Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa
File:                     AS205684.roa (raw, json)
Hash identifier:          /hZOq+LnouzFsWozxuvJDjsIO0clz8bpv0utcIJN8Rk=
Subject key identifier:   59:49:7C:CA:D0:FE:42:B8:DA:12:5B:C1:8D:52:59:68:93:8A:CC:F6
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7311966B3B6262573F1E1EA0F783AFE21B193735
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     205684
IP address blocks:        141.11.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:11:96:6b:3b:62:62:57:3f:1e:1e:a0:f7:83:af:e2:1b:19:37:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=59497CCAD0FE42B8DA125BC18D525968938ACCF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8d:d0:b4:16:73:a2:92:9e:49:63:88:fa:dd:
                    62:de:08:eb:28:83:c9:f7:ed:6c:74:91:4d:b8:94:
                    e9:a7:ee:39:52:fb:0d:ae:42:0a:2b:6a:21:4b:7c:
                    61:bc:25:3e:a4:c7:d5:9b:be:93:55:69:0e:f2:73:
                    7b:28:bb:3a:80:4d:6d:88:8d:78:31:e7:22:e8:14:
                    e6:b6:7c:11:0d:d2:77:38:22:d6:a9:7d:f1:cc:0a:
                    92:d4:7d:f3:4f:f2:cd:7a:30:37:ca:86:08:9c:a8:
                    2f:2a:54:10:5b:e2:62:39:a9:7e:08:b8:66:a7:a6:
                    f1:d0:2f:e8:72:0b:b6:28:b4:9d:81:9a:a1:c9:da:
                    78:3f:8e:66:29:4b:fe:c9:6d:4a:8d:4b:df:9b:53:
                    62:a0:65:6e:d4:69:3b:7e:71:6c:33:c2:c1:78:4f:
                    0a:f6:47:50:75:9e:80:53:f2:f9:1d:0a:55:ac:9a:
                    47:02:e0:95:20:ed:59:e2:0a:94:7b:e3:1d:54:2a:
                    72:51:e2:11:2d:69:5e:1a:cc:51:0c:f4:3b:ee:3b:
                    13:84:e3:d3:89:ff:1d:ca:27:dd:9a:fe:08:05:01:
                    13:65:a9:e1:c6:ea:5f:8f:a2:4f:4d:36:7c:ad:e0:
                    4d:63:7d:6c:59:80:bf:89:78:f6:12:c1:73:83:95:
                    d5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:49:7C:CA:D0:FE:42:B8:DA:12:5B:C1:8D:52:59:68:93:8A:CC:F6
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:7a:de:46:ea:19:0d:d7:f7:9f:56:a6:1b:c4:1e:ab:3d:97:
         d7:d2:35:eb:74:ab:03:d7:24:c1:da:45:07:35:d7:ac:1f:1a:
         9b:79:e2:ef:0b:91:22:03:0c:89:cd:d2:75:d2:ad:b6:47:b1:
         92:aa:3e:8e:5e:7b:7d:32:00:6b:d5:7f:ac:17:d9:ab:9a:3d:
         43:ca:4d:27:c5:7b:91:2e:cf:d1:b4:30:67:37:53:79:15:67:
         33:02:5f:41:b9:9d:78:ba:7c:a6:7a:30:fb:bb:76:d5:64:0b:
         48:f4:e4:ef:4a:ef:b1:95:19:af:a8:23:99:0b:cb:87:d9:54:
         7d:8b:cb:1f:1d:93:78:8f:0c:11:c7:4b:34:f6:e6:ee:32:59:
         42:0c:71:1f:83:47:9c:30:a8:b3:84:84:0c:29:df:2f:73:c1:
         ca:ea:4a:61:78:e4:4d:69:f0:3b:e5:0d:05:4e:f9:a4:ad:37:
         c6:09:2d:29:1f:bc:f0:8f:7a:23:50:78:a6:86:c8:4f:8a:44:
         2e:18:0e:12:f9:07:35:f0:5a:fc:11:02:ce:7c:87:7f:58:26:
         cd:67:55:0b:00:14:4b:5f:e5:bf:5a:26:75:e7:a9:55:71:25:
         6f:5c:77:6d:cf:86:29:29:d9:1a:9a:f9:ce:cd:00:f6:7e:1f:
         69:81:66:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcxGWaztiYlc/Hh6g94Ov4hsZNzUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKDU5NDk3Q0NBRDBGRTQyQjhEQTEyNUJDMThENTI1OTY4OTM4QUNDRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzjdC0FnOikp5JY4j63WLeCOso
g8n37Wx0kU24lOmn7jlS+w2uQgoraiFLfGG8JT6kx9WbvpNVaQ7yc3souzqATW2I
jXgx5yLoFOa2fBEN0nc4ItapffHMCpLUffNP8s16MDfKhgicqC8qVBBb4mI5qX4I
uGanpvHQL+hyC7YotJ2BmqHJ2ng/jmYpS/7JbUqNS9+bU2KgZW7UaTt+cWwzwsF4
Twr2R1B1noBT8vkdClWsmkcC4JUg7VniCpR74x1UKnJR4hEtaV4azFEM9DvuOxOE
49OJ/x3KJ92a/ggFARNlqeHG6l+Pok9NNnyt4E1jfWxZgL+JePYSwXODldW/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWUl8ytD+QrjaElvBjVJZaJOKzPYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1Njg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtu
MA0GCSqGSIb3DQEBCwUAA4IBAQCzet5G6hkN1/efVqYbxB6rPZfX0jXrdKsD1yTB
2kUHNdesHxqbeeLvC5EiAwyJzdJ10q22R7GSqj6OXnt9MgBr1X+sF9mrmj1Dyk0n
xXuRLs/RtDBnN1N5FWczAl9BuZ14unymejD7u3bVZAtI9OTvSu+xlRmvqCOZC8uH
2VR9i8sfHZN4jwwRx0s09ubuMllCDHEfg0ecMKizhIQMKd8vc8HK6kpheORNafA7
5Q0FTvmkrTfGCS0pH7zwj3ojUHimhshPikQuGA4S+Qc18Fr8EQLOfId/WCbNZ1UL
ABRLX+W/WiZ156lVcSVvXHdtz4YpKdkamvnOzQD2fh9pgWYx
-----END CERTIFICATE-----