Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          ZzcVxmWGUrZ2SrHyFiR1VO9KIhxXkO4moIuF0rVKLwE=
Subject key identifier:   71:C9:27:D1:56:1B:37:7D:2F:89:E2:5C:59:2E:70:AB:38:62:F7:BA
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       29D6DAB8062653466651B2F81A8BC49BDA5D6EAA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209242.roa
Signing time:             Wed 02 Oct 2024 17:43:22 +0000
ROA not before:           Wed 02 Oct 2024 17:38:22 +0000
ROA not after:            Wed 01 Oct 2025 17:43:22 +0000
asID:                     209242
IP address blocks:        141.11.194.0/23 maxlen: 24
                          141.11.202.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:d6:da:b8:06:26:53:46:66:51:b2:f8:1a:8b:c4:9b:da:5d:6e:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct  2 17:38:22 2024 GMT
            Not After : Oct  1 17:43:22 2025 GMT
        Subject: CN=71C927D1561B377D2F89E25C592E70AB3862F7BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:bd:45:87:5b:91:11:65:9a:b0:44:32:3d:c9:
                    8b:9f:41:cc:f0:0e:c1:24:6e:ae:58:00:e0:ea:15:
                    cf:06:e8:1a:00:50:d0:7d:1e:cc:31:20:cf:ce:1b:
                    d0:6f:2c:b3:50:1d:f4:29:f8:c8:dd:ac:10:d3:dd:
                    31:0a:78:bf:70:5f:ad:e1:43:4c:4f:26:09:a6:ef:
                    d9:52:f5:a3:31:77:f9:8e:fa:00:55:1d:2d:b0:4a:
                    85:38:42:fa:e9:8b:e4:9d:95:36:13:80:61:ac:9a:
                    60:18:b4:7a:fa:fc:d4:5d:37:52:25:17:b9:b1:32:
                    f7:47:a1:34:f0:ed:3e:b2:e1:5c:ca:02:ce:32:18:
                    db:68:e1:0a:9a:f3:d8:75:dc:da:6e:29:f3:4e:dd:
                    c0:f5:b5:4d:70:65:60:90:6d:fe:38:5d:24:87:22:
                    5e:5f:89:69:1b:d6:dc:6f:6e:76:d3:8a:3e:a2:e4:
                    1a:a3:79:b4:f5:08:80:dc:3c:42:c1:82:c9:3f:10:
                    4e:a5:08:ec:44:05:cc:a9:23:86:09:79:6e:30:3f:
                    6f:6d:5b:ed:c6:62:f8:63:22:33:5b:2a:66:dd:f5:
                    11:21:18:a8:b5:67:42:2d:c7:32:74:22:aa:af:2a:
                    30:4b:ba:4f:a6:98:50:b5:0f:08:a8:fe:4f:86:0e:
                    76:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C9:27:D1:56:1B:37:7D:2F:89:E2:5C:59:2E:70:AB:38:62:F7:BA
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.194.0/23
                  141.11.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:a0:c9:27:5a:1b:34:5e:b8:50:45:7b:83:18:fc:5d:1d:97:
         91:7e:8c:18:dc:3e:49:e1:9b:94:dc:66:1a:ff:d4:b2:11:3b:
         bb:93:9b:6f:15:d1:bd:6f:06:74:15:34:fd:2f:1e:af:f3:97:
         d6:97:28:d5:4a:fb:05:54:ba:cd:45:84:b7:06:97:99:be:3c:
         1a:5f:a6:b2:3c:da:d1:8c:64:6a:8c:2c:21:d4:d9:cf:4d:59:
         16:e6:2f:77:b9:03:06:45:98:2c:95:da:ce:4a:5b:c1:d0:4d:
         54:15:31:33:fc:31:76:19:26:e4:7b:36:50:07:29:01:f1:dd:
         93:c9:32:24:5d:e7:38:23:c9:e6:fb:0c:12:fa:d9:cd:62:03:
         11:af:61:2e:dc:f2:4c:28:f2:72:00:e8:53:6b:23:67:a6:74:
         79:57:33:ab:11:b4:70:89:49:a7:64:bb:94:ae:29:90:ee:0c:
         0f:cf:53:fa:91:f8:8c:69:b9:40:9b:00:b2:59:c6:c8:a4:e6:
         87:a2:5d:96:da:41:0c:c5:04:ab:53:db:5b:30:35:a3:93:68:
         f0:6e:95:fd:e6:ea:84:cb:45:00:a3:0a:bf:8b:63:7f:8b:f9:
         a7:bd:0f:12:3c:44:67:ed:8f:92:65:37:80:d7:d1:a2:73:e4:
         b4:1d:25:64
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKdbauAYmU0ZmUbL4GovEm9pdbqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMDIxNzM4MjJaFw0yNTEwMDExNzQzMjJaMDMxMTAvBgNV
BAMTKDcxQzkyN0QxNTYxQjM3N0QyRjg5RTI1QzU5MkU3MEFCMzg2MkY3QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPvUWHW5ERZZqwRDI9yYufQczw
DsEkbq5YAODqFc8G6BoAUNB9HswxIM/OG9BvLLNQHfQp+MjdrBDT3TEKeL9wX63h
Q0xPJgmm79lS9aMxd/mO+gBVHS2wSoU4Qvrpi+SdlTYTgGGsmmAYtHr6/NRdN1Il
F7mxMvdHoTTw7T6y4VzKAs4yGNto4Qqa89h13NpuKfNO3cD1tU1wZWCQbf44XSSH
Il5fiWkb1txvbnbTij6i5BqjebT1CIDcPELBgsk/EE6lCOxEBcypI4YJeW4wP29t
W+3GYvhjIjNbKmbd9REhGKi1Z0ItxzJ0IqqvKjBLuk+mmFC1Dwio/k+GDnafAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUcckn0VYbN30vieJcWS5wqzhi97owHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBjQvC
AwQBjQvKMA0GCSqGSIb3DQEBCwUAA4IBAQCjoMknWhs0XrhQRXuDGPxdHZeRfowY
3D5J4ZuU3GYa/9SyETu7k5tvFdG9bwZ0FTT9Lx6v85fWlyjVSvsFVLrNRYS3BpeZ
vjwaX6ayPNrRjGRqjCwh1NnPTVkW5i93uQMGRZgsldrOSlvB0E1UFTEz/DF2GSbk
ezZQBykB8d2TyTIkXec4I8nm+wwS+tnNYgMRr2Eu3PJMKPJyAOhTayNnpnR5VzOr
EbRwiUmnZLuUrimQ7gwPz1P6kfiMablAmwCyWcbIpOaHol2W2kEMxQSrU9tbMDWj
k2jwbpX95uqEy0UAowq/i2N/i/mnvQ8SPERn7Y+SZTeA19Gic+S0HSVk
-----END CERTIFICATE-----