Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          DiHoOs8F3WBPNxuRqtZv7z/cw8AO0Srv86smMkOSM9I=
Subject key identifier:   3F:D8:6A:6D:63:E7:9C:26:19:6C:E2:FF:E6:15:51:8F:CE:E3:2F:23
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5110E8F9A82313BA53BE2C450B2BB0000387BD99
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa
Signing time:             Sat 14 Jun 2025 00:54:09 +0000
ROA not before:           Sat 14 Jun 2025 00:49:09 +0000
ROA not after:            Sat 13 Jun 2026 00:54:09 +0000
asID:                     211440
IP address blocks:        141.11.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:10:e8:f9:a8:23:13:ba:53:be:2c:45:0b:2b:b0:00:03:87:bd:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 14 00:49:09 2025 GMT
            Not After : Jun 13 00:54:09 2026 GMT
        Subject: CN=3FD86A6D63E79C26196CE2FFE615518FCEE32F23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:19:99:68:bc:df:95:a2:03:24:ed:1a:eb:25:
                    33:40:72:92:9b:bc:03:4b:37:5d:e6:8d:c2:ce:06:
                    20:0b:7d:e5:d8:ed:c6:fd:4b:03:ef:12:fa:5c:1d:
                    fc:63:e4:b8:e2:3d:e4:91:38:c7:46:18:a6:de:be:
                    3a:00:34:f9:8a:5d:ae:15:88:41:69:4d:e1:2f:e8:
                    3a:d8:12:4d:e9:4a:7e:30:68:9c:f9:da:f5:48:1f:
                    29:f9:6e:2c:e9:15:0a:eb:29:d9:62:60:83:5d:ab:
                    60:b8:8b:90:a8:ea:ab:23:4c:07:2e:b7:9c:16:9d:
                    2e:5d:a7:d8:04:69:6f:36:17:67:f3:51:c0:cc:c2:
                    1b:2b:8c:9d:e5:40:d9:7f:e2:70:28:5d:ca:e5:29:
                    c6:95:2e:fc:b9:72:4c:36:a2:cc:92:c0:60:5f:6c:
                    a9:16:62:49:fd:3d:78:8d:0d:99:86:01:4a:d0:35:
                    14:5a:20:20:56:08:82:c6:a1:4f:e2:6f:6b:f4:49:
                    9d:79:0e:7c:45:d0:99:45:ef:c9:d7:74:37:56:0c:
                    1a:22:cb:70:4c:08:5a:5b:1b:49:90:a9:21:85:ae:
                    e9:a2:3c:ab:5f:0e:e9:aa:e3:9c:e8:0f:eb:73:ab:
                    53:b6:55:6b:41:24:4d:17:41:be:0e:57:14:8c:10:
                    f6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D8:6A:6D:63:E7:9C:26:19:6C:E2:FF:E6:15:51:8F:CE:E3:2F:23
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:05:01:a7:bd:65:d7:ce:0a:b8:e4:eb:3c:80:24:ba:ad:9e:
         35:dd:45:c6:4a:da:53:75:e7:df:eb:4c:a5:f9:b7:47:0c:f1:
         5a:81:ac:54:2a:f8:49:41:80:ec:1f:d2:6b:18:5e:46:c2:06:
         5e:f4:4f:0c:ec:83:bd:26:7e:98:a7:c0:83:ae:b8:ab:ce:52:
         aa:1b:ec:59:7a:4e:0c:57:52:28:c6:1b:fb:08:19:41:ec:1b:
         29:0f:76:49:c0:15:e7:33:d6:72:51:6a:8e:4f:2c:70:21:16:
         8a:4d:d1:af:d5:be:04:9b:98:b4:23:37:0d:f9:9c:36:64:c2:
         7b:fd:49:e4:a0:f7:26:bc:3e:c3:8a:33:26:b4:ea:ea:fd:03:
         5b:3c:ce:3e:ac:84:ab:27:4d:3d:65:d9:fb:e3:ac:33:f4:f7:
         79:a1:38:16:e4:fd:bc:05:62:8c:d8:9a:f3:3c:2b:3f:19:11:
         55:9e:49:8a:2b:35:b6:ac:a9:91:37:60:7b:68:26:50:af:a4:
         89:ef:2a:31:f3:2e:ed:0f:3d:1b:05:6b:a7:a1:17:b8:3f:4a:
         57:d7:5b:4b:c3:3c:6c:95:a0:bc:da:83:10:53:50:8d:08:ec:
         64:81:f0:11:6c:1c:0e:87:27:e6:af:59:66:17:6b:cb:9d:56:
         5b:45:e3:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUURDo+agjE7pTvixFCyuwAAOHvZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MTQwMDQ5MDlaFw0yNjA2MTMwMDU0MDlaMDMxMTAvBgNV
BAMTKDNGRDg2QTZENjNFNzlDMjYxOTZDRTJGRkU2MTU1MThGQ0VFMzJGMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqGZlovN+VogMk7RrrJTNAcpKb
vANLN13mjcLOBiALfeXY7cb9SwPvEvpcHfxj5LjiPeSROMdGGKbevjoANPmKXa4V
iEFpTeEv6DrYEk3pSn4waJz52vVIHyn5bizpFQrrKdliYINdq2C4i5Co6qsjTAcu
t5wWnS5dp9gEaW82F2fzUcDMwhsrjJ3lQNl/4nAoXcrlKcaVLvy5ckw2osySwGBf
bKkWYkn9PXiNDZmGAUrQNRRaICBWCILGoU/ib2v0SZ15DnxF0JlF78nXdDdWDBoi
y3BMCFpbG0mQqSGFrumiPKtfDumq45zoD+tzq1O2VWtBJE0XQb4OVxSMEPZvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUP9hqbWPnnCYZbOL/5hVRj87jLyMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtj
MA0GCSqGSIb3DQEBCwUAA4IBAQBCBQGnvWXXzgq45Os8gCS6rZ413UXGStpTdeff
60yl+bdHDPFagaxUKvhJQYDsH9JrGF5GwgZe9E8M7IO9Jn6Yp8CDrrirzlKqG+xZ
ek4MV1Ioxhv7CBlB7BspD3ZJwBXnM9ZyUWqOTyxwIRaKTdGv1b4Em5i0IzcN+Zw2
ZMJ7/UnkoPcmvD7DijMmtOrq/QNbPM4+rISrJ009Zdn746wz9Pd5oTgW5P28BWKM
2JrzPCs/GRFVnkmKKzW2rKmRN2B7aCZQr6SJ7yox8y7tDz0bBWunoRe4P0pX11tL
wzxslaC82oMQU1CNCOxkgfARbBwOhyfmr1lmF2vLnVZbReNr
-----END CERTIFICATE-----