Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205450.roa
File:                     AS205450.roa (raw, json)
Hash identifier:          eRARmFctOIJop8w7BFZvGBr5En7ziOxEmXNcmTYmJRs=
Subject key identifier:   0D:53:30:56:00:5B:BD:23:05:2F:CE:A7:13:FF:8C:35:6F:FE:34:4B
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4207AF32237E2ADA7EC4DF4E7E2B4E85570BC7E6
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205450.roa
Signing time:             Wed 08 Nov 2023 12:24:16 +0000
ROA not before:           Wed 08 Nov 2023 12:19:16 +0000
ROA not after:            Wed 06 Nov 2024 12:24:16 +0000
asID:                     205450
IP address blocks:        141.11.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:07:af:32:23:7e:2a:da:7e:c4:df:4e:7e:2b:4e:85:57:0b:c7:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov  8 12:19:16 2023 GMT
            Not After : Nov  6 12:24:16 2024 GMT
        Subject: CN=0D533056005BBD23052FCEA713FF8C356FFE344B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c7:cf:ab:88:af:7c:45:42:a6:ee:3b:21:f7:
                    ea:9e:41:be:0f:3d:c0:f5:fb:47:01:fb:7c:8a:69:
                    d6:56:a6:57:5a:c8:62:c4:de:03:11:9d:8f:45:c7:
                    eb:df:03:61:18:4b:05:4f:74:84:65:f7:f9:64:27:
                    a6:cd:90:eb:90:3b:81:6c:87:79:4a:18:0a:04:11:
                    5a:c3:c3:04:a4:d6:39:79:7f:e6:77:24:68:59:d5:
                    2b:73:00:e1:b3:f1:87:d1:00:60:6b:10:8a:1e:be:
                    67:97:31:69:0f:34:9e:14:a6:58:a6:dc:a7:22:d1:
                    a7:6e:4a:c9:e8:7d:38:35:1b:08:61:ca:b7:22:1a:
                    90:cb:6f:0e:a5:b8:76:01:2c:54:70:fc:71:74:d3:
                    57:ff:54:b2:39:82:84:b3:e8:42:71:b3:25:ca:8b:
                    88:5d:c1:0e:44:b1:21:45:f1:21:c0:d5:27:cd:53:
                    6f:62:27:f2:14:6c:83:05:58:a2:4f:db:73:61:23:
                    07:dc:3f:49:a2:0a:bd:cb:ee:f9:7c:12:48:15:1a:
                    e5:23:aa:1a:f8:69:a3:f5:b6:81:8f:8f:26:cc:ae:
                    e2:bd:fb:d0:bf:c5:58:0c:92:c9:23:8b:33:04:8f:
                    ed:1d:81:4c:fb:3e:9f:c8:63:05:b8:29:44:74:a9:
                    1c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:53:30:56:00:5B:BD:23:05:2F:CE:A7:13:FF:8C:35:6F:FE:34:4B
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:c3:65:f4:80:4d:cc:b9:78:8c:e6:64:75:6f:9f:3e:ba:67:
         a8:53:9a:25:3d:ac:6a:ae:a9:d3:77:8b:11:d2:a1:cc:94:c8:
         eb:be:0f:4d:bc:9f:bf:2c:64:34:ec:01:10:37:b4:69:e6:80:
         c6:d5:4b:2f:9f:50:7e:19:a8:97:7b:2e:19:2a:29:85:ac:5a:
         2d:f2:f1:a0:6d:fc:f7:02:99:91:93:b8:45:b5:22:c9:75:06:
         68:d6:95:a2:49:97:06:97:46:36:36:c8:6f:4e:95:c1:92:f9:
         01:8d:75:f2:c1:81:24:69:ed:1f:67:1d:b1:76:96:44:8e:f8:
         d2:91:e2:de:21:78:6e:1c:39:29:bd:ad:32:33:8b:0c:a1:cf:
         45:6d:a1:02:2a:61:78:2e:cb:f9:23:d0:2a:c4:a6:27:46:2e:
         4c:af:67:19:d5:ac:8e:ff:d1:b8:c5:1f:49:20:07:3d:90:ee:
         14:7a:63:19:d5:ce:38:72:9a:7b:a2:c7:f5:8a:07:8d:77:06:
         04:98:ea:6b:09:d5:b5:9b:9e:e3:fe:98:24:90:f5:b7:a0:d6:
         ae:82:91:aa:7f:66:9c:51:d9:de:72:eb:61:43:0f:19:b5:b1:
         58:fe:b0:fc:c7:57:55:57:dd:e5:58:f7:dc:7a:09:d8:47:91:
         32:f0:12:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQgevMiN+Ktp+xN9OfitOhVcLx+YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMDgxMjE5MTZaFw0yNDExMDYxMjI0MTZaMDMxMTAvBgNV
BAMTKDBENTMzMDU2MDA1QkJEMjMwNTJGQ0VBNzEzRkY4QzM1NkZGRTM0NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOx8+riK98RUKm7jsh9+qeQb4P
PcD1+0cB+3yKadZWpldayGLE3gMRnY9Fx+vfA2EYSwVPdIRl9/lkJ6bNkOuQO4Fs
h3lKGAoEEVrDwwSk1jl5f+Z3JGhZ1StzAOGz8YfRAGBrEIoevmeXMWkPNJ4Uplim
3Kci0aduSsnofTg1GwhhyrciGpDLbw6luHYBLFRw/HF001f/VLI5goSz6EJxsyXK
i4hdwQ5EsSFF8SHA1SfNU29iJ/IUbIMFWKJP23NhIwfcP0miCr3L7vl8EkgVGuUj
qhr4aaP1toGPjybMruK9+9C/xVgMkskjizMEj+0dgUz7Pp/IYwW4KUR0qRxjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDVMwVgBbvSMFL86nE/+MNW/+NEswHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1NDUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsF
MA0GCSqGSIb3DQEBCwUAA4IBAQDWw2X0gE3MuXiM5mR1b58+umeoU5olPaxqrqnT
d4sR0qHMlMjrvg9NvJ+/LGQ07AEQN7Rp5oDG1Usvn1B+GaiXey4ZKimFrFot8vGg
bfz3ApmRk7hFtSLJdQZo1pWiSZcGl0Y2NshvTpXBkvkBjXXywYEkae0fZx2xdpZE
jvjSkeLeIXhuHDkpva0yM4sMoc9FbaECKmF4Lsv5I9AqxKYnRi5Mr2cZ1ayO/9G4
xR9JIAc9kO4UemMZ1c44cpp7osf1igeNdwYEmOprCdW1m57j/pgkkPW3oNaugpGq
f2acUdnecuthQw8ZtbFY/rD8x1dVV93lWPfcegnYR5Ey8BKX
-----END CERTIFICATE-----