Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa
File:                     AS50321.roa (raw, json)
Hash identifier:          OOgAvnodob/BDreBge/qZAxwkgHyjMe+nOHqTX+DDao=
Subject key identifier:   FA:93:1C:24:90:DD:BA:65:C0:11:2A:A8:B5:FD:8E:5F:D2:C9:0B:7F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       38E181C956CA9F4777B91300779759E6C40B0355
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa
Signing time:             Sat 21 Jun 2025 11:37:04 +0000
ROA not before:           Sat 21 Jun 2025 11:32:04 +0000
ROA not after:            Sat 20 Jun 2026 11:37:04 +0000
asID:                     50321
IP address blocks:        141.11.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:24:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:e1:81:c9:56:ca:9f:47:77:b9:13:00:77:97:59:e6:c4:0b:03:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 21 11:32:04 2025 GMT
            Not After : Jun 20 11:37:04 2026 GMT
        Subject: CN=FA931C2490DDBA65C0112AA8B5FD8E5FD2C90B7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:02:5b:41:b0:66:57:ae:86:06:b5:73:60:c3:
                    ec:d0:6b:78:39:a6:e2:cf:fe:01:d8:fd:15:e1:15:
                    3d:fe:1e:5b:25:dd:4f:44:0c:bf:d0:fa:ec:6e:dc:
                    46:8b:54:7d:60:3f:c5:87:ce:4a:78:ae:bd:f6:fd:
                    42:0f:50:e2:22:03:28:b8:56:ff:16:c9:a5:c0:aa:
                    47:b3:8b:55:4b:89:e2:5e:04:2a:14:ff:7d:56:27:
                    ce:2e:57:fa:d4:2f:ba:13:55:4f:44:02:82:d3:b5:
                    62:93:9d:b5:7c:dd:68:ad:51:81:78:ca:a9:d2:f2:
                    d7:42:8c:07:e2:0d:95:dd:6c:0c:b3:1b:b3:49:21:
                    d1:be:14:92:2d:69:8b:d0:ef:35:6c:ee:2c:8f:08:
                    1f:40:51:98:d9:6f:55:48:b5:84:d9:40:d3:19:c4:
                    01:04:3b:60:23:4e:08:41:7b:4d:dc:57:3f:bf:5e:
                    b8:ff:48:31:23:61:e2:e1:26:4e:ce:96:59:ff:a7:
                    f9:a6:94:50:9a:9e:d5:cd:38:ad:6a:6c:91:94:be:
                    9c:a2:41:64:92:f2:1c:ac:74:3d:f5:9d:1a:57:43:
                    4a:a4:c0:18:1b:ec:fe:31:33:97:b9:06:03:ba:d2:
                    f3:ba:ec:af:97:c0:63:ff:37:f7:ba:f3:76:f1:0e:
                    96:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:93:1C:24:90:DD:BA:65:C0:11:2A:A8:B5:FD:8E:5F:D2:C9:0B:7F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS50321.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:c9:c7:e0:05:69:87:c3:98:14:f4:9e:07:a5:cc:50:f8:84:
         4c:d5:84:c3:0d:4d:79:1c:aa:58:4b:d9:fe:96:65:17:81:18:
         61:d7:c6:c3:bc:1e:ff:5f:72:d3:5a:b3:6a:5c:ff:ef:d8:c4:
         e3:53:cd:93:0d:ec:92:28:fa:ce:f1:4e:02:fb:3d:2b:0e:17:
         8a:2a:5e:37:52:3a:64:3e:47:94:df:14:da:72:98:ad:74:35:
         dd:2f:28:e6:d3:47:43:94:d2:eb:d3:21:a5:15:b6:bb:25:1d:
         32:9e:b8:ba:2a:a0:bf:5f:70:bf:11:48:b4:a1:dd:a4:c1:c9:
         4e:f7:33:1f:ed:a7:38:17:15:ce:de:13:56:ec:7a:cd:41:af:
         50:c3:d4:b0:ab:ec:e4:db:6d:9e:3f:68:76:4b:bb:e9:1f:fa:
         da:5c:f4:06:b0:2c:84:3f:a0:68:26:ca:e5:26:f5:b1:c3:f7:
         1d:13:fa:bf:68:fc:c7:e2:62:b9:0b:e8:b1:0b:5c:e3:83:a7:
         c4:38:ea:a1:ec:69:86:7a:42:84:8a:e9:87:ae:e5:4a:51:e1:
         54:41:3a:b6:e3:6d:09:8b:77:f8:aa:30:c5:50:e5:ce:72:53:
         7f:ec:01:df:7e:d8:1a:6f:2b:1d:b9:5a:12:1d:e5:a7:c3:bf:
         6a:ed:50:94
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOOGByVbKn0d3uRMAd5dZ5sQLA1UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MjExMTMyMDRaFw0yNjA2MjAxMTM3MDRaMDMxMTAvBgNV
BAMTKEZBOTMxQzI0OTBEREJBNjVDMDExMkFBOEI1RkQ4RTVGRDJDOTBCN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjAltBsGZXroYGtXNgw+zQa3g5
puLP/gHY/RXhFT3+Hlsl3U9EDL/Q+uxu3EaLVH1gP8WHzkp4rr32/UIPUOIiAyi4
Vv8WyaXAqkezi1VLieJeBCoU/31WJ84uV/rUL7oTVU9EAoLTtWKTnbV83WitUYF4
yqnS8tdCjAfiDZXdbAyzG7NJIdG+FJItaYvQ7zVs7iyPCB9AUZjZb1VItYTZQNMZ
xAEEO2AjTghBe03cVz+/Xrj/SDEjYeLhJk7Olln/p/mmlFCantXNOK1qbJGUvpyi
QWSS8hysdD31nRpXQ0qkwBgb7P4xM5e5BgO60vO67K+XwGP/N/e683bxDpYpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+pMcJJDdumXAESqotf2OX9LJC38wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTAzMjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC/ww
DQYJKoZIhvcNAQELBQADggEBAL/Jx+AFaYfDmBT0ngelzFD4hEzVhMMNTXkcqlhL
2f6WZReBGGHXxsO8Hv9fctNas2pc/+/YxONTzZMN7JIo+s7xTgL7PSsOF4oqXjdS
OmQ+R5TfFNpymK10Nd0vKObTR0OU0uvTIaUVtrslHTKeuLoqoL9fcL8RSLSh3aTB
yU73Mx/tpzgXFc7eE1bses1Br1DD1LCr7OTbbZ4/aHZLu+kf+tpc9AawLIQ/oGgm
yuUm9bHD9x0T+r9o/MfiYrkL6LELXOODp8Q46qHsaYZ6QoSK6Yeu5UpR4VRBOrbj
bQmLd/iqMMVQ5c5yU3/sAd9+2BpvKx25WhId5afDv2rtUJQ=
-----END CERTIFICATE-----