Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa
File:                     AS208226.roa (raw, json)
Hash identifier:          gNIP6TJ08AwDS0K/h43loTe8GCL4ixakrvLSl2iFm0E=
Subject key identifier:   48:66:65:AB:90:75:D9:E1:57:77:F6:26:CE:0F:85:FF:3F:D0:0C:67
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1780DB4AB036733D31CD65EFC05A724DD35A2DE6
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa
Signing time:             Tue 29 Oct 2024 15:43:25 +0000
ROA not before:           Tue 29 Oct 2024 15:38:25 +0000
ROA not after:            Tue 28 Oct 2025 15:43:25 +0000
asID:                     208226
IP address blocks:        141.11.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:80:db:4a:b0:36:73:3d:31:cd:65:ef:c0:5a:72:4d:d3:5a:2d:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:25 2024 GMT
            Not After : Oct 28 15:43:25 2025 GMT
        Subject: CN=486665AB9075D9E15777F626CE0F85FF3FD00C67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2c:bb:23:cb:b3:df:1a:ba:57:e4:19:15:ee:
                    e5:cf:18:25:e0:70:bb:4a:e2:1f:fc:a8:f9:73:f6:
                    dd:ec:33:a5:18:24:48:2e:bb:38:83:53:e0:6d:b8:
                    23:7c:fd:74:9b:96:28:17:44:e1:42:7a:a9:81:7c:
                    e1:36:d2:51:68:27:62:ad:bf:65:ac:d0:0b:e3:fb:
                    9d:0d:d3:ff:94:40:f6:5f:36:fc:60:51:6a:ac:68:
                    77:1c:08:bc:34:4d:70:2f:28:d5:a6:33:71:bb:ec:
                    f8:fd:86:56:6a:06:9a:ff:84:3b:83:e1:41:87:16:
                    a5:14:dd:6d:1a:9e:43:fb:89:ed:ee:ef:ac:1b:4a:
                    1a:e0:ea:4f:74:d6:fc:7d:35:41:f0:f7:61:82:cf:
                    35:ba:5f:bb:b3:aa:11:6b:e1:c5:ed:a6:ed:d4:e7:
                    1c:07:bf:6c:10:bd:bb:7d:cf:2d:cf:aa:07:07:55:
                    03:22:93:08:e0:5a:d3:c1:d6:90:f1:5f:4b:f5:32:
                    37:d9:dd:cf:47:3c:a5:f7:11:26:07:c3:56:6a:6a:
                    cc:e8:c9:bd:36:8a:7f:79:a8:0a:3b:fe:e2:83:e6:
                    1c:da:de:f7:56:01:b0:3f:b9:1e:06:f7:65:c3:e9:
                    13:be:8b:64:bc:7a:fb:69:0f:b0:1b:8d:18:41:9a:
                    9c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:66:65:AB:90:75:D9:E1:57:77:F6:26:CE:0F:85:FF:3F:D0:0C:67
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS208226.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:58:cb:e5:78:9e:36:e7:c6:ce:e6:dc:53:6c:8d:0b:05:09:
         4d:de:21:b7:92:de:4e:6c:2f:be:f3:27:a0:7e:92:59:b9:1e:
         dc:0e:c6:7a:61:c2:27:c5:6a:04:88:c2:fb:4c:4b:c3:e3:92:
         90:e7:ff:6e:78:d1:9a:4a:b9:18:fe:f3:8c:42:34:64:cb:50:
         a9:39:6b:c5:a9:1b:e6:c2:3f:29:1d:5a:ec:2d:58:41:0a:24:
         b8:1f:38:d1:3f:14:ba:77:6e:bf:08:1d:b0:88:76:5e:84:ba:
         f2:df:f2:b2:ef:81:ab:59:8d:1b:79:94:d5:0b:40:89:1d:95:
         8e:96:f2:d0:80:b1:a3:45:c9:57:eb:9e:d3:ce:f9:d8:4d:b3:
         03:4b:b7:82:2c:b2:ba:97:ee:2e:3f:99:9e:e8:3c:b0:3d:af:
         04:69:d5:60:3e:7a:ec:eb:07:76:0d:a5:17:b5:41:22:25:c2:
         39:3e:91:11:75:b3:8a:d1:10:25:aa:a8:ad:02:98:12:58:58:
         0d:c3:0f:0a:50:d6:93:ec:ba:92:92:c4:dd:32:8e:4a:b8:f1:
         bb:cd:90:d0:5d:8a:92:c7:f7:7f:b6:42:b8:e2:e7:f6:e2:3a:
         9b:e8:f6:c9:21:81:63:cc:bb:cb:e0:dd:e4:38:33:17:af:fa:
         0c:ee:3d:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUF4DbSrA2cz0xzWXvwFpyTdNaLeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjVaFw0yNTEwMjgxNTQzMjVaMDMxMTAvBgNV
BAMTKDQ4NjY2NUFCOTA3NUQ5RTE1Nzc3RjYyNkNFMEY4NUZGM0ZEMDBDNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqLLsjy7PfGrpX5BkV7uXPGCXg
cLtK4h/8qPlz9t3sM6UYJEguuziDU+BtuCN8/XSbligXROFCeqmBfOE20lFoJ2Kt
v2Ws0Avj+50N0/+UQPZfNvxgUWqsaHccCLw0TXAvKNWmM3G77Pj9hlZqBpr/hDuD
4UGHFqUU3W0ankP7ie3u76wbShrg6k901vx9NUHw92GCzzW6X7uzqhFr4cXtpu3U
5xwHv2wQvbt9zy3PqgcHVQMikwjgWtPB1pDxX0v1MjfZ3c9HPKX3ESYHw1Zqaszo
yb02in95qAo7/uKD5hza3vdWAbA/uR4G92XD6RO+i2S8evtpD7AbjRhBmpwzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUSGZlq5B12eFXd/Ymzg+F/z/QDGcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA4MjI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQu5
MA0GCSqGSIb3DQEBCwUAA4IBAQDGWMvleJ4258bO5txTbI0LBQlN3iG3kt5ObC++
8yegfpJZuR7cDsZ6YcInxWoEiML7TEvD45KQ5/9ueNGaSrkY/vOMQjRky1CpOWvF
qRvmwj8pHVrsLVhBCiS4HzjRPxS6d26/CB2wiHZehLry3/Ky74GrWY0beZTVC0CJ
HZWOlvLQgLGjRclX657TzvnYTbMDS7eCLLK6l+4uP5me6DywPa8EadVgPnrs6wd2
DaUXtUEiJcI5PpERdbOK0RAlqqitApgSWFgNww8KUNaT7LqSksTdMo5KuPG7zZDQ
XYqSx/d/tkK44uf24jqb6PbJIYFjzLvL4N3kODMXr/oM7j1A
-----END CERTIFICATE-----