Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa
File:                     AS141158.roa (raw, json)
Hash identifier:          QNs4NE8nOEJZFewMfNJWdlnsQJ6PV8K9IMRWQ6D3OJ0=
Subject key identifier:   4D:29:25:DD:0D:3C:42:2A:EC:EE:6E:55:B5:5C:B9:B5:33:6F:93:E9
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       318C5E948FDB0DED589817FF58426496702A1A5F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa
Signing time:             Tue 30 Sep 2025 15:55:08 +0000
ROA not before:           Tue 30 Sep 2025 15:50:08 +0000
ROA not after:            Tue 29 Sep 2026 15:55:08 +0000
asID:                     141158
IP address blocks:        141.11.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:8c:5e:94:8f:db:0d:ed:58:98:17:ff:58:42:64:96:70:2a:1a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 30 15:50:08 2025 GMT
            Not After : Sep 29 15:55:08 2026 GMT
        Subject: CN=4D2925DD0D3C422AECEE6E55B55CB9B5336F93E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1d:10:83:74:3b:ee:77:fb:96:a1:51:57:c5:
                    64:a5:ca:13:b1:0a:0c:41:04:da:22:29:5d:4d:7e:
                    88:fe:ac:e4:62:47:48:e6:eb:ad:c8:5b:67:8f:5e:
                    68:83:c9:5e:df:79:4e:88:86:26:c1:e8:8d:e4:ad:
                    f7:dd:54:a5:da:f5:43:0c:5b:f0:ef:d8:ea:2d:38:
                    b4:1c:d2:bb:e2:c5:b9:5a:2f:90:72:e4:5e:a5:b1:
                    79:5e:10:93:4d:4c:ba:15:7f:e6:3c:59:1b:5d:95:
                    35:53:79:64:3c:40:8c:70:7f:1a:5c:47:e2:43:38:
                    e0:94:1d:df:13:46:9e:fb:11:c7:c3:08:99:43:c3:
                    7d:6d:44:42:bb:ec:3e:5c:66:a0:c8:c4:a0:f9:72:
                    75:27:09:83:f2:a7:50:36:66:ea:f2:74:5f:47:9e:
                    27:b3:24:af:18:32:7d:e7:90:5a:ea:51:34:60:6e:
                    3a:77:84:da:42:e1:54:0c:06:3d:8a:1a:36:07:49:
                    32:99:c3:ca:91:24:94:bc:6e:7d:d6:1e:39:45:03:
                    ac:8b:a8:fc:ce:92:1b:ee:8d:19:65:3e:84:1f:66:
                    0a:f0:28:af:9e:28:6c:3b:12:8e:23:8e:9a:f1:e4:
                    8b:83:96:89:1f:1c:ea:98:fa:30:c3:6d:de:f0:fc:
                    97:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:29:25:DD:0D:3C:42:2A:EC:EE:6E:55:B5:5C:B9:B5:33:6F:93:E9
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS141158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:8d:ae:3d:ea:94:84:4f:d1:b9:33:c2:9f:34:30:95:61:00:
         1b:04:71:92:9b:b4:e5:a8:65:3f:0f:b3:f5:bc:d1:3b:ea:ff:
         16:6c:96:85:07:ea:fc:76:07:cc:d6:1f:12:0b:6b:6f:eb:b3:
         07:6b:91:11:8e:00:b3:0a:70:bf:4d:2b:bf:fc:1f:03:36:72:
         ae:b7:8a:64:38:e3:69:d6:8e:c0:e2:db:6b:d2:42:4a:a7:d4:
         99:63:f9:b6:5c:3c:16:8e:52:1e:fb:c4:91:eb:f1:5a:9e:e9:
         80:b8:bf:a5:08:b3:3b:b5:ff:c3:a6:e5:a2:a0:7a:64:9d:fc:
         74:63:50:63:10:2c:59:a6:82:68:bf:44:22:c4:cb:5d:78:57:
         f5:f9:e4:6c:5b:35:d0:e5:21:45:9b:c1:47:1f:3e:71:a9:3f:
         68:74:5f:8a:10:05:55:9a:e2:fb:ea:53:c5:35:70:04:21:44:
         44:ed:db:65:00:e2:31:53:f6:0c:ba:46:f6:22:42:ac:10:ed:
         f5:e2:39:fb:28:3c:8c:37:77:7b:58:33:94:0c:4e:40:73:c5:
         70:43:93:c7:37:69:2e:5e:29:ca:aa:d1:8c:aa:7e:23:20:e7:
         24:8a:7f:66:a5:51:1a:66:ec:dd:fe:dc:f3:8a:a4:71:a3:fe:
         cf:44:55:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMYxelI/bDe1YmBf/WEJklnAqGl8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MzAxNTUwMDhaFw0yNjA5MjkxNTU1MDhaMDMxMTAvBgNV
BAMTKDREMjkyNUREMEQzQzQyMkFFQ0VFNkU1NUI1NUNCOUI1MzM2RjkzRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIHRCDdDvud/uWoVFXxWSlyhOx
CgxBBNoiKV1Nfoj+rORiR0jm663IW2ePXmiDyV7feU6IhibB6I3krffdVKXa9UMM
W/Dv2OotOLQc0rvixblaL5By5F6lsXleEJNNTLoVf+Y8WRtdlTVTeWQ8QIxwfxpc
R+JDOOCUHd8TRp77EcfDCJlDw31tREK77D5cZqDIxKD5cnUnCYPyp1A2ZurydF9H
niezJK8YMn3nkFrqUTRgbjp3hNpC4VQMBj2KGjYHSTKZw8qRJJS8bn3WHjlFA6yL
qPzOkhvujRllPoQfZgrwKK+eKGw7Eo4jjprx5IuDlokfHOqY+jDDbd7w/Jd/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUTSkl3Q08Qirs7m5VtVy5tTNvk+kwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQxMTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtl
MA0GCSqGSIb3DQEBCwUAA4IBAQAGja496pSET9G5M8KfNDCVYQAbBHGSm7TlqGU/
D7P1vNE76v8WbJaFB+r8dgfM1h8SC2tv67MHa5ERjgCzCnC/TSu//B8DNnKut4pk
OONp1o7A4ttr0kJKp9SZY/m2XDwWjlIe+8SR6/FanumAuL+lCLM7tf/DpuWioHpk
nfx0Y1BjECxZpoJov0QixMtdeFf1+eRsWzXQ5SFFm8FHHz5xqT9odF+KEAVVmuL7
6lPFNXAEIURE7dtlAOIxU/YMukb2IkKsEO314jn7KDyMN3d7WDOUDE5Ac8VwQ5PH
N2kuXinKqtGMqn4jIOckin9mpVEaZuzd/tzziqRxo/7PRFV/
-----END CERTIFICATE-----