Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206286.roa
File:                     AS206286.roa (raw, json)
Hash identifier:          NpO6wSRlXLWXq8wekcQZbPVns7KT0cghhuXaovglHBg=
Subject key identifier:   36:7A:4E:BB:C8:DC:2E:50:58:FA:0E:38:2D:01:8C:4B:65:CC:4C:70
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6AF4BEC28DC317FBB9CDB6C8C04B2F6CF654F087
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206286.roa
Signing time:             Mon 26 Aug 2024 18:50:54 +0000
ROA not before:           Mon 26 Aug 2024 18:45:54 +0000
ROA not after:            Mon 25 Aug 2025 18:50:54 +0000
asID:                     206286
IP address blocks:        141.11.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:f4:be:c2:8d:c3:17:fb:b9:cd:b6:c8:c0:4b:2f:6c:f6:54:f0:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 26 18:45:54 2024 GMT
            Not After : Aug 25 18:50:54 2025 GMT
        Subject: CN=367A4EBBC8DC2E5058FA0E382D018C4B65CC4C70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7f:76:6f:d5:be:c9:49:55:fa:71:0c:3a:de:
                    ed:00:9f:ad:50:3b:68:2e:67:80:00:e5:b9:b0:b3:
                    0d:f2:40:ce:3d:0b:5f:03:1c:11:e7:ee:07:00:a6:
                    3d:45:5e:7d:ab:47:a2:54:49:cb:c6:58:cd:8b:56:
                    2e:a3:c0:cb:8a:4d:8a:9e:61:53:42:ac:15:28:fe:
                    d6:9d:21:db:29:6a:cc:e3:49:62:65:10:e5:5b:f4:
                    ff:07:26:af:09:fd:75:71:2e:ac:a9:76:64:d1:fa:
                    24:f7:72:00:ed:e8:7d:7f:ea:83:0a:92:29:8d:7d:
                    ff:ad:71:03:b2:dd:40:34:9f:4d:49:45:d7:dc:8a:
                    01:78:12:b6:94:85:ac:f5:35:6f:28:94:ac:e5:12:
                    77:39:5c:e4:96:49:e3:74:8d:34:ab:b4:34:49:b1:
                    0e:08:03:4a:6b:b2:a7:59:8c:51:13:c4:fd:a0:bf:
                    16:03:f7:95:ff:ec:93:06:fe:27:be:ba:8d:60:03:
                    61:4f:b3:cc:50:fe:2d:36:ae:97:4c:f9:af:3e:a6:
                    ec:1f:0a:97:03:ba:c9:ef:36:28:53:4e:eb:3a:a8:
                    e9:e1:46:46:cb:c1:63:66:36:6c:52:1e:36:22:d3:
                    c3:3d:6f:11:d5:f1:f3:bf:65:8d:29:5e:61:6c:90:
                    92:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:7A:4E:BB:C8:DC:2E:50:58:FA:0E:38:2D:01:8C:4B:65:CC:4C:70
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206286.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:3a:8e:e0:c3:b9:4c:03:58:9e:e2:92:4d:d3:d2:48:86:44:
         78:f2:10:de:e8:4a:0d:07:b5:9e:31:90:3e:f4:59:56:e2:da:
         b0:c8:da:d0:f0:9b:54:00:36:c8:32:9a:85:4c:98:a6:fe:b3:
         d4:30:34:c5:5d:8f:ba:22:1f:9f:cc:53:9b:49:08:d9:66:2a:
         61:61:fa:47:ea:80:5f:d4:57:1d:97:68:17:c2:28:1a:dd:67:
         60:65:1c:b1:31:3e:bc:d9:0b:47:86:57:1a:35:8b:8b:9d:83:
         9a:17:7e:78:e3:5f:7b:46:46:06:d4:e1:e5:fc:07:d1:d4:1f:
         64:0c:66:3f:41:fa:a6:6d:e6:75:3f:0a:17:a0:16:d7:0e:2e:
         62:75:d9:df:01:39:a5:12:24:3d:ed:f4:42:b8:de:72:1a:6e:
         69:79:90:b8:8a:b1:36:f5:d0:55:75:a4:dc:6b:de:f4:76:69:
         c4:be:4d:3c:8f:a5:e1:29:74:56:ad:f8:4b:94:37:9b:d6:d3:
         f5:7c:cb:8a:8d:9d:54:41:0f:81:fb:61:45:f4:3e:6f:5f:39:
         a1:f1:80:e6:a0:57:14:2a:7b:15:ae:3a:bf:55:5b:ca:c1:c5:
         90:0d:1f:cf:c1:90:a8:71:fe:08:d0:a5:a2:ce:52:18:a0:38:
         5f:14:8f:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUavS+wo3DF/u5zbbIwEsvbPZU8IcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA4MjYxODQ1NTRaFw0yNTA4MjUxODUwNTRaMDMxMTAvBgNV
BAMTKDM2N0E0RUJCQzhEQzJFNTA1OEZBMEUzODJEMDE4QzRCNjVDQzRDNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHf3Zv1b7JSVX6cQw63u0An61Q
O2guZ4AA5bmwsw3yQM49C18DHBHn7gcApj1FXn2rR6JUScvGWM2LVi6jwMuKTYqe
YVNCrBUo/tadIdspaszjSWJlEOVb9P8HJq8J/XVxLqypdmTR+iT3cgDt6H1/6oMK
kimNff+tcQOy3UA0n01JRdfcigF4EraUhaz1NW8olKzlEnc5XOSWSeN0jTSrtDRJ
sQ4IA0prsqdZjFETxP2gvxYD95X/7JMG/ie+uo1gA2FPs8xQ/i02rpdM+a8+puwf
CpcDusnvNihTTus6qOnhRkbLwWNmNmxSHjYi08M9bxHV8fO/ZY0pXmFskJJnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNnpOu8jcLlBY+g44LQGMS2XMTHAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA2Mjg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt8
MA0GCSqGSIb3DQEBCwUAA4IBAQCBOo7gw7lMA1ie4pJN09JIhkR48hDe6EoNB7We
MZA+9FlW4tqwyNrQ8JtUADbIMpqFTJim/rPUMDTFXY+6Ih+fzFObSQjZZiphYfpH
6oBf1Fcdl2gXwiga3WdgZRyxMT682QtHhlcaNYuLnYOaF3544197RkYG1OHl/AfR
1B9kDGY/QfqmbeZ1PwoXoBbXDi5iddnfATmlEiQ97fRCuN5yGm5peZC4irE29dBV
daTca970dmnEvk08j6XhKXRWrfhLlDeb1tP1fMuKjZ1UQQ+B+2FF9D5vXzmh8YDm
oFcUKnsVrjq/VVvKwcWQDR/PwZCocf4I0KWizlIYoDhfFI97
-----END CERTIFICATE-----