Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205817.roa
File:                     AS205817.roa (raw, json)
Hash identifier:          pBx0oNNuWW4fYObMrqaWxJ8ZaBBcQMN5ENThw4TrPXQ=
Subject key identifier:   0C:82:A4:0C:4F:2A:F6:8F:16:5C:9D:15:72:57:6F:B2:28:BD:BE:37
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7D20873D134C16699E1F83404F27A90F1A7772F2
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205817.roa
Signing time:             Tue 28 Nov 2023 15:05:05 +0000
ROA not before:           Tue 28 Nov 2023 15:00:05 +0000
ROA not after:            Tue 26 Nov 2024 15:05:05 +0000
asID:                     205817
IP address blocks:        141.11.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:20:87:3d:13:4c:16:69:9e:1f:83:40:4f:27:a9:0f:1a:77:72:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:05 2023 GMT
            Not After : Nov 26 15:05:05 2024 GMT
        Subject: CN=0C82A40C4F2AF68F165C9D1572576FB228BDBE37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6c:c3:fa:ef:db:3f:06:99:c7:dc:1d:7a:ba:
                    86:36:db:bd:8b:e8:9d:51:17:8a:0d:e6:c9:9a:95:
                    02:18:90:be:3f:7e:ca:5a:81:d1:59:54:9a:72:76:
                    60:69:75:49:7f:f2:54:12:d5:6b:12:87:f0:d1:2e:
                    05:d0:0d:e0:d9:72:c0:e7:fe:a5:b4:9b:16:3e:ca:
                    5e:a0:a6:88:f4:1e:14:16:2f:cb:9f:2a:92:ae:64:
                    5c:d0:df:f3:25:2c:5c:69:c0:d5:ea:8a:86:eb:eb:
                    f1:39:99:6b:7b:21:99:7b:dd:16:d3:98:b1:19:71:
                    dd:1c:63:b0:95:d0:7e:40:8f:f3:9f:b2:7c:bc:38:
                    eb:b4:16:d1:a7:ce:32:97:fb:6c:fc:03:e7:7f:74:
                    b3:4b:a8:d4:01:49:0d:ef:56:7c:ce:31:a5:aa:21:
                    e3:1b:ad:76:6d:b8:a9:cc:8f:a9:3f:0f:8b:2e:df:
                    a7:93:c7:e9:15:b1:a7:91:09:fb:ef:b6:10:58:a3:
                    14:e4:a2:99:45:4c:a0:bf:5f:69:f7:16:c6:5f:1d:
                    0c:ec:74:b4:81:d1:b1:a5:c6:ce:6a:72:2c:fd:9a:
                    cd:0c:8f:46:61:ff:f1:53:c1:b8:81:e9:a5:79:28:
                    a8:6d:0a:bf:31:e3:0f:7d:34:e0:9d:d2:e1:e0:4c:
                    4a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:82:A4:0C:4F:2A:F6:8F:16:5C:9D:15:72:57:6F:B2:28:BD:BE:37
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205817.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0c:8c:7d:8e:61:58:8a:7f:73:5e:61:8c:9c:5b:23:c2:8e:80:
         49:8c:7a:ce:dc:53:48:b4:d5:c1:4e:ad:05:15:dd:b8:33:29:
         4c:58:9d:70:38:9f:f7:a6:4f:64:72:d3:55:c9:fe:59:18:61:
         27:27:6c:d0:cd:7a:52:39:b9:43:44:d7:45:17:8e:2a:81:23:
         ea:a6:b6:fb:53:bb:9c:ab:57:10:f9:d7:c0:b1:9c:8c:9e:d5:
         72:b3:70:c7:bf:2f:50:c0:d7:66:fa:d5:69:bf:9d:ba:3b:e4:
         97:8c:1f:f5:48:a8:52:c0:64:bb:49:19:e5:3f:c5:e0:81:04:
         89:16:b2:df:a1:84:2f:10:d4:88:3e:01:d7:9f:d2:76:12:c3:
         d8:15:3a:be:a3:11:8d:28:ec:3e:64:df:46:e2:7d:91:2b:25:
         c6:0b:c8:f1:1a:92:88:90:c5:9e:9f:7e:52:77:c2:c1:f5:96:
         f6:92:13:a5:3e:df:82:50:b6:b1:ad:f8:9a:c3:b3:31:a2:1f:
         e1:0b:27:a5:88:3c:c8:31:c2:85:c9:0c:d1:ab:02:01:94:78:
         4f:1c:bf:82:fa:38:2b:75:7b:25:1a:a0:fa:de:f3:38:f8:06:
         49:58:ea:b8:5c:fb:c1:a8:ae:5c:bf:ba:18:d7:b4:a2:ac:96:
         1e:c5:90:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfSCHPRNMFmmeH4NATyepDxp3cvIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDVaFw0yNDExMjYxNTA1MDVaMDMxMTAvBgNV
BAMTKDBDODJBNDBDNEYyQUY2OEYxNjVDOUQxNTcyNTc2RkIyMjhCREJFMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQbMP679s/BpnH3B16uoY2272L
6J1RF4oN5smalQIYkL4/fspagdFZVJpydmBpdUl/8lQS1WsSh/DRLgXQDeDZcsDn
/qW0mxY+yl6gpoj0HhQWL8ufKpKuZFzQ3/MlLFxpwNXqiobr6/E5mWt7IZl73RbT
mLEZcd0cY7CV0H5Aj/Ofsny8OOu0FtGnzjKX+2z8A+d/dLNLqNQBSQ3vVnzOMaWq
IeMbrXZtuKnMj6k/D4su36eTx+kVsaeRCfvvthBYoxTkoplFTKC/X2n3FsZfHQzs
dLSB0bGlxs5qciz9ms0Mj0Zh//FTwbiB6aV5KKhtCr8x4w99NOCd0uHgTEqlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDIKkDE8q9o8WXJ0Vcldvsii9vjcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1ODE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEjQsw
MA0GCSqGSIb3DQEBCwUAA4IBAQAMjH2OYViKf3NeYYycWyPCjoBJjHrO3FNItNXB
Tq0FFd24MylMWJ1wOJ/3pk9kctNVyf5ZGGEnJ2zQzXpSOblDRNdFF44qgSPqprb7
U7ucq1cQ+dfAsZyMntVys3DHvy9QwNdm+tVpv526O+SXjB/1SKhSwGS7SRnlP8Xg
gQSJFrLfoYQvENSIPgHXn9J2EsPYFTq+oxGNKOw+ZN9G4n2RKyXGC8jxGpKIkMWe
n35Sd8LB9Zb2khOlPt+CULaxrfiaw7Mxoh/hCyeliDzIMcKFyQzRqwIBlHhPHL+C
+jgrdXslGqD63vM4+AZJWOq4XPvBqK5cv7oY17SirJYexZDR
-----END CERTIFICATE-----