Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa
File:                     AS205684.roa (raw, json)
Hash identifier:          vztCLEjDS7d04vSdJ7e5oYpSSb4l4Vlroz0jUqRpxaU=
Subject key identifier:   57:D5:38:AC:1B:6C:85:35:0E:ED:2C:64:98:35:87:97:BC:F5:2A:26
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       71B085D5BA352427B8613B62BE8BE711E084C4D4
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa
Signing time:             Tue 29 Oct 2024 15:43:26 +0000
ROA not before:           Tue 29 Oct 2024 15:38:26 +0000
ROA not after:            Tue 28 Oct 2025 15:43:26 +0000
asID:                     205684
IP address blocks:        141.11.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:b0:85:d5:ba:35:24:27:b8:61:3b:62:be:8b:e7:11:e0:84:c4:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:26 2024 GMT
            Not After : Oct 28 15:43:26 2025 GMT
        Subject: CN=57D538AC1B6C85350EED2C6498358797BCF52A26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:fe:a3:0b:ad:02:0e:84:f5:52:43:ea:4a:bc:
                    b9:b4:8a:0a:53:e9:4a:05:21:87:88:a5:e0:a8:a3:
                    60:04:89:8d:5e:df:a9:11:0a:3b:68:61:04:a1:0c:
                    76:6b:b7:0a:b7:9d:85:3d:03:57:9b:7d:85:b0:01:
                    ee:c0:50:af:87:3f:e3:cf:7e:4b:27:d0:90:54:f5:
                    2f:b6:98:ff:9e:fb:6a:e6:ce:36:c7:e5:51:d7:8f:
                    a2:5d:81:cd:79:70:a6:81:a3:f5:19:fc:74:f9:ef:
                    08:64:6c:5a:8d:4c:54:01:19:1c:bf:59:bd:cb:cb:
                    64:2c:c4:39:e1:f9:b1:9a:ef:1e:4b:2b:d4:81:3f:
                    07:1f:66:46:d3:47:49:ec:61:ee:b3:ea:c5:f5:cb:
                    fc:5b:3c:a5:df:c3:62:43:1e:d6:25:d5:20:12:ea:
                    a4:1f:a9:4e:92:5f:d0:ca:17:9d:ef:82:dd:2f:05:
                    f5:ac:a9:df:38:56:c7:cb:f1:7e:35:bf:47:fe:7c:
                    99:63:6e:cc:91:fe:46:2b:50:9a:07:30:5c:33:e8:
                    53:fa:c2:1f:66:ec:a7:0d:79:4c:02:9d:eb:c2:c5:
                    dc:ef:52:9d:95:e6:4e:56:1b:93:7d:21:34:10:19:
                    cb:84:3d:0b:16:b4:e2:d6:da:07:71:1f:0b:8e:b3:
                    d5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:D5:38:AC:1B:6C:85:35:0E:ED:2C:64:98:35:87:97:BC:F5:2A:26
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:93:47:72:a0:ea:26:49:80:98:ba:8a:b5:42:be:9b:35:ef:
         8c:47:a7:d9:51:ba:62:2e:2c:57:7a:84:d7:d6:de:50:ab:50:
         4d:24:2d:89:cb:dc:09:9f:78:49:da:74:43:7a:61:ba:7e:3e:
         d6:48:0a:87:e1:5e:91:06:77:53:15:74:0a:1d:3d:6c:47:ee:
         33:11:26:47:9b:51:8c:91:df:72:2a:d3:77:10:18:9a:31:90:
         1f:20:cb:c2:83:bc:50:47:2f:7b:ca:95:20:9f:1a:2b:3c:db:
         bf:1e:5b:83:10:fd:ec:fb:f3:d7:f4:89:bd:7f:1c:ac:e2:81:
         96:b4:e9:d9:0a:b5:bb:b1:7c:d7:a6:c1:eb:f1:c2:b8:0d:b3:
         d6:83:2f:28:39:9d:e4:65:4d:d6:16:fd:fb:34:01:fc:a5:6a:
         36:a5:19:f5:0f:d5:e8:6e:c0:f2:32:b7:ad:02:bc:d9:08:64:
         ef:82:68:7b:67:07:72:e1:f0:c5:e7:a5:08:ab:5c:bc:14:d6:
         b2:63:b9:32:16:99:05:a0:40:3a:8e:04:b6:cd:f0:52:fe:1d:
         1b:f8:d9:41:53:ce:15:27:9c:7c:e4:b0:14:b0:41:e0:38:b3:
         03:a6:8e:d0:51:59:96:28:80:f4:3b:bc:7c:d9:dc:58:32:04:
         5d:3c:45:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcbCF1bo1JCe4YTtivovnEeCExNQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjZaFw0yNTEwMjgxNTQzMjZaMDMxMTAvBgNV
BAMTKDU3RDUzOEFDMUI2Qzg1MzUwRUVEMkM2NDk4MzU4Nzk3QkNGNTJBMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS/qMLrQIOhPVSQ+pKvLm0igpT
6UoFIYeIpeCoo2AEiY1e36kRCjtoYQShDHZrtwq3nYU9A1ebfYWwAe7AUK+HP+PP
fksn0JBU9S+2mP+e+2rmzjbH5VHXj6Jdgc15cKaBo/UZ/HT57whkbFqNTFQBGRy/
Wb3Ly2QsxDnh+bGa7x5LK9SBPwcfZkbTR0nsYe6z6sX1y/xbPKXfw2JDHtYl1SAS
6qQfqU6SX9DKF53vgt0vBfWsqd84VsfL8X41v0f+fJljbsyR/kYrUJoHMFwz6FP6
wh9m7KcNeUwCnevCxdzvUp2V5k5WG5N9ITQQGcuEPQsWtOLW2gdxHwuOs9UnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUV9U4rBtshTUO7SxkmDWHl7z1KiYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1Njg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtu
MA0GCSqGSIb3DQEBCwUAA4IBAQBsk0dyoOomSYCYuoq1Qr6bNe+MR6fZUbpiLixX
eoTX1t5Qq1BNJC2Jy9wJn3hJ2nRDemG6fj7WSAqH4V6RBndTFXQKHT1sR+4zESZH
m1GMkd9yKtN3EBiaMZAfIMvCg7xQRy97ypUgnxorPNu/HluDEP3s+/PX9Im9fxys
4oGWtOnZCrW7sXzXpsHr8cK4DbPWgy8oOZ3kZU3WFv37NAH8pWo2pRn1D9XobsDy
MretArzZCGTvgmh7Zwdy4fDF56UIq1y8FNayY7kyFpkFoEA6jgS2zfBS/h0b+NlB
U84VJ5x85LAUsEHgOLMDpo7QUVmWKID0O7x82dxYMgRdPEUX
-----END CERTIFICATE-----