Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205220.roa
File:                     AS205220.roa (raw, json)
Hash identifier:          phioTWQsENJGbo1MQxHVGLtGoJqSV0rL4lAiblI0jaA=
Subject key identifier:   03:61:82:56:95:B7:EF:BA:31:10:8B:B1:63:E2:7C:F7:18:CA:D8:A9
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7770750359CEF95AEA08D1CCCEC2AE131C597040
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205220.roa
Signing time:             Tue 29 Oct 2024 15:43:25 +0000
ROA not before:           Tue 29 Oct 2024 15:38:25 +0000
ROA not after:            Tue 28 Oct 2025 15:43:25 +0000
asID:                     205220
IP address blocks:        141.11.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:70:75:03:59:ce:f9:5a:ea:08:d1:cc:ce:c2:ae:13:1c:59:70:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:25 2024 GMT
            Not After : Oct 28 15:43:25 2025 GMT
        Subject: CN=0361825695B7EFBA31108BB163E27CF718CAD8A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fa:e7:76:60:38:a0:a4:ae:9a:b0:00:a5:af:
                    1e:d9:49:27:ac:65:45:7e:0a:8e:eb:cc:02:37:9d:
                    83:9d:c6:11:7d:38:f1:f4:7e:87:18:03:b3:75:fc:
                    9b:66:08:16:82:0c:21:35:ed:d7:de:1c:ff:0b:2a:
                    23:f1:3d:b2:0e:53:6a:c7:16:73:71:6a:04:13:b6:
                    e3:5d:b0:08:c1:ea:2b:fb:ee:ec:6f:60:c5:fa:ca:
                    e5:36:40:ae:e5:eb:d5:50:c6:77:50:3d:c9:dd:69:
                    3c:6b:72:6d:b6:aa:50:64:ba:88:7a:29:8a:44:4a:
                    c5:9b:a7:0a:b3:0e:64:7c:49:96:93:c3:93:bb:bf:
                    0e:c3:87:6b:09:12:bc:0f:4b:0d:fa:00:b6:c6:d7:
                    d2:11:0c:dc:fa:06:a0:09:23:d3:e4:c7:4d:82:4a:
                    01:0c:f5:1e:0a:99:dd:b4:55:ce:f8:20:b8:9a:9b:
                    11:b1:5d:d5:c2:56:35:25:1d:45:97:37:b3:72:27:
                    88:49:cc:b3:18:a2:51:23:0d:e7:f3:c5:0a:5d:83:
                    06:e5:cd:f8:cc:46:b3:7a:f8:35:64:52:26:c0:ac:
                    3f:6a:7f:f9:43:3a:71:35:83:d2:b7:9d:91:5b:bc:
                    48:52:f8:c4:6c:f4:0d:27:8f:3f:aa:a0:60:84:e4:
                    55:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:61:82:56:95:B7:EF:BA:31:10:8B:B1:63:E2:7C:F7:18:CA:D8:A9
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205220.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:9f:25:54:48:76:b6:08:8c:01:4d:83:ef:e7:04:7f:54:6c:
         67:fa:d4:3d:a9:fb:a5:3b:9b:2c:c7:e7:58:f6:5d:06:0b:07:
         02:a8:b6:9d:a9:5b:b8:5f:4f:28:f7:76:35:ff:90:82:fd:9d:
         a6:b0:74:ac:94:20:95:e8:83:d7:e1:34:ca:65:ae:50:e5:fe:
         68:42:28:8f:10:db:69:54:97:8f:6a:4d:6e:01:f8:ee:bf:75:
         c3:cb:ac:be:a3:e2:2a:9c:da:ac:51:98:16:7f:03:86:b2:2c:
         b6:fa:84:59:33:02:6c:46:71:39:30:2b:5c:4b:1c:16:95:81:
         6a:4b:92:98:99:8a:a9:f1:e0:6f:ad:ab:df:75:f8:a8:6f:e6:
         b8:9b:da:d9:1f:02:9b:df:93:f9:28:cf:e2:f6:35:da:af:91:
         29:69:43:bc:0e:83:eb:59:a1:ee:c6:d4:c6:e1:e8:59:eb:aa:
         4b:c0:68:26:9e:4e:d3:b4:59:d0:3d:67:f5:b6:27:d6:3d:55:
         41:d5:25:0a:f5:08:60:15:a7:b2:ce:a0:4b:7b:19:e2:ed:7b:
         5f:c7:58:21:a0:40:1f:85:37:b3:01:1e:99:4f:19:e1:4a:64:
         13:9d:13:2c:6e:82:04:d8:3c:d6:53:0d:e2:ce:22:c7:da:b0:
         77:30:00:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUd3B1A1nO+VrqCNHMzsKuExxZcEAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjVaFw0yNTEwMjgxNTQzMjVaMDMxMTAvBgNV
BAMTKDAzNjE4MjU2OTVCN0VGQkEzMTEwOEJCMTYzRTI3Q0Y3MThDQUQ4QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh+ud2YDigpK6asAClrx7ZSSes
ZUV+Co7rzAI3nYOdxhF9OPH0focYA7N1/JtmCBaCDCE17dfeHP8LKiPxPbIOU2rH
FnNxagQTtuNdsAjB6iv77uxvYMX6yuU2QK7l69VQxndQPcndaTxrcm22qlBkuoh6
KYpESsWbpwqzDmR8SZaTw5O7vw7Dh2sJErwPSw36ALbG19IRDNz6BqAJI9Pkx02C
SgEM9R4Kmd20Vc74ILiamxGxXdXCVjUlHUWXN7NyJ4hJzLMYolEjDefzxQpdgwbl
zfjMRrN6+DVkUibArD9qf/lDOnE1g9K3nZFbvEhS+MRs9A0njz+qoGCE5FVbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUA2GCVpW377oxEIuxY+J89xjK2KkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1MjIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjQtY
MA0GCSqGSIb3DQEBCwUAA4IBAQCKnyVUSHa2CIwBTYPv5wR/VGxn+tQ9qfulO5ss
x+dY9l0GCwcCqLadqVu4X08o93Y1/5CC/Z2msHSslCCV6IPX4TTKZa5Q5f5oQiiP
ENtpVJePak1uAfjuv3XDy6y+o+IqnNqsUZgWfwOGsiy2+oRZMwJsRnE5MCtcSxwW
lYFqS5KYmYqp8eBvravfdfiob+a4m9rZHwKb35P5KM/i9jXar5EpaUO8DoPrWaHu
xtTG4ehZ66pLwGgmnk7TtFnQPWf1tifWPVVB1SUK9QhgFaeyzqBLexni7Xtfx1gh
oEAfhTezAR6ZTxnhSmQTnRMsboIE2DzWUw3iziLH2rB3MACW
-----END CERTIFICATE-----