Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS200239.roa
File:                     AS200239.roa (raw, json)
Hash identifier:          kqLw6ZPQqMlW7pt+GkJZnUUXBUZ1lxRLDiXTVB5l/xk=
Subject key identifier:   9F:C9:28:C6:3C:5C:3D:23:94:BC:58:37:83:B7:C7:00:FF:4C:C6:C8
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7CFEB3B209D218D72EC6DA221ACB5FB95E2AE924
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS200239.roa
Signing time:             Tue 11 Mar 2025 15:29:20 +0000
ROA not before:           Tue 11 Mar 2025 15:24:20 +0000
ROA not after:            Tue 10 Mar 2026 15:29:20 +0000
asID:                     200239
IP address blocks:        141.11.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:fe:b3:b2:09:d2:18:d7:2e:c6:da:22:1a:cb:5f:b9:5e:2a:e9:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 11 15:24:20 2025 GMT
            Not After : Mar 10 15:29:20 2026 GMT
        Subject: CN=9FC928C63C5C3D2394BC583783B7C700FF4CC6C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b2:ec:04:ef:f8:a6:57:6f:84:78:69:84:1d:
                    c3:af:1e:b4:32:4b:aa:61:b4:7d:bb:d2:aa:e0:31:
                    58:a7:cb:52:89:42:3a:55:fa:53:65:5d:7b:6c:de:
                    df:c2:f6:3f:20:dc:85:f9:f6:8a:37:cc:6b:f6:0c:
                    4c:fe:5d:19:12:b1:74:db:4f:c7:2f:d6:b3:ea:e6:
                    3f:0f:6e:31:8d:b7:3d:49:32:ef:1c:7a:6e:47:be:
                    95:8b:f0:66:6d:50:3a:0e:78:4f:b8:7c:83:7e:72:
                    dc:90:f1:8a:dc:bc:80:2a:96:ee:36:85:c7:a5:66:
                    17:8f:10:f3:5d:8b:0c:52:44:f5:71:38:f9:52:ea:
                    c6:a8:26:30:6e:71:85:72:65:59:c1:20:dc:91:a9:
                    a6:4b:61:6a:0b:48:28:67:63:51:95:0e:75:f0:5a:
                    de:65:71:5b:93:2d:ca:62:ab:2b:e3:1a:c3:17:1a:
                    71:0a:74:18:0b:53:13:6e:44:f7:15:5e:34:c5:8e:
                    b3:66:0c:b6:ad:51:89:29:b0:40:08:b2:e4:64:71:
                    33:a7:52:78:96:eb:20:a7:47:f3:76:bf:04:1a:b8:
                    b6:6c:08:84:88:f2:9c:aa:fd:8b:8c:eb:c7:65:d4:
                    15:ff:cf:82:f8:75:2c:16:8e:8d:3d:ba:d5:09:4d:
                    cc:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:C9:28:C6:3C:5C:3D:23:94:BC:58:37:83:B7:C7:00:FF:4C:C6:C8
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS200239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:be:91:86:ca:79:b3:98:5b:5b:28:50:4a:a0:8e:01:38:af:
         45:e4:be:d1:eb:e5:0a:6b:2d:2a:d1:aa:94:68:e4:af:62:f5:
         16:ac:95:47:6e:60:f5:ae:04:48:3f:32:2b:54:75:37:8a:6d:
         18:ee:10:2a:2d:a5:ae:9c:da:06:1a:45:a2:ed:b7:f7:c1:b5:
         00:df:88:c3:ec:31:d8:b8:84:31:f8:4c:4c:72:ee:5f:39:58:
         b5:0b:57:7e:bd:9b:2f:55:0b:6d:5a:d7:c9:d7:9b:d7:29:26:
         b9:c7:c0:4a:4a:ee:d0:86:5b:1b:f5:0f:2e:3d:2a:3e:ff:ab:
         42:a3:70:a4:01:d3:44:9a:03:0c:7d:4f:82:1d:81:d5:bd:8f:
         8b:e1:df:90:db:7e:1e:5d:d4:f9:bc:04:2c:85:38:7a:97:2a:
         3a:71:f2:8e:b5:64:f5:a8:e3:61:6a:6d:9c:b5:c8:9a:ef:8c:
         2b:1b:68:1b:92:e4:1a:e8:ba:7f:3b:c9:b0:c7:6f:7b:7a:bb:
         6e:db:d1:83:37:f6:9d:a8:1d:71:70:f5:7b:e3:3d:95:b0:f7:
         ac:2f:30:69:d6:a9:c1:14:c3:e3:d8:df:e6:79:e9:64:33:ab:
         c5:16:67:01:2a:88:ed:df:16:16:98:7a:b4:f4:fb:dc:8d:77:
         a8:40:6f:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfP6zsgnSGNcuxtoiGstfuV4q6SQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTAzMTExNTI0MjBaFw0yNjAzMTAxNTI5MjBaMDMxMTAvBgNV
BAMTKDlGQzkyOEM2M0M1QzNEMjM5NEJDNTgzNzgzQjdDNzAwRkY0Q0M2QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXsuwE7/imV2+EeGmEHcOvHrQy
S6phtH270qrgMViny1KJQjpV+lNlXXts3t/C9j8g3IX59oo3zGv2DEz+XRkSsXTb
T8cv1rPq5j8PbjGNtz1JMu8cem5HvpWL8GZtUDoOeE+4fIN+ctyQ8YrcvIAqlu42
hcelZhePEPNdiwxSRPVxOPlS6saoJjBucYVyZVnBINyRqaZLYWoLSChnY1GVDnXw
Wt5lcVuTLcpiqyvjGsMXGnEKdBgLUxNuRPcVXjTFjrNmDLatUYkpsEAIsuRkcTOn
UniW6yCnR/N2vwQauLZsCISI8pyq/YuM68dl1BX/z4L4dSwWjo09utUJTczfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUn8koxjxcPSOUvFg3g7fHAP9MxsgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjAwMjM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvM
MA0GCSqGSIb3DQEBCwUAA4IBAQDJvpGGynmzmFtbKFBKoI4BOK9F5L7R6+UKay0q
0aqUaOSvYvUWrJVHbmD1rgRIPzIrVHU3im0Y7hAqLaWunNoGGkWi7bf3wbUA34jD
7DHYuIQx+ExMcu5fOVi1C1d+vZsvVQttWtfJ15vXKSa5x8BKSu7Qhlsb9Q8uPSo+
/6tCo3CkAdNEmgMMfU+CHYHVvY+L4d+Q234eXdT5vAQshTh6lyo6cfKOtWT1qONh
am2ctcia74wrG2gbkuQa6Lp/O8mwx297ertu29GDN/adqB1xcPV74z2VsPesLzBp
1qnBFMPj2N/meelkM6vFFmcBKojt3xYWmHq09PvcjXeoQG94
-----END CERTIFICATE-----