Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa
File:                     AS396026.roa (raw, json)
Hash identifier:          nLBDWPRte+kNFNRQAnhbw4IISEllmAe0eYIOdvKm9+4=
Subject key identifier:   92:8C:E8:AC:B4:51:9E:EC:29:7E:3D:67:AD:4A:CF:CD:1B:71:50:8C
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6181E90A78A6C333BB088CA0BE61E463139DB556
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa
Signing time:             Mon 11 Aug 2025 20:54:13 +0000
ROA not before:           Mon 11 Aug 2025 20:49:13 +0000
ROA not after:            Mon 10 Aug 2026 20:54:13 +0000
asID:                     396026
IP address blocks:        141.11.150.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:81:e9:0a:78:a6:c3:33:bb:08:8c:a0:be:61:e4:63:13:9d:b5:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 11 20:49:13 2025 GMT
            Not After : Aug 10 20:54:13 2026 GMT
        Subject: CN=928CE8ACB4519EEC297E3D67AD4ACFCD1B71508C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c6:1e:f0:4c:0f:69:4a:0d:e1:2e:1d:8b:77:
                    cd:a6:f1:4d:35:39:75:93:82:b9:37:5c:00:1f:c4:
                    56:b5:b0:dd:5e:6e:98:d7:d9:2f:59:b2:3f:73:52:
                    73:9b:36:d2:dd:8c:7e:5a:d6:e6:32:42:91:28:a8:
                    8f:5b:d7:11:f6:50:6b:d5:0f:53:67:8d:c3:ca:6b:
                    4d:0f:fe:c5:83:3c:fa:dc:7a:6b:54:2c:60:e4:95:
                    ad:f8:b9:7a:dd:9c:e8:a6:0b:6c:82:81:58:6c:eb:
                    4e:5d:b9:f2:e3:96:2a:e9:f4:4e:e0:26:ed:e5:57:
                    f4:29:6d:28:72:d5:62:c1:6d:14:0c:36:96:a1:75:
                    26:a6:2d:57:18:91:48:cc:cb:34:a1:df:60:10:8a:
                    4c:07:28:96:e5:60:fc:a2:f7:55:94:5c:be:0e:f6:
                    82:ef:05:10:0f:62:97:d2:1f:a6:3f:81:cb:c4:7b:
                    6e:12:bd:5e:2a:3c:75:f0:bc:b0:52:33:48:12:67:
                    d0:50:d2:19:e1:bd:95:e4:33:c5:4f:db:29:2e:ee:
                    0e:f9:0f:71:bf:ce:0f:3f:ec:ee:22:d8:6d:a7:ca:
                    32:ab:b0:c2:87:a4:0c:71:5d:0a:59:71:89:4e:93:
                    7e:3e:a3:b5:ba:91:fd:29:08:00:f6:a2:84:b9:67:
                    2f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8C:E8:AC:B4:51:9E:EC:29:7E:3D:67:AD:4A:CF:CD:1B:71:50:8C
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS396026.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d5:a7:e5:88:d4:7e:87:36:94:cb:2e:6c:52:7d:93:2a:aa:a1:
         a8:5c:1c:c7:68:66:f2:c0:85:27:17:99:49:44:5a:0e:99:81:
         c0:94:85:fe:c9:5f:d5:a6:da:64:94:9c:86:30:41:ef:ac:c9:
         d2:96:41:2b:eb:68:d4:71:37:58:70:20:0e:8a:8f:f1:c2:de:
         57:2b:e5:3a:22:c5:e7:85:6b:fa:f0:e0:60:56:e8:7f:4e:92:
         33:5a:19:8b:d3:9f:d9:84:a3:c2:b6:21:62:bd:5e:8c:69:52:
         09:d5:c8:11:3a:89:70:0d:9e:46:7e:50:05:1c:04:4e:da:20:
         6f:dd:b2:02:2d:ad:b3:51:9c:d8:7e:38:bd:a4:3c:1c:88:49:
         c0:29:a6:44:f6:2c:14:88:80:40:cd:96:3a:fa:f4:b5:83:98:
         bd:19:b7:9b:1b:fd:78:d3:56:5e:ab:41:85:d4:91:07:8d:15:
         ab:03:20:67:2f:1e:37:b0:3c:97:c3:a0:c5:5e:73:a9:98:db:
         78:dc:dd:33:42:9b:f0:87:6d:39:c2:b7:ed:69:96:73:2a:a8:
         11:47:e2:e1:3d:77:19:95:e2:65:ba:08:5c:d2:da:ac:1f:27:
         e6:60:b3:e7:a9:a5:c0:9a:c6:b1:85:e8:e9:39:aa:a0:1f:7c:
         4b:7e:7f:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYYHpCnimwzO7CIygvmHkYxOdtVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA4MTEyMDQ5MTNaFw0yNjA4MTAyMDU0MTNaMDMxMTAvBgNV
BAMTKDkyOENFOEFDQjQ1MTlFRUMyOTdFM0Q2N0FENEFDRkNEMUI3MTUwOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBxh7wTA9pSg3hLh2Ld82m8U01
OXWTgrk3XAAfxFa1sN1ebpjX2S9Zsj9zUnObNtLdjH5a1uYyQpEoqI9b1xH2UGvV
D1NnjcPKa00P/sWDPPrcemtULGDkla34uXrdnOimC2yCgVhs605dufLjlirp9E7g
Ju3lV/QpbShy1WLBbRQMNpahdSamLVcYkUjMyzSh32AQikwHKJblYPyi91WUXL4O
9oLvBRAPYpfSH6Y/gcvEe24SvV4qPHXwvLBSM0gSZ9BQ0hnhvZXkM8VP2yku7g75
D3G/zg8/7O4i2G2nyjKrsMKHpAxxXQpZcYlOk34+o7W6kf0pCAD2ooS5Zy93AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkozorLRRnuwpfj1nrUrPzRtxUIwwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk2MDI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQuW
MA0GCSqGSIb3DQEBCwUAA4IBAQDVp+WI1H6HNpTLLmxSfZMqqqGoXBzHaGbywIUn
F5lJRFoOmYHAlIX+yV/VptpklJyGMEHvrMnSlkEr62jUcTdYcCAOio/xwt5XK+U6
IsXnhWv68OBgVuh/TpIzWhmL05/ZhKPCtiFivV6MaVIJ1cgROolwDZ5GflAFHARO
2iBv3bICLa2zUZzYfji9pDwciEnAKaZE9iwUiIBAzZY6+vS1g5i9GbebG/1401Ze
q0GF1JEHjRWrAyBnLx43sDyXw6DFXnOpmNt43N0zQpvwh205wrftaZZzKqgRR+Lh
PXcZleJlughc0tqsHyfmYLPnqaXAmsaxhejpOaqgH3xLfn/c
-----END CERTIFICATE-----