Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa
File:                     AS208226.roa (raw, json)
Hash identifier:          Em9usW4jGvaO66nTXYx+NBCH70qtZ+llXcQA2Zpmi/s=
Subject key identifier:   D5:2A:3A:B6:AF:EB:75:B4:6A:19:C5:26:6D:4F:FF:87:7D:A4:05:4B
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1F57748DCC67A53F97F9EE83A68B33F37FD84540
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa
Signing time:             Tue 28 Nov 2023 15:05:06 +0000
ROA not before:           Tue 28 Nov 2023 15:00:06 +0000
ROA not after:            Tue 26 Nov 2024 15:05:06 +0000
asID:                     208226
IP address blocks:        141.11.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 21:23:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:57:74:8d:cc:67:a5:3f:97:f9:ee:83:a6:8b:33:f3:7f:d8:45:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:06 2023 GMT
            Not After : Nov 26 15:05:06 2024 GMT
        Subject: CN=D52A3AB6AFEB75B46A19C5266D4FFF877DA4054B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:26:9c:10:03:e2:87:80:8f:06:ac:10:9f:ed:
                    03:ad:28:65:a0:4e:5e:6a:b0:1c:fb:ae:16:92:d9:
                    0c:2f:fe:9f:01:3a:9c:d6:8c:be:39:38:bc:9e:a8:
                    3b:f6:10:91:2d:d0:3b:49:3f:89:ed:ce:b1:f6:a8:
                    74:67:94:c0:f0:a4:52:0d:19:4a:ab:56:d4:71:ae:
                    42:e1:05:eb:43:54:33:7b:78:b3:e7:2d:f5:e4:7a:
                    7c:98:c2:1f:bf:44:2a:0d:e6:e9:8a:31:cc:2d:fc:
                    78:87:38:85:fc:6d:71:55:32:fd:45:63:88:8d:45:
                    ed:8b:6e:67:1c:61:ee:14:e2:57:44:b2:08:5d:28:
                    b6:9f:10:6d:9c:e6:df:f9:d7:3b:ba:c3:5a:fa:50:
                    e4:87:89:f3:48:8f:08:df:72:37:2c:50:83:38:af:
                    b5:30:0f:c3:28:17:b0:a5:51:e6:15:b3:90:5e:fe:
                    b0:3e:29:c0:bf:3f:a0:ad:72:6f:bd:65:68:19:e2:
                    63:8a:09:47:e8:89:d2:05:e7:6d:7d:05:6e:d1:7f:
                    a6:99:57:1f:8b:7b:56:1f:0a:eb:0d:fa:3c:29:41:
                    78:68:df:72:18:c7:a5:38:cf:ab:5a:a8:f7:5d:9d:
                    40:93:44:1b:a3:f6:5e:e8:1f:2f:d5:66:a6:38:56:
                    93:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2A:3A:B6:AF:EB:75:B4:6A:19:C5:26:6D:4F:FF:87:7D:A4:05:4B
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:69:cd:2c:8f:44:89:c8:f2:79:ff:d8:68:cc:af:19:77:5d:
         68:e2:a5:35:b9:c4:12:7e:3b:73:22:76:1c:dd:70:3a:12:08:
         1f:35:2f:f7:63:e1:8f:76:b6:43:a5:38:8c:18:f8:f6:7a:4f:
         f9:b6:4a:c3:29:ec:eb:81:d7:02:67:d5:0e:99:b5:4e:3b:4e:
         d4:9f:82:ed:ee:4d:a9:2e:85:86:79:fb:e9:7a:97:9c:83:88:
         65:28:37:01:55:f2:62:09:d5:1a:70:aa:13:e2:d8:0b:8c:ae:
         fb:e4:c8:b4:77:df:00:ad:5c:7a:f9:11:ac:d6:1c:36:22:9e:
         02:d0:1e:ae:de:49:db:46:1f:60:b9:bc:3e:8b:f5:05:78:18:
         ab:b0:b9:bb:d0:b2:d5:5c:f8:67:a6:ab:35:00:ff:1d:af:5f:
         5b:9f:66:af:d7:f2:e9:13:77:a2:84:15:7d:01:db:e1:a5:48:
         47:1a:62:e4:4f:7d:eb:ee:77:be:de:9d:98:46:e7:af:9c:d4:
         e6:27:53:2e:4e:d8:07:4f:87:ed:ed:90:c8:0a:e1:10:1d:e8:
         d5:66:8b:31:db:09:07:06:5f:3e:fa:b0:53:44:10:f0:5b:c2:
         0e:25:4d:a5:a2:49:c0:29:aa:94:bf:27:c9:0c:fc:a0:c3:28:
         51:d5:a6:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUH1d0jcxnpT+X+e6Dposz83/YRUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDZaFw0yNDExMjYxNTA1MDZaMDMxMTAvBgNV
BAMTKEQ1MkEzQUI2QUZFQjc1QjQ2QTE5QzUyNjZENEZGRjg3N0RBNDA1NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJpwQA+KHgI8GrBCf7QOtKGWg
Tl5qsBz7rhaS2Qwv/p8BOpzWjL45OLyeqDv2EJEt0DtJP4ntzrH2qHRnlMDwpFIN
GUqrVtRxrkLhBetDVDN7eLPnLfXkenyYwh+/RCoN5umKMcwt/HiHOIX8bXFVMv1F
Y4iNRe2LbmccYe4U4ldEsghdKLafEG2c5t/51zu6w1r6UOSHifNIjwjfcjcsUIM4
r7UwD8MoF7ClUeYVs5Be/rA+KcC/P6Ctcm+9ZWgZ4mOKCUfoidIF5219BW7Rf6aZ
Vx+Le1YfCusN+jwpQXho33IYx6U4z6taqPddnUCTRBuj9l7oHy/VZqY4VpNBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1So6tq/rdbRqGcUmbU//h32kBUswHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA4MjI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQu5
MA0GCSqGSIb3DQEBCwUAA4IBAQAXac0sj0SJyPJ5/9hozK8Zd11o4qU1ucQSfjtz
InYc3XA6EggfNS/3Y+GPdrZDpTiMGPj2ek/5tkrDKezrgdcCZ9UOmbVOO07Un4Lt
7k2pLoWGefvpepecg4hlKDcBVfJiCdUacKoT4tgLjK775Mi0d98ArVx6+RGs1hw2
Ip4C0B6u3knbRh9gubw+i/UFeBirsLm70LLVXPhnpqs1AP8dr19bn2av1/LpE3ei
hBV9AdvhpUhHGmLkT33r7ne+3p2YRuevnNTmJ1MuTtgHT4ft7ZDICuEQHejVZosx
2wkHBl8++rBTRBDwW8IOJU2loknAKaqUvyfJDPygwyhR1abL
-----END CERTIFICATE-----