Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206092.roa
File:                     AS206092.roa (raw, json)
Hash identifier:          9H+QCMfSHW6waeBJpMT+WxbUX8pPUlnRwOvXY3r5ZJU=
Subject key identifier:   EC:10:DE:AE:50:32:C5:74:D3:FB:EB:B7:EB:7A:B7:B6:C7:FA:DA:84
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       612B1C243419E490270B004A2D24F4CEA26C7548
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206092.roa
Signing time:             Tue 29 Oct 2024 15:43:25 +0000
ROA not before:           Tue 29 Oct 2024 15:38:25 +0000
ROA not after:            Tue 28 Oct 2025 15:43:25 +0000
asID:                     206092
IP address blocks:        141.11.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:2b:1c:24:34:19:e4:90:27:0b:00:4a:2d:24:f4:ce:a2:6c:75:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:25 2024 GMT
            Not After : Oct 28 15:43:25 2025 GMT
        Subject: CN=EC10DEAE5032C574D3FBEBB7EB7AB7B6C7FADA84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a6:a7:2a:7c:10:42:44:1d:42:1c:33:bb:67:
                    72:f1:7b:61:a9:97:f7:91:57:dc:b4:bc:aa:63:44:
                    7f:5c:0a:7a:2a:62:e6:19:ec:c1:67:5d:8d:fd:b6:
                    d9:93:af:68:c9:d5:23:eb:e6:6d:92:db:18:28:8d:
                    87:cd:93:dc:f0:7c:2a:ef:88:c3:bc:bc:88:c5:8c:
                    95:b8:03:54:0a:7d:ae:58:21:3a:41:1c:2a:bb:66:
                    8b:17:6b:c3:e8:de:4c:de:63:bd:04:53:19:fe:8c:
                    78:b0:b7:2c:e8:ea:87:7b:a6:e2:cd:4e:ab:ef:54:
                    9c:6b:63:3a:a8:5d:ad:d9:08:a3:fd:7d:87:7c:99:
                    3f:00:25:fe:5e:e2:ae:da:f7:00:d3:ed:8a:a6:e6:
                    ca:5c:ef:8f:f9:20:69:13:4e:c0:5c:49:fa:bf:c0:
                    bf:ae:33:b7:b7:2f:b1:68:c3:2a:4e:0d:5e:d0:52:
                    69:54:77:93:6f:5a:b1:8e:cd:64:23:14:33:5a:bb:
                    c3:c4:f8:46:8c:8a:c3:f9:3c:69:fa:6d:00:45:5f:
                    f9:b1:ae:51:02:35:82:77:1b:91:da:ce:c9:44:3b:
                    92:a4:35:58:c5:61:39:01:e3:79:9c:7d:aa:6f:38:
                    aa:25:5d:c8:fb:52:4c:e5:18:c5:80:3d:dd:c0:cb:
                    15:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:10:DE:AE:50:32:C5:74:D3:FB:EB:B7:EB:7A:B7:B6:C7:FA:DA:84
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206092.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:d3:0c:56:8d:35:db:73:f2:78:9a:ca:1c:3c:ab:20:a0:fb:
         49:36:2a:4e:22:51:ac:d6:63:5c:d6:10:4d:15:70:e4:a0:e9:
         26:05:69:31:4c:0e:7a:6e:ae:36:3a:84:ac:87:b5:73:28:30:
         aa:78:9c:0e:43:e4:cc:a1:2e:df:45:a9:68:99:a7:79:eb:3d:
         70:94:62:f3:d8:90:f8:c8:d6:86:36:fc:37:2c:58:2a:29:c3:
         87:08:99:de:f5:43:6e:7f:13:1f:6a:9b:c4:be:c8:18:a5:5c:
         85:d6:ba:75:b1:5a:eb:60:50:54:19:3d:3a:95:07:09:8d:6e:
         f3:06:11:74:c2:f7:e1:25:36:8c:51:20:07:e9:a1:81:09:18:
         c8:f3:97:57:67:1e:d0:a4:63:3f:1d:a1:6a:23:6e:5a:2f:a6:
         31:4b:da:c8:4b:20:e6:ce:db:39:aa:ce:00:a7:7f:48:e9:56:
         5e:b4:f8:e5:69:f4:e5:a4:5a:77:21:85:a0:94:0e:c8:2a:17:
         c6:54:1c:90:43:dc:e0:49:d7:e6:d7:e8:fd:b4:c0:b0:81:92:
         8f:cd:e2:da:ac:7e:31:d4:be:fd:99:e8:78:62:de:8d:34:7c:
         62:67:d7:34:6e:64:fd:11:7d:f7:05:f5:4d:c1:0b:75:a6:25:
         84:45:5e:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYSscJDQZ5JAnCwBKLST0zqJsdUgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjVaFw0yNTEwMjgxNTQzMjVaMDMxMTAvBgNV
BAMTKEVDMTBERUFFNTAzMkM1NzREM0ZCRUJCN0VCN0FCN0I2QzdGQURBODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTpqcqfBBCRB1CHDO7Z3Lxe2Gp
l/eRV9y0vKpjRH9cCnoqYuYZ7MFnXY39ttmTr2jJ1SPr5m2S2xgojYfNk9zwfCrv
iMO8vIjFjJW4A1QKfa5YITpBHCq7ZosXa8Po3kzeY70EUxn+jHiwtyzo6od7puLN
TqvvVJxrYzqoXa3ZCKP9fYd8mT8AJf5e4q7a9wDT7Yqm5spc74/5IGkTTsBcSfq/
wL+uM7e3L7FowypODV7QUmlUd5NvWrGOzWQjFDNau8PE+EaMisP5PGn6bQBFX/mx
rlECNYJ3G5HazslEO5KkNVjFYTkB43mcfapvOKolXcj7UkzlGMWAPd3AyxXVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7BDerlAyxXTT++u363q3tsf62oQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA2MDkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQti
MA0GCSqGSIb3DQEBCwUAA4IBAQCu0wxWjTXbc/J4msocPKsgoPtJNipOIlGs1mNc
1hBNFXDkoOkmBWkxTA56bq42OoSsh7VzKDCqeJwOQ+TMoS7fRalomad56z1wlGLz
2JD4yNaGNvw3LFgqKcOHCJne9UNufxMfapvEvsgYpVyF1rp1sVrrYFBUGT06lQcJ
jW7zBhF0wvfhJTaMUSAH6aGBCRjI85dXZx7QpGM/HaFqI25aL6YxS9rISyDmzts5
qs4Ap39I6VZetPjlafTlpFp3IYWglA7IKhfGVByQQ9zgSdfm1+j9tMCwgZKPzeLa
rH4x1L79meh4Yt6NNHxiZ9c0bmT9EX33BfVNwQt1piWERV6n
-----END CERTIFICATE-----