Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209181.roa
File:                     AS209181.roa (raw, json)
Hash identifier:          2Lx3Vw3WlOA+AwQEeGJxbG/quMr9PIsY6/C3bEtd8Tg=
Subject key identifier:   5D:63:66:22:ED:C2:4E:F4:4F:66:FF:DA:1B:D6:AB:FC:47:D9:45:A9
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3696B5AD6B181E29918267217206353DC77A8F4A
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209181.roa
Signing time:             Tue 28 Nov 2023 15:05:06 +0000
ROA not before:           Tue 28 Nov 2023 15:00:06 +0000
ROA not after:            Tue 26 Nov 2024 15:05:06 +0000
asID:                     209181
IP address blocks:        141.11.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:96:b5:ad:6b:18:1e:29:91:82:67:21:72:06:35:3d:c7:7a:8f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 28 15:00:06 2023 GMT
            Not After : Nov 26 15:05:06 2024 GMT
        Subject: CN=5D636622EDC24EF44F66FFDA1BD6ABFC47D945A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8f:2c:e0:90:b6:77:26:bc:1c:39:30:b3:2e:
                    6a:0b:2f:f9:34:6a:ea:0f:d5:04:da:94:a7:44:a1:
                    25:5d:3e:70:c5:26:ec:cf:2c:93:41:e2:b7:b1:8d:
                    73:bf:6f:5a:a6:bb:83:3a:83:46:56:0b:99:49:5b:
                    70:0c:90:12:f3:83:15:cd:08:6b:b5:6e:44:3e:ec:
                    b0:62:bb:d9:0e:75:36:3e:0c:12:9e:c0:76:0e:e0:
                    ec:bd:10:da:8e:1b:b1:16:61:ce:23:40:30:7c:45:
                    f1:a9:e8:e3:80:bc:10:c6:28:a0:26:cf:ef:67:11:
                    9e:26:b8:b3:12:3b:9c:fa:95:c1:ca:c3:81:ad:60:
                    f9:ab:e5:bd:28:06:94:c3:be:10:ff:80:4a:3d:cd:
                    b5:8f:e9:62:4b:f7:2d:e6:00:77:5c:6a:a0:01:2f:
                    9c:8d:20:df:82:99:64:3e:cb:04:2a:47:fd:78:83:
                    e0:1e:cd:a2:68:a1:62:16:93:fb:73:51:22:f3:ba:
                    94:5f:21:59:1d:46:1c:10:e3:39:18:4f:17:f7:29:
                    dc:09:8b:88:f7:a2:4c:54:5c:30:87:1d:f2:3b:c2:
                    04:09:de:0c:29:83:51:b4:d7:6c:ab:ea:35:c8:fa:
                    e5:b5:71:01:5f:9d:ed:e2:d6:5b:ca:aa:7d:b7:4e:
                    f7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:63:66:22:ED:C2:4E:F4:4F:66:FF:DA:1B:D6:AB:FC:47:D9:45:A9
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:16:b4:4c:8d:a5:56:87:16:47:60:e2:18:cb:4d:79:dd:b3:
         a1:82:d9:5b:73:06:e5:2f:90:a9:2c:81:e5:99:0a:95:e0:f6:
         09:a9:24:a3:45:0c:9e:23:3a:53:df:4e:f3:6c:b9:1b:c8:66:
         5a:17:f2:ef:9b:f7:33:35:33:04:18:43:02:44:81:0a:e0:f5:
         a1:f6:38:4c:fb:f5:ea:ff:60:d1:e2:6e:64:79:20:17:e0:7a:
         29:e7:6e:e5:07:a4:23:27:58:72:be:2b:fc:8a:27:a7:92:3f:
         da:fd:96:dc:e8:9d:4a:3a:bb:43:16:c4:bc:a8:b3:06:a9:5d:
         89:ea:d4:27:99:73:0a:df:4d:19:4e:f5:60:3a:b2:ae:29:30:
         e1:20:5a:43:1d:24:34:4a:30:34:e9:8b:78:86:00:c2:18:9e:
         eb:78:89:32:cc:20:db:56:30:55:2f:1a:f0:a1:82:61:9e:3d:
         63:bd:fd:f4:58:32:33:6e:b8:de:84:55:cd:02:f8:ae:fc:af:
         63:b0:1a:89:9e:8e:1a:be:e1:37:eb:38:b4:2b:5c:ab:61:0b:
         da:5f:b6:52:b1:ab:81:93:24:8f:4c:3d:ac:c5:05:34:4c:9e:
         33:93:bb:23:e3:a6:ef:7c:3e:c7:fc:65:64:b4:73:35:12:27:
         77:c0:66:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNpa1rWsYHimRgmchcgY1Pcd6j0owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMjgxNTAwMDZaFw0yNDExMjYxNTA1MDZaMDMxMTAvBgNV
BAMTKDVENjM2NjIyRURDMjRFRjQ0RjY2RkZEQTFCRDZBQkZDNDdEOTQ1QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3jyzgkLZ3JrwcOTCzLmoLL/k0
auoP1QTalKdEoSVdPnDFJuzPLJNB4rexjXO/b1qmu4M6g0ZWC5lJW3AMkBLzgxXN
CGu1bkQ+7LBiu9kOdTY+DBKewHYO4Oy9ENqOG7EWYc4jQDB8RfGp6OOAvBDGKKAm
z+9nEZ4muLMSO5z6lcHKw4GtYPmr5b0oBpTDvhD/gEo9zbWP6WJL9y3mAHdcaqAB
L5yNIN+CmWQ+ywQqR/14g+AezaJooWIWk/tzUSLzupRfIVkdRhwQ4zkYTxf3KdwJ
i4j3okxUXDCHHfI7wgQJ3gwpg1G012yr6jXI+uW1cQFfne3i1lvKqn23TveTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXWNmIu3CTvRPZv/aG9ar/EfZRakwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA5MTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsp
MA0GCSqGSIb3DQEBCwUAA4IBAQBFFrRMjaVWhxZHYOIYy0153bOhgtlbcwblL5Cp
LIHlmQqV4PYJqSSjRQyeIzpT307zbLkbyGZaF/Lvm/czNTMEGEMCRIEK4PWh9jhM
+/Xq/2DR4m5keSAX4Hop527lB6QjJ1hyviv8iienkj/a/Zbc6J1KOrtDFsS8qLMG
qV2J6tQnmXMK300ZTvVgOrKuKTDhIFpDHSQ0SjA06Yt4hgDCGJ7reIkyzCDbVjBV
LxrwoYJhnj1jvf30WDIzbrjehFXNAviu/K9jsBqJno4avuE36zi0K1yrYQvaX7ZS
sauBkySPTD2sxQU0TJ4zk7sj46bvfD7H/GVktHM1Eid3wGac
-----END CERTIFICATE-----