Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205220.roa
File:                     AS205220.roa (raw, json)
Hash identifier:          uOuYloCloS6ektOdY187cET4+r0U02Q92xmIBVjEstc=
Subject key identifier:   A8:B6:C4:72:6E:06:50:5D:0C:07:35:4D:A4:F1:0B:79:22:1E:EB:2C
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7D7868511C33F8A05F190B0DB2D7E82A48F6D4FC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205220.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     205220
IP address blocks:        141.11.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:78:68:51:1c:33:f8:a0:5f:19:0b:0d:b2:d7:e8:2a:48:f6:d4:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=A8B6C4726E06505D0C07354DA4F10B79221EEB2C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bd:f6:ec:c6:84:87:1a:cb:8a:c5:27:0f:80:
                    23:10:ee:2d:87:6e:4b:df:0f:5f:d8:b6:1e:21:c8:
                    27:f8:14:b1:01:eb:91:97:fa:ce:32:a1:55:ca:7f:
                    72:6e:0f:d7:1a:b7:53:a0:f7:32:4e:a5:ea:2b:ac:
                    61:90:5a:9c:8e:3e:82:0a:17:65:f7:8d:93:1a:3c:
                    1b:99:c8:3d:21:11:19:c7:73:a4:21:26:88:46:8f:
                    1b:c4:aa:ef:38:16:ee:a5:9f:76:57:d6:9a:de:36:
                    60:98:94:5d:72:7f:57:54:1f:2e:d2:ae:50:f4:32:
                    08:8f:59:50:fd:65:77:95:8f:e6:75:28:89:15:88:
                    76:b1:8c:4b:1f:89:2d:17:f9:f7:8f:0a:27:a5:71:
                    ef:41:64:b9:ea:cc:99:cc:a9:14:de:fe:42:c1:e1:
                    8c:3b:55:d1:a8:7e:48:75:29:72:2e:9f:53:4b:a2:
                    5f:8a:ca:c2:44:7e:16:9e:57:9f:7e:ee:1b:07:08:
                    12:5b:5b:79:bd:15:0c:85:a1:3a:46:97:e5:80:5b:
                    04:08:57:77:9a:dd:16:09:86:d8:9e:69:73:d9:fe:
                    92:62:70:d9:2d:30:e6:d0:73:ea:e5:49:a3:29:bf:
                    66:44:c5:d4:65:38:6e:cc:8b:fc:d9:09:18:b3:43:
                    9f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B6:C4:72:6E:06:50:5D:0C:07:35:4D:A4:F1:0B:79:22:1E:EB:2C
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205220.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d0:ee:7e:6c:6d:97:70:0e:7b:f2:2c:11:15:db:f3:5a:55:7f:
         25:9b:29:33:d6:c9:94:4e:96:29:6b:2b:ea:43:50:9a:51:02:
         fa:4a:fb:ca:8a:13:54:24:bf:6a:35:a4:4e:7d:d9:98:70:6a:
         1b:93:3d:a5:ee:3c:67:8a:89:c7:c0:a5:6e:29:f4:b9:81:1e:
         67:c6:78:ef:61:da:2d:5e:0c:74:71:2d:e4:a7:f7:1f:dd:77:
         76:e9:18:32:88:fa:aa:69:6b:56:97:b7:98:3e:b7:47:e7:b1:
         59:08:11:3c:99:a2:6e:51:11:b0:e1:b8:bf:c9:57:bb:4b:e9:
         5f:ed:bf:01:10:91:f9:77:be:ae:39:95:0e:09:b4:fb:bb:ce:
         c5:b0:58:72:b1:f3:a4:9d:bf:db:1d:66:2e:19:5c:50:25:3a:
         b4:70:dd:b1:52:a5:39:bd:38:62:31:08:6d:10:60:31:dc:87:
         dc:54:29:4b:0e:63:0c:72:4a:aa:fa:9d:f6:4d:c6:fb:95:2d:
         50:40:27:d6:7d:30:f2:0d:cd:33:49:27:77:7e:6a:39:dc:84:
         2a:95:a9:fc:21:2a:a8:80:9a:74:9d:35:13:04:3c:5c:de:56:
         f6:f1:0a:37:04:0d:02:77:d7:76:92:b7:28:2e:b7:0a:85:28:
         d5:be:3c:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfXhoURwz+KBfGQsNstfoKkj21PwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKEE4QjZDNDcyNkUwNjUwNUQwQzA3MzU0REE0RjEwQjc5MjIxRUVCMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnvfbsxoSHGsuKxScPgCMQ7i2H
bkvfD1/Yth4hyCf4FLEB65GX+s4yoVXKf3JuD9cat1Og9zJOpeorrGGQWpyOPoIK
F2X3jZMaPBuZyD0hERnHc6QhJohGjxvEqu84Fu6ln3ZX1preNmCYlF1yf1dUHy7S
rlD0MgiPWVD9ZXeVj+Z1KIkViHaxjEsfiS0X+fePCielce9BZLnqzJnMqRTe/kLB
4Yw7VdGofkh1KXIun1NLol+KysJEfhaeV59+7hsHCBJbW3m9FQyFoTpGl+WAWwQI
V3ea3RYJhtieaXPZ/pJicNktMObQc+rlSaMpv2ZExdRlOG7Mi/zZCRizQ5+hAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqLbEcm4GUF0MBzVNpPELeSIe6ywwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1MjIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjQtY
MA0GCSqGSIb3DQEBCwUAA4IBAQDQ7n5sbZdwDnvyLBEV2/NaVX8lmykz1smUTpYp
ayvqQ1CaUQL6SvvKihNUJL9qNaROfdmYcGobkz2l7jxnionHwKVuKfS5gR5nxnjv
YdotXgx0cS3kp/cf3Xd26RgyiPqqaWtWl7eYPrdH57FZCBE8maJuURGw4bi/yVe7
S+lf7b8BEJH5d76uOZUOCbT7u87FsFhysfOknb/bHWYuGVxQJTq0cN2xUqU5vThi
MQhtEGAx3IfcVClLDmMMckqq+p32Tcb7lS1QQCfWfTDyDc0zSSd3fmo53IQqlan8
ISqogJp0nTUTBDxc3lb28Qo3BA0Cd9d2krcoLrcKhSjVvjyv
-----END CERTIFICATE-----