Route Origin Authorization 

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199925.roa
File:                     AS199925.roa (raw, json)
Hash identifier:          uegdifkgXgiq+a2mF7Jat5J43nUTCRoTovwBSKZ5Nb4=
Subject key identifier:   A7:B6:71:E4:E0:48:FB:29:43:1E:EC:06:22:1C:84:8D:1E:2D:A2:87
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3477FD9A999900E9F130191732BEF83CE2CB1FB5
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199925.roa
Signing time:             Tue 04 Jun 2024 03:07:26 +0000
ROA not before:           Tue 04 Jun 2024 03:02:26 +0000
ROA not after:            Tue 03 Jun 2025 03:07:26 +0000
asID:                     199925
IP address blocks:        141.11.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:77:fd:9a:99:99:00:e9:f1:30:19:17:32:be:f8:3c:e2:cb:1f:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  4 03:02:26 2024 GMT
            Not After : Jun  3 03:07:26 2025 GMT
        Subject: CN=A7B671E4E048FB29431EEC06221C848D1E2DA287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:66:77:d5:2d:69:47:49:c3:b5:b7:d0:a3:52:
                    da:8a:5b:75:b0:33:69:61:c5:aa:59:a8:d4:4d:94:
                    0c:ec:f4:03:39:06:d6:a5:a5:54:d2:50:b9:4a:87:
                    88:88:39:e0:e3:3d:47:0c:d5:e2:b2:d9:7e:ef:17:
                    ca:e1:cb:ee:fd:4e:80:b4:1a:24:c1:7d:ef:6e:ef:
                    af:ed:e2:77:e7:f2:ad:6b:c0:41:19:0c:2d:28:be:
                    9b:1c:c9:80:d6:ba:be:4e:a0:99:85:d9:7e:ec:44:
                    f9:9d:d6:5f:64:68:2f:8f:69:5e:78:7c:75:58:eb:
                    7d:b8:72:7a:3e:da:f6:0b:1a:c1:31:83:31:f9:98:
                    61:77:0c:36:e4:44:6e:f2:79:80:58:65:b6:38:42:
                    ef:88:10:a3:36:21:55:0c:9c:51:da:8a:57:f3:33:
                    71:89:b3:a6:7f:2d:de:99:bc:13:39:25:77:4b:56:
                    22:b8:e2:c0:12:b3:81:7b:44:75:08:ba:af:87:ab:
                    c8:6f:11:4b:7a:34:26:9d:5a:2f:4f:eb:39:34:e0:
                    85:62:42:e3:da:28:b8:8f:19:e0:13:99:ca:6d:8b:
                    57:ec:8d:00:fc:7c:2b:e5:ec:09:eb:c8:69:ff:d1:
                    01:90:43:83:9e:84:4b:8e:68:7a:22:fb:8c:dc:c6:
                    3e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B6:71:E4:E0:48:FB:29:43:1E:EC:06:22:1C:84:8D:1E:2D:A2:87
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:fd:55:90:e6:c4:4b:de:67:77:cc:b6:cb:9e:95:40:cd:36:
         c4:26:7f:f2:7c:90:10:f1:fa:a5:50:df:f5:94:92:d6:fb:7b:
         52:19:6f:72:c2:e7:c4:86:db:84:13:64:ba:0c:5e:14:16:16:
         17:58:9b:b5:6c:43:54:74:98:00:4a:a1:d3:ef:29:e5:0e:16:
         0f:d3:03:53:0b:8b:ec:c8:0c:d4:6c:57:1f:ca:44:6e:a4:b2:
         55:ef:9d:d4:76:02:0e:6d:12:45:82:e9:e0:89:e4:01:93:93:
         13:5a:a1:a5:de:ce:7c:50:2d:06:a8:a6:55:d2:36:0b:8a:a0:
         fa:93:c0:74:17:ac:40:72:65:06:d7:c9:b9:23:f2:54:6f:de:
         4c:d3:fe:d7:5e:34:a8:ca:e7:f2:b1:91:44:fb:a5:d9:2d:83:
         7b:50:96:a5:24:fb:ee:79:b7:5e:cb:83:16:e1:5a:3b:27:74:
         c4:4c:6a:f1:f0:35:13:01:c7:24:74:4d:14:70:02:12:ff:dc:
         ea:1c:f7:36:78:9b:dd:de:ea:9a:c7:cf:ba:bd:29:91:3b:93:
         90:a7:63:32:5e:45:23:0e:96:f1:76:22:f4:fc:53:56:cd:44:
         2b:e5:01:41:3e:c4:2f:6b:59:0e:56:71:48:9a:9f:b7:e5:c2:
         08:90:bf:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNHf9mpmZAOnxMBkXMr74POLLH7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA2MDQwMzAyMjZaFw0yNTA2MDMwMzA3MjZaMDMxMTAvBgNV
BAMTKEE3QjY3MUU0RTA0OEZCMjk0MzFFRUMwNjIyMUM4NDhEMUUyREEyODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqZnfVLWlHScO1t9CjUtqKW3Ww
M2lhxapZqNRNlAzs9AM5BtalpVTSULlKh4iIOeDjPUcM1eKy2X7vF8rhy+79ToC0
GiTBfe9u76/t4nfn8q1rwEEZDC0ovpscyYDWur5OoJmF2X7sRPmd1l9kaC+PaV54
fHVY6324cno+2vYLGsExgzH5mGF3DDbkRG7yeYBYZbY4Qu+IEKM2IVUMnFHailfz
M3GJs6Z/Ld6ZvBM5JXdLViK44sASs4F7RHUIuq+Hq8hvEUt6NCadWi9P6zk04IVi
QuPaKLiPGeATmcpti1fsjQD8fCvl7AnryGn/0QGQQ4OehEuOaHoi+4zcxj47AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUp7Zx5OBI+ylDHuwGIhyEjR4toocwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk5OTI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsv
MA0GCSqGSIb3DQEBCwUAA4IBAQAh/VWQ5sRL3md3zLbLnpVAzTbEJn/yfJAQ8fql
UN/1lJLW+3tSGW9ywufEhtuEE2S6DF4UFhYXWJu1bENUdJgASqHT7ynlDhYP0wNT
C4vsyAzUbFcfykRupLJV753UdgIObRJFgungieQBk5MTWqGl3s58UC0GqKZV0jYL
iqD6k8B0F6xAcmUG18m5I/JUb95M0/7XXjSoyufysZFE+6XZLYN7UJalJPvuebde
y4MW4Vo7J3TETGrx8DUTAcckdE0UcAIS/9zqHPc2eJvd3uqax8+6vSmRO5OQp2My
XkUjDpbxdiL0/FNWzUQr5QFBPsQva1kOVnFImp+35cIIkL8t
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:59:15 2024 by rpki-client on console-ams.rpki-client.org