Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208483.roa
File:                     AS208483.roa (raw, json)
Hash identifier:          xrD/h3KGT6+b8egduv24MxbRO4eH4dtpc4tMI1Yzv7Q=
Subject key identifier:   BF:FF:41:FD:4E:D8:30:79:1D:0A:5E:1E:88:F4:C7:D0:DE:2C:70:59
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       44D8955AEBA3320436F214F5F2B62CA1E8F6D965
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208483.roa
Signing time:             Mon 30 Jun 2025 13:05:07 +0000
ROA not before:           Mon 30 Jun 2025 13:00:07 +0000
ROA not after:            Mon 29 Jun 2026 13:05:07 +0000
asID:                     208483
IP address blocks:        141.11.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 10:45:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:d8:95:5a:eb:a3:32:04:36:f2:14:f5:f2:b6:2c:a1:e8:f6:d9:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 30 13:00:07 2025 GMT
            Not After : Jun 29 13:05:07 2026 GMT
        Subject: CN=BFFF41FD4ED830791D0A5E1E88F4C7D0DE2C7059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:33:d1:d4:2f:af:b0:ee:91:b5:84:5c:ca:25:
                    a7:87:ed:6c:da:8b:48:8e:d7:1b:a2:0d:62:2f:00:
                    22:b2:2f:bc:ac:3d:f8:7f:b0:57:a9:39:3a:50:e1:
                    d8:42:97:84:6a:36:cd:f6:62:c9:bd:57:b1:44:a5:
                    21:14:de:c0:19:92:36:a7:db:e5:86:13:65:88:0a:
                    f0:76:f8:1e:6e:42:1c:55:cf:22:6f:34:26:0e:76:
                    ea:3b:b2:ff:ba:90:72:a7:0f:c9:81:0d:49:1d:42:
                    66:87:00:e0:95:c5:4b:8e:2b:bf:06:3d:07:97:a7:
                    82:13:b2:61:c0:a9:a5:99:7d:bc:7a:8c:f1:6d:68:
                    e8:9d:da:e4:a3:80:6b:ce:65:f5:44:90:3d:63:a9:
                    42:36:46:f7:23:ca:39:0e:56:86:a4:54:2e:0c:96:
                    fe:0e:c8:94:9b:4f:d2:59:7a:d3:3e:7b:47:ff:94:
                    18:9c:21:25:5d:19:5a:a8:9c:20:c1:b2:74:26:88:
                    0c:49:eb:6d:02:19:27:e1:f2:3f:e1:50:8a:44:b3:
                    87:5e:de:5e:f0:86:e8:ec:15:53:2b:d3:0e:0a:11:
                    6c:ca:34:1c:2a:40:5d:57:12:0e:5e:81:c0:99:fb:
                    ba:30:ce:c3:fe:c9:db:ea:2e:2a:c6:b5:64:36:4d:
                    4f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:FF:41:FD:4E:D8:30:79:1D:0A:5E:1E:88:F4:C7:D0:DE:2C:70:59
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208483.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:b7:48:64:1f:b6:c1:32:ea:80:c6:0b:8a:66:7f:df:ec:26:
         c8:0a:71:3a:ca:d4:6e:8d:24:e4:32:9a:10:1c:d9:0f:cb:18:
         8d:92:27:46:9b:07:e8:61:15:62:f3:68:a5:cd:1e:54:38:3f:
         96:48:ef:6f:c2:c5:14:fd:51:cb:e7:38:dd:13:b8:8a:fb:58:
         b7:8c:89:e2:22:08:d5:64:06:30:47:06:c0:7b:e0:72:90:bf:
         76:e4:1a:53:70:d9:bf:f8:1d:14:24:fa:bf:22:23:49:cc:e1:
         24:b8:e4:3e:d1:db:4f:95:a2:29:94:d8:9c:4b:79:ea:ae:40:
         a0:f5:d6:49:56:f4:d2:a2:c6:e0:19:b2:b0:dc:22:de:bb:7c:
         c5:8c:b9:c2:3b:e5:ab:54:f0:c6:1b:a7:5b:c5:d7:7a:75:51:
         05:60:88:3b:67:95:f2:12:c9:7e:b0:f0:4b:0f:fc:c8:3e:22:
         24:f9:56:b8:cb:94:d1:e3:34:ad:4c:47:1d:94:a3:48:80:cc:
         10:b6:9f:ff:39:86:9b:2c:43:30:06:fc:f9:b6:d2:20:c7:47:
         f3:3f:73:1d:09:ad:00:df:84:11:53:0a:c2:32:0c:93:32:e0:
         62:8c:b9:51:f9:60:82:95:bb:8d:37:de:b1:d5:64:60:5a:67:
         e5:ac:64:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURNiVWuujMgQ28hT18rYsoej22WUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MzAxMzAwMDdaFw0yNjA2MjkxMzA1MDdaMDMxMTAvBgNV
BAMTKEJGRkY0MUZENEVEODMwNzkxRDBBNUUxRTg4RjRDN0QwREUyQzcwNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzM9HUL6+w7pG1hFzKJaeH7Wza
i0iO1xuiDWIvACKyL7ysPfh/sFepOTpQ4dhCl4RqNs32Ysm9V7FEpSEU3sAZkjan
2+WGE2WICvB2+B5uQhxVzyJvNCYOduo7sv+6kHKnD8mBDUkdQmaHAOCVxUuOK78G
PQeXp4ITsmHAqaWZfbx6jPFtaOid2uSjgGvOZfVEkD1jqUI2RvcjyjkOVoakVC4M
lv4OyJSbT9JZetM+e0f/lBicISVdGVqonCDBsnQmiAxJ620CGSfh8j/hUIpEs4de
3l7whujsFVMr0w4KEWzKNBwqQF1XEg5egcCZ+7owzsP+ydvqLirGtWQ2TU97AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUv/9B/U7YMHkdCl4eiPTH0N4scFkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA4NDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtB
MA0GCSqGSIb3DQEBCwUAA4IBAQCUt0hkH7bBMuqAxguKZn/f7CbICnE6ytRujSTk
MpoQHNkPyxiNkidGmwfoYRVi82ilzR5UOD+WSO9vwsUU/VHL5zjdE7iK+1i3jIni
IgjVZAYwRwbAe+BykL925BpTcNm/+B0UJPq/IiNJzOEkuOQ+0dtPlaIplNicS3nq
rkCg9dZJVvTSosbgGbKw3CLeu3zFjLnCO+WrVPDGG6dbxdd6dVEFYIg7Z5XyEsl+
sPBLD/zIPiIk+Va4y5TR4zStTEcdlKNIgMwQtp//OYabLEMwBvz5ttIgx0fzP3Md
Ca0A34QRUwrCMgyTMuBijLlR+WCClbuNN96x1WRgWmflrGSf
-----END CERTIFICATE-----