Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          kXAaMo561OLGIjLyHxKd47/AhC7tJ9cZcvX5HmanGoA=
Subject key identifier:   72:38:C2:FD:05:09:62:53:F7:DF:37:4D:2B:46:08:2A:75:21:28:53
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4085A117F59C7C6E9DC8C5A49A78663BA4211B2D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209242.roa
Signing time:             Wed 01 Nov 2023 16:56:05 +0000
ROA not before:           Wed 01 Nov 2023 16:51:05 +0000
ROA not after:            Wed 30 Oct 2024 16:56:05 +0000
asID:                     209242
IP address blocks:        141.11.194.0/23 maxlen: 24
                          141.11.202.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:85:a1:17:f5:9c:7c:6e:9d:c8:c5:a4:9a:78:66:3b:a4:21:1b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov  1 16:51:05 2023 GMT
            Not After : Oct 30 16:56:05 2024 GMT
        Subject: CN=7238C2FD05096253F7DF374D2B46082A75212853
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a1:6d:3d:42:a3:7c:d8:62:c4:57:69:b3:fc:
                    73:e9:89:93:f5:02:3c:83:94:4e:ef:c4:f1:2c:e0:
                    18:f3:85:71:b0:fb:83:b1:23:1c:7c:3a:fb:ba:98:
                    da:f1:3c:ad:d7:3a:10:8a:87:24:5b:df:3d:3f:86:
                    60:7d:d8:24:00:dd:05:43:fa:08:ec:e3:c7:4d:ad:
                    e7:78:8c:e2:c0:7d:ce:dc:e5:cf:6a:4c:55:1d:77:
                    a3:81:d0:e9:f7:56:5b:94:25:bf:c3:81:56:47:1f:
                    c1:be:1c:d6:74:45:e1:2e:ce:f4:e5:42:f9:37:22:
                    e6:06:d4:9c:99:e4:53:a1:e6:9e:4d:c2:96:8b:69:
                    87:08:c3:dd:58:40:26:86:cc:f8:03:ab:64:49:a3:
                    7f:5b:0f:75:4e:1a:1c:d1:9a:a7:7c:2c:2a:fa:70:
                    7d:ba:f3:4e:70:23:42:a4:81:95:6f:99:b7:c1:98:
                    84:6a:d1:fc:25:af:6c:89:c8:73:60:f8:ee:dc:d5:
                    2b:22:3d:a9:30:2a:c4:fb:11:30:d4:5a:44:ee:ae:
                    32:b5:08:57:ec:d2:37:0b:1f:4c:0a:73:7e:c6:d1:
                    86:ad:b6:99:d4:08:e9:60:f6:81:2a:d9:0c:40:cf:
                    e9:26:46:3b:a4:29:a3:e0:06:3e:d3:77:c2:ed:cd:
                    5f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:38:C2:FD:05:09:62:53:F7:DF:37:4D:2B:46:08:2A:75:21:28:53
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.194.0/23
                  141.11.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:7c:5a:10:87:a3:7f:7a:c3:a4:72:7b:58:c1:fb:f2:af:d1:
         35:b7:03:7d:a9:56:60:bb:b4:7f:d8:74:df:62:b2:b0:46:1f:
         73:4a:8e:6b:ed:d1:81:25:80:10:4b:3f:a3:24:3b:64:37:d9:
         6e:9c:2c:a5:7f:78:e7:c7:9d:c0:37:a3:0a:a4:67:e5:d6:44:
         2a:70:c3:31:04:e8:bc:6f:3e:58:ec:8a:bc:b9:0c:f2:dc:6d:
         07:24:57:94:68:b0:f1:c0:17:bf:c3:28:03:b8:3b:0e:3f:c1:
         66:82:24:45:a1:1e:ec:ff:6f:6b:0a:c9:a6:9c:7f:a3:26:54:
         52:42:78:f0:87:c1:a8:04:bf:bd:1a:e0:49:66:fe:a3:6b:c4:
         5c:95:63:8f:e3:5c:3b:0c:24:97:90:af:cf:8a:72:0a:73:ec:
         02:40:ba:4b:a9:0c:91:1b:2e:97:82:16:46:9b:94:4e:36:c7:
         c4:92:99:5b:f7:b2:45:7a:83:b4:06:6d:02:fa:60:6b:70:89:
         4f:43:e0:74:66:85:13:0e:6e:62:48:16:1a:37:44:b7:c2:38:
         79:e0:35:aa:15:40:11:0a:74:a6:69:9b:b0:b0:a8:2f:6e:95:
         c7:83:92:ed:3d:6b:2c:4f:08:df:0e:07:d8:44:40:be:27:ea:
         50:17:cf:d9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUQIWhF/WcfG6dyMWkmnhmO6QhGy0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMDExNjUxMDVaFw0yNDEwMzAxNjU2MDVaMDMxMTAvBgNV
BAMTKDcyMzhDMkZEMDUwOTYyNTNGN0RGMzc0RDJCNDYwODJBNzUyMTI4NTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkoW09QqN82GLEV2mz/HPpiZP1
AjyDlE7vxPEs4BjzhXGw+4OxIxx8Ovu6mNrxPK3XOhCKhyRb3z0/hmB92CQA3QVD
+gjs48dNred4jOLAfc7c5c9qTFUdd6OB0On3VluUJb/DgVZHH8G+HNZ0ReEuzvTl
Qvk3IuYG1JyZ5FOh5p5NwpaLaYcIw91YQCaGzPgDq2RJo39bD3VOGhzRmqd8LCr6
cH26805wI0KkgZVvmbfBmIRq0fwlr2yJyHNg+O7c1SsiPakwKsT7ETDUWkTurjK1
CFfs0jcLH0wKc37G0YattpnUCOlg9oEq2QxAz+kmRjukKaPgBj7Td8LtzV9vAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUcjjC/QUJYlP33zdNK0YIKnUhKFMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBjQvC
AwQBjQvKMA0GCSqGSIb3DQEBCwUAA4IBAQArfFoQh6N/esOkcntYwfvyr9E1twN9
qVZgu7R/2HTfYrKwRh9zSo5r7dGBJYAQSz+jJDtkN9lunCylf3jnx53AN6MKpGfl
1kQqcMMxBOi8bz5Y7Iq8uQzy3G0HJFeUaLDxwBe/wygDuDsOP8FmgiRFoR7s/29r
CsmmnH+jJlRSQnjwh8GoBL+9GuBJZv6ja8RclWOP41w7DCSXkK/PinIKc+wCQLpL
qQyRGy6XghZGm5RONsfEkplb97JFeoO0Bm0C+mBrcIlPQ+B0ZoUTDm5iSBYaN0S3
wjh54DWqFUARCnSmaZuwsKgvbpXHg5LtPWssTwjfDgfYREC+J+pQF8/Z
-----END CERTIFICATE-----