Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209181.roa
File:                     AS209181.roa (raw, json)
Hash identifier:          0/A493QHD3BbdtJUzDtRekkWQcyCU6T2RAJnM7HvyhE=
Subject key identifier:   A7:E5:46:E4:45:F1:08:86:44:7E:BC:91:F1:48:E0:DE:BC:BA:3D:85
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6FAF5AD2C8E9CB6EFAE3F96CCD76C432F305FF7F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209181.roa
Signing time:             Tue 29 Oct 2024 15:43:25 +0000
ROA not before:           Tue 29 Oct 2024 15:38:25 +0000
ROA not after:            Tue 28 Oct 2025 15:43:25 +0000
asID:                     209181
IP address blocks:        141.11.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:af:5a:d2:c8:e9:cb:6e:fa:e3:f9:6c:cd:76:c4:32:f3:05:ff:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 29 15:38:25 2024 GMT
            Not After : Oct 28 15:43:25 2025 GMT
        Subject: CN=A7E546E445F10886447EBC91F148E0DEBCBA3D85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:73:e3:e9:1f:b4:a7:ac:f4:24:87:c0:e2:c0:
                    07:f7:bc:ca:32:e5:3b:86:b0:00:4c:74:df:15:41:
                    ad:a7:2b:04:35:c1:83:59:4c:1b:07:65:73:bd:a9:
                    84:48:a3:66:33:ab:ae:c3:d2:6b:f0:67:3b:58:ee:
                    a8:f0:ad:e8:64:0a:48:0b:c8:78:8b:7d:32:3f:74:
                    5c:1f:f8:05:7c:fd:27:27:35:49:9e:dc:63:a8:1d:
                    6f:64:2a:b4:30:2a:7a:fb:ca:ca:50:7e:b7:02:8e:
                    62:a4:77:05:7f:da:1f:e8:77:3e:46:05:58:2a:af:
                    0c:cd:7f:79:8d:0e:16:cc:ac:d5:c6:5e:21:fd:08:
                    7b:c4:4b:27:db:6b:a6:08:2b:58:85:15:bd:c2:db:
                    3f:2c:ca:72:5a:63:19:7d:9c:a9:77:b8:86:fa:15:
                    86:25:4e:d5:6d:40:7f:22:71:eb:a6:16:f1:d9:25:
                    06:e6:33:72:16:a5:3a:41:88:00:37:33:ae:26:90:
                    fc:51:2e:45:34:4f:b3:de:92:c8:69:33:bb:1b:ad:
                    03:89:68:50:a8:e0:98:2e:3e:ea:c2:4d:0c:2c:73:
                    7f:7c:ff:6b:01:0a:18:88:15:0e:36:0f:be:27:a9:
                    1d:cf:8d:f3:65:e8:d3:f1:fb:3f:06:e0:db:91:56:
                    36:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E5:46:E4:45:F1:08:86:44:7E:BC:91:F1:48:E0:DE:BC:BA:3D:85
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:43:42:b1:18:c2:38:eb:86:25:c0:6e:2a:24:23:da:8e:3a:
         ab:df:a4:ec:9e:99:d7:14:7a:f1:43:de:b3:5d:45:5e:8d:10:
         bf:5b:b1:d1:9d:67:78:10:6e:01:8a:4e:0a:d9:eb:91:6c:d7:
         7a:0c:20:1a:da:55:4b:7f:cc:db:ac:67:80:25:27:75:63:fa:
         e9:c9:d0:7c:c4:81:6b:4b:01:78:46:8a:2a:f0:08:a6:31:04:
         2c:46:bb:b2:00:34:15:45:04:99:72:ed:8e:4d:c3:7c:4a:20:
         36:c6:38:54:2d:0a:c9:43:a8:de:fe:ab:25:f7:ba:cb:aa:d2:
         ed:8d:41:41:80:d9:63:6e:2b:c5:7f:24:0b:ed:8e:c9:62:b3:
         47:8b:89:5a:7a:ed:0f:96:05:c9:aa:80:2b:61:21:01:23:53:
         2c:38:d3:cf:0e:37:a1:23:90:4a:1c:84:e7:d7:38:8e:8c:b3:
         5b:b8:db:3a:f9:63:ca:9e:ed:65:86:16:1b:3d:c7:26:cf:b0:
         69:4f:04:25:cc:73:cc:2c:b2:b8:bf:df:03:a1:5e:82:24:ae:
         35:99:0a:0f:bc:4e:5b:9b:c5:0d:98:e8:90:56:3d:95:9c:c9:
         60:22:8d:2e:e9:31:75:41:22:22:f8:e6:c6:3d:f1:4b:5c:1f:
         5c:9b:4a:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUb69a0sjpy2764/lszXbEMvMF/38wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMjkxNTM4MjVaFw0yNTEwMjgxNTQzMjVaMDMxMTAvBgNV
BAMTKEE3RTU0NkU0NDVGMTA4ODY0NDdFQkM5MUYxNDhFMERFQkNCQTNEODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpc+PpH7SnrPQkh8DiwAf3vMoy
5TuGsABMdN8VQa2nKwQ1wYNZTBsHZXO9qYRIo2Yzq67D0mvwZztY7qjwrehkCkgL
yHiLfTI/dFwf+AV8/ScnNUme3GOoHW9kKrQwKnr7yspQfrcCjmKkdwV/2h/odz5G
BVgqrwzNf3mNDhbMrNXGXiH9CHvESyfba6YIK1iFFb3C2z8synJaYxl9nKl3uIb6
FYYlTtVtQH8iceumFvHZJQbmM3IWpTpBiAA3M64mkPxRLkU0T7PekshpM7sbrQOJ
aFCo4JguPurCTQwsc398/2sBChiIFQ42D74nqR3PjfNl6NPx+z8G4NuRVjYRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUp+VG5EXxCIZEfryR8Ujg3ry6PYUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA5MTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsp
MA0GCSqGSIb3DQEBCwUAA4IBAQCsQ0KxGMI464YlwG4qJCPajjqr36TsnpnXFHrx
Q96zXUVejRC/W7HRnWd4EG4Bik4K2euRbNd6DCAa2lVLf8zbrGeAJSd1Y/rpydB8
xIFrSwF4Rooq8AimMQQsRruyADQVRQSZcu2OTcN8SiA2xjhULQrJQ6je/qsl97rL
qtLtjUFBgNljbivFfyQL7Y7JYrNHi4laeu0PlgXJqoArYSEBI1MsONPPDjehI5BK
HITn1ziOjLNbuNs6+WPKnu1lhhYbPccmz7BpTwQlzHPMLLK4v98DoV6CJK41mQoP
vE5bm8UNmOiQVj2VnMlgIo0u6TF1QSIi+ObGPfFLXB9cm0rt
-----END CERTIFICATE-----