Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa
File:                     AS208226.roa (raw, json)
Hash identifier:          y9o6FnxO1TcRpjI4MDMudHmy2GZkrYoaScW5XEUZ8CQ=
Subject key identifier:   E8:85:4A:4A:F1:DA:3B:4F:E7:BF:63:9B:C5:B4:2D:CE:33:D3:21:49
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0F0A28792F0DF1EB297983D6BA48BD5DDD107F5E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa
Signing time:             Tue 27 Dec 2022 14:44:41 +0000
ROA not before:           Tue 27 Dec 2022 14:39:41 +0000
ROA not after:            Tue 26 Dec 2023 14:44:41 +0000
asID:                     208226
IP address blocks:        141.11.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 03:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:0a:28:79:2f:0d:f1:eb:29:79:83:d6:ba:48:bd:5d:dd:10:7f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec 27 14:39:41 2022 GMT
            Not After : Dec 26 14:44:41 2023 GMT
        Subject: CN=E8854A4AF1DA3B4FE7BF639BC5B42DCE33D32149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ea:04:e0:c9:9a:6c:5c:3f:88:f5:ac:6e:75:
                    19:2a:80:65:06:17:12:17:df:17:f4:39:2d:51:0b:
                    1c:1e:60:9b:e7:d3:fb:49:a0:57:a9:ca:4b:bb:ec:
                    aa:cd:96:b7:15:18:19:0b:a4:e0:25:3f:aa:3f:bd:
                    50:2b:9c:b2:38:a4:28:7c:8b:5c:72:a5:93:06:5b:
                    04:5e:8a:a7:58:83:51:be:58:d9:f9:1f:d7:f0:92:
                    ac:f7:f9:2f:a6:86:55:3c:bc:92:b1:0b:00:86:a4:
                    aa:35:06:fc:bb:91:5c:e3:0c:af:6c:10:e8:a4:2f:
                    28:9e:7e:15:61:1b:74:4b:3f:56:79:c1:7d:5f:71:
                    40:f5:f8:3f:ef:37:09:7c:26:2a:dd:37:20:2b:e7:
                    d2:ab:16:18:87:e5:9f:0a:92:41:e6:58:c5:79:ca:
                    d2:b9:ac:56:ed:80:70:09:21:0a:f7:15:37:61:4d:
                    6b:55:44:9e:16:41:0a:14:c3:da:50:46:27:93:4d:
                    fe:0c:18:ec:aa:39:b6:a1:75:3e:c4:56:2c:b7:fe:
                    1f:d1:8f:64:0a:c8:76:73:40:a5:13:61:ae:c8:a5:
                    26:92:4d:de:38:fd:1a:04:0f:d6:3c:09:aa:7a:b1:
                    70:9f:98:a4:e7:d7:75:a7:3b:53:60:56:76:bc:72:
                    85:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                E8:85:4A:4A:F1:DA:3B:4F:E7:BF:63:9B:C5:B4:2D:CE:33:D3:21:49
            X509v3 Authority Key Identifier: 
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:8a:a6:df:7e:bd:23:5a:2e:0d:69:ca:50:77:2e:27:91:96:
         b4:17:47:01:65:40:0a:fd:a5:2f:80:40:6b:5f:ae:3c:f2:92:
         01:2d:5e:44:de:aa:6f:b6:15:69:67:52:ca:a4:e5:7c:b7:19:
         54:e5:13:27:ca:7a:21:79:6d:5b:ac:91:54:54:eb:48:c5:fd:
         b2:24:20:32:11:11:bd:3f:c7:76:c6:9b:2e:dd:d9:fe:00:d2:
         bb:54:3e:29:a5:82:da:44:96:b2:7c:ac:ca:3b:ec:5e:0f:95:
         e0:75:27:96:04:4c:50:d7:a2:2d:b4:2a:e8:a7:cd:d4:ed:00:
         b5:f5:e9:06:2d:55:43:43:47:24:87:9a:0e:ae:5d:04:91:e1:
         fc:7c:3f:57:3c:9e:7d:59:7b:6c:e7:5c:93:cf:e3:3c:ea:80:
         fb:23:87:b9:9e:9d:a7:3d:75:35:90:b8:12:c8:b1:73:a4:ba:
         df:19:93:4b:95:47:42:2d:07:48:50:88:3e:73:96:67:80:8e:
         f8:ad:64:9b:ea:a5:76:1e:8a:18:66:31:39:e0:f5:2c:f3:f6:
         4e:d4:47:25:af:d9:ef:66:36:57:66:9e:d2:00:90:31:16:60:
         31:b0:4d:be:f8:d9:62:db:b9:c9:27:04:d5:56:ac:e3:96:c6:
         34:c3:36:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDwooeS8N8espeYPWuki9Xd0Qf14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMjEyMjcxNDM5NDFaFw0yMzEyMjYxNDQ0NDFaMDMxMTAvBgNV
BAMTKEU4ODU0QTRBRjFEQTNCNEZFN0JGNjM5QkM1QjQyRENFMzNEMzIxNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC06gTgyZpsXD+I9axudRkqgGUG
FxIX3xf0OS1RCxweYJvn0/tJoFepyku77KrNlrcVGBkLpOAlP6o/vVArnLI4pCh8
i1xypZMGWwReiqdYg1G+WNn5H9fwkqz3+S+mhlU8vJKxCwCGpKo1Bvy7kVzjDK9s
EOikLyiefhVhG3RLP1Z5wX1fcUD1+D/vNwl8JirdNyAr59KrFhiH5Z8KkkHmWMV5
ytK5rFbtgHAJIQr3FTdhTWtVRJ4WQQoUw9pQRieTTf4MGOyqObahdT7EViy3/h/R
j2QKyHZzQKUTYa7IpSaSTd44/RoED9Y8Cap6sXCfmKTn13WnO1NgVna8coUXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6IVKSvHaO0/nv2ObxbQtzjPTIUkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA4MjI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQu5
MA0GCSqGSIb3DQEBCwUAA4IBAQAziqbffr0jWi4NacpQdy4nkZa0F0cBZUAK/aUv
gEBrX6488pIBLV5E3qpvthVpZ1LKpOV8txlU5RMnynoheW1brJFUVOtIxf2yJCAy
ERG9P8d2xpsu3dn+ANK7VD4ppYLaRJayfKzKO+xeD5XgdSeWBExQ16IttCrop83U
7QC19ekGLVVDQ0ckh5oOrl0EkeH8fD9XPJ59WXts51yTz+M86oD7I4e5np2nPXU1
kLgSyLFzpLrfGZNLlUdCLQdIUIg+c5ZngI74rWSb6qV2HooYZjE54PUs8/ZO1Ecl
r9nvZjZXZp7SAJAxFmAxsE2++Nli27nJJwTVVqzjlsY0wzZa
-----END CERTIFICATE-----