing time:             Wed 30 Jul 2025 14:54:13 +0000
ROA not before:           Wed 30 Jul 2025 14:49:13 +0000
ROA not after:            Wed 29 Jul 2026 14:54:13 +0000
asID:                     2110
IP address blocks:        141.11.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:12:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:91:ac:70:b9:84:cd:ef:89:eb:a0:47:16:f4:0b:5f:66:18:eb:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 30 14:49:13 2025 GMT
            Not After : Jul 29 14:54:13 2026 GMT
        Subject: CN=FCFF9E4DCA68686B5D8591555C0136327AE19F10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:93:8e:4b:fe:2b:94:82:03:3c:8c:94:15:1a:
                    4d:b2:bd:f8:75:ca:a1:e0:85:33:e2:fe:8b:bf:d3:
                    ec:f9:ca:07:77:b5:d9:91:14:ca:70:71:cb:c2:1a:
                    39:5a:ed:1e:22:b7:f8:dc:de:9c:f8:fc:e0:cc:d3:
                    71:6f:81:60:78:07:ec:dc:84:0d:d9:f3:e3:ce:72:
                    de:68:19:b1:47:73:ec:fb:7d:8d:42:48:45:a8:f9:
                    48:cc:1d:3b:fd:c7:8d:4e:f2:70:21:5c:d6:cd:c5:
                    1c:78:fd:25:b0:75:5e:68:62:a1:74:b8:da:ba:7c:
                    8e:c7:d9:a6:4b:df:db:3e:7e:76:df:fd:2e:0b:19:
                    82:ff:56:ee:90:f5:cd:61:30:f0:66:66:52:36:09:
                    6d:a5:d6:4d:75:f3:7c:2d:cc:9d:ec:28:2d:ed:a4:
                    bc:82:76:60:d4:4e:92:6d:c1:7d:e4:a7:e4:bd:6d:
                    fc:83:26:77:85:01:c2:21:25:37:f6:07:ee:7b:5a:
                    72:47:94:71:cc:5b:35:e6:8b:cc:28:00:15:7e:51:
                    1e:cc:d4:31:1a:58:7b:f8:9d:bb:71:41:7b:01:e2:
                    be:88:2c:8c:3f:46:30:0b:22:dc:38:81:d2:1d:ec:
                    be:84:06:f9:51:d9:ba:cb:8f:92:2d:c0:46:de:c9:
                    91:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:FF:9E:4D:CA:68:68:6B:5D:85:91:55:5C:01:36:32:7A:E1:9F:10
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2110.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:1e:0d:0f:c9:0a:8d:4a:aa:16:2a:0b:ec:30:9c:a0:6e:71:
         7b:12:7e:e2:25:3b:6a:9f:51:eb:a5:42:42:de:a7:63:34:1f:
         5b:44:1f:0c:1c:8b:d1:5f:07:50:c7:4a:50:a1:de:66:b1:ef:
         28:0b:cc:b6:6a:35:37:21:ae:0c:1d:68:92:de:ba:ec:2a:d3:
         48:ac:0a:37:af:70:97:ce:18:5a:2f:11:05:36:b7:44:f3:7f:
         18:45:35:ae:39:0b:68:b8:b6:17:b8:52:c7:48:43:52:6e:e2:
         d0:d8:0c:dc:b4:ab:f9:5d:78:64:3e:c7:e5:b3:f6:42:1c:4e:
         f9:d3:a5:4d:02:62:83:ef:04:6c:24:f3:d8:4c:de:6d:da:21:
         89:39:38:b5:5c:41:e4:de:30:91:36:04:0c:d4:8a:72:90:51:
         a3:1f:5e:83:6c:05:71:b9:41:d9:ad:60:c9:84:7c:2b:31:8f:
         7f:27:fb:d4:48:c1:14:41:8d:9a:44:40:1e:94:44:11:57:95:
         f0:bc:66:ee:20:2c:1e:e2:e4:3f:4c:15:f6:b3:d0:7e:ea:ae:
         70:ee:df:31:8f:dc:8b:6b:f0:cd:09:3c:9b:dc:73:52:62:ba:
         22:eb:c5:f4:99:32:af:17:2a:cb:37:3c:da:98:35:f3:2b:71:
         92:26:7e:12
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUM5GscLmEze+J66BHFvQLX2YY69kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA3MzAxNDQ5MTNaFw0yNjA3MjkxNDU0MTNaMDMxMTAvBgNV
BAMTKEZDRkY5RTREQ0E2ODY4NkI1RDg1OTE1NTVDMDEzNjMyN0FFMTlGMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFk45L/iuUggM8jJQVGk2yvfh1
yqHghTPi/ou/0+z5ygd3tdmRFMpwccvCGjla7R4it/jc3pz4/ODM03FvgWB4B+zc
hA3Z8+POct5oGbFHc+z7fY1CSEWo+UjMHTv9x41O8nAhXNbNxRx4/SWwdV5oYqF0
uNq6fI7H2aZL39s+fnbf/S4LGYL/Vu6Q9c1hMPBmZlI2CW2l1k1183wtzJ3sKC3t
pLyCdmDUTpJtwX3kp+S9bfyDJneFAcIhJTf2B+57WnJHlHHMWzXmi8woABV+UR7M
1DEaWHv4nbtxQXsB4r6ILIw/RjALItw4gdId7L6EBvlR2brLj5ItwEbeyZGbAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU/P+eTcpoaGtdhZFVXAE2MnrhnxAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI0L/TAN
BgkqhkiG9w0BAQsFAAOCAQEAnR4ND8kKjUqqFioL7DCcoG5xexJ+4iU7ap9R66VC
Qt6nYzQfW0QfDByL0V8HUMdKUKHeZrHvKAvMtmo1NyGuDB1okt667CrTSKwKN69w
l84YWi8RBTa3RPN/GEU1rjkLaLi2F7hSx0hDUm7i0NgM3LSr+V14ZD7H5bP2QhxO
+dOlTQJig+8EbCTz2EzebdohiTk4tVxB5N4wkTYEDNSKcpBRox9eg2wFcblB2a1g
yYR8KzGPfyf71EjBFEGNmkRAHpREEVeV8Lxm7iAsHuLkP0wV9rPQfuqucO7fMY/c
i2vwzQk8m9xzUmK6IuvF9Jkyrxcqyzc82pg18ytxkiZ+Eg==
-----END CERTIFICATE-----