Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa
File:                     AS9009.roa (raw, json)
Hash identifier:          S54gygbhHTgmlRS+PJDKbTCcMaDbHZNKFUOOwt125Kg=
Subject key identifier:   95:F7:1A:7F:16:65:4D:A8:1E:30:40:01:7B:DD:53:38:E5:73:BB:4D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       11B596992BBFB94A00A9A3D61DA3435850E415F7
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa
Signing time:             Mon 14 Apr 2025 12:54:01 +0000
ROA not before:           Mon 14 Apr 2025 12:49:01 +0000
ROA not after:            Mon 13 Apr 2026 12:54:01 +0000
asID:                     9009
IP address blocks:        141.11.18.0/24 maxlen: 24
                          141.11.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:b5:96:99:2b:bf:b9:4a:00:a9:a3:d6:1d:a3:43:58:50:e4:15:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 14 12:49:01 2025 GMT
            Not After : Apr 13 12:54:01 2026 GMT
        Subject: CN=95F71A7F16654DA81E3040017BDD5338E573BB4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e1:57:01:ed:73:ca:a0:3e:b5:da:c4:d5:78:
                    e6:36:8f:80:b3:4b:19:af:de:e7:eb:4e:24:88:f0:
                    94:ca:76:e7:13:1c:c0:bd:7b:f6:d8:78:c0:4b:00:
                    7b:8c:b5:8d:68:20:42:07:fd:d9:53:45:79:6f:52:
                    19:b9:79:59:27:ca:24:aa:01:45:72:5d:1d:44:39:
                    5a:5a:42:02:40:04:db:41:84:1e:fc:5d:f1:9a:6f:
                    05:59:7b:1d:5d:33:b8:22:00:09:5a:ff:2d:41:52:
                    06:01:8f:84:9e:71:2a:82:f8:91:b3:18:10:a3:0b:
                    37:f2:8b:0a:f0:16:d3:b1:4d:17:ef:b8:59:c2:06:
                    19:ec:a4:5a:f4:f2:e4:21:df:44:9d:2f:c5:b4:b8:
                    a1:bf:0e:46:a5:5a:90:d9:e0:c9:8d:e5:13:36:6e:
                    c1:70:ca:89:5e:ef:35:d0:44:49:1a:a5:4c:ac:0c:
                    a8:43:24:bc:4f:1b:ba:f7:8e:3e:91:aa:0e:79:7d:
                    a6:96:be:76:2e:21:d5:7a:0c:f8:5d:e4:87:0d:0b:
                    5b:54:59:e1:97:84:a6:16:25:78:4d:30:0f:b0:32:
                    83:88:a9:1f:8e:b2:98:be:6d:77:85:af:bb:39:53:
                    43:a5:ec:ac:ac:70:7f:cf:40:e8:fa:67:b4:47:36:
                    cd:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F7:1A:7F:16:65:4D:A8:1E:30:40:01:7B:DD:53:38:E5:73:BB:4D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.18.0/24
                  141.11.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a5:89:88:d9:31:84:7b:d6:12:39:d1:b1:c4:c8:d0:d4:4b:
         7a:45:56:ba:f1:1c:02:ee:dc:15:d7:64:6c:95:d1:85:0b:68:
         77:47:74:2c:47:a7:c8:dd:da:f0:1e:11:8b:38:aa:0e:2f:3a:
         ed:8f:ff:11:34:38:bb:b4:6f:e5:59:2f:15:c1:09:bd:e9:bc:
         3e:94:10:71:a5:e4:7a:a3:58:31:a3:b3:2b:7a:0d:a4:19:63:
         ee:e3:e5:b8:18:97:d3:0e:5d:04:5a:06:f9:0c:4d:f4:4f:4f:
         19:25:8f:7e:39:91:cd:db:1c:04:35:8c:de:c3:1b:66:4f:92:
         db:1b:fc:53:48:28:88:0b:a3:38:b6:9e:d9:d8:27:3e:3e:ec:
         ee:3e:b0:47:f1:20:48:79:b1:38:b3:4c:d8:f0:1d:54:4b:7a:
         01:1b:8e:81:f9:44:3f:ad:b9:63:4b:73:62:7e:8e:f4:b7:4c:
         12:4e:75:eb:41:95:aa:41:cc:f7:ba:ee:ab:99:af:80:db:5e:
         14:2c:cb:46:01:1c:50:95:9a:81:37:b2:e4:50:27:d0:7b:27:
         47:3c:f7:a5:04:6b:15:fd:da:69:97:68:66:0a:79:6d:5f:6b:
         72:ec:97:3d:9f:9a:f0:e1:40:9b:0d:b6:0a:2c:d3:d5:4d:55:
         62:f3:ee:5c
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUEbWWmSu/uUoAqaPWHaNDWFDkFfcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MTQxMjQ5MDFaFw0yNjA0MTMxMjU0MDFaMDMxMTAvBgNV
BAMTKDk1RjcxQTdGMTY2NTREQTgxRTMwNDAwMTdCREQ1MzM4RTU3M0JCNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi4VcB7XPKoD612sTVeOY2j4Cz
Sxmv3ufrTiSI8JTKducTHMC9e/bYeMBLAHuMtY1oIEIH/dlTRXlvUhm5eVknyiSq
AUVyXR1EOVpaQgJABNtBhB78XfGabwVZex1dM7giAAla/y1BUgYBj4SecSqC+JGz
GBCjCzfyiwrwFtOxTRfvuFnCBhnspFr08uQh30SdL8W0uKG/DkalWpDZ4MmN5RM2
bsFwyole7zXQREkapUysDKhDJLxPG7r3jj6Rqg55faaWvnYuIdV6DPhd5IcNC1tU
WeGXhKYWJXhNMA+wMoOIqR+Ospi+bXeFr7s5U0Ol7KyscH/PQOj6Z7RHNs05AgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUlfcafxZlTageMEABe91TOOVzu00wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAI0LEgME
AI0LYDANBgkqhkiG9w0BAQsFAAOCAQEAJ6WJiNkxhHvWEjnRscTI0NRLekVWuvEc
Au7cFddkbJXRhQtod0d0LEenyN3a8B4RiziqDi867Y//ETQ4u7Rv5VkvFcEJvem8
PpQQcaXkeqNYMaOzK3oNpBlj7uPluBiX0w5dBFoG+QxN9E9PGSWPfjmRzdscBDWM
3sMbZk+S2xv8U0goiAujOLae2dgnPj7s7j6wR/EgSHmxOLNM2PAdVEt6ARuOgflE
P625Y0tzYn6O9LdMEk5160GVqkHM97ruq5mvgNteFCzLRgEcUJWagTey5FAn0Hsn
Rzz3pQRrFf3aaZdoZgp5bV9rcuyXPZ+a8OFAmw22CizT1U1VYvPuXA==
-----END CERTIFICATE-----