Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209988.roa
File:                     AS209988.roa (raw, json)
Hash identifier:          jygmJzkJCcoBwwsmhsTgJWWzRPS1UZV5u4uGXFiFilc=
Subject key identifier:   FB:A0:EC:7E:B4:92:6A:A7:8A:B4:CD:0F:98:B3:1D:90:B3:C4:4B:C5
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1F9C0DBB50EF97C3ED138972C1DE74A9D4026708
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209988.roa
Signing time:             Thu 22 Aug 2024 12:18:03 +0000
ROA not before:           Thu 22 Aug 2024 12:13:03 +0000
ROA not after:            Thu 21 Aug 2025 12:18:03 +0000
asID:                     209988
IP address blocks:        141.11.140.0/23 maxlen: 24
                          141.11.238.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:9c:0d:bb:50:ef:97:c3:ed:13:89:72:c1:de:74:a9:d4:02:67:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 22 12:13:03 2024 GMT
            Not After : Aug 21 12:18:03 2025 GMT
        Subject: CN=FBA0EC7EB4926AA78AB4CD0F98B31D90B3C44BC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:35:a0:36:98:75:a8:04:f0:ae:be:2e:46:31:
                    b9:b1:2e:44:96:9f:59:99:92:71:cd:4d:ab:5d:6c:
                    99:01:04:37:57:44:1e:2e:ea:c8:27:3f:d0:59:ae:
                    92:ec:ab:cf:29:40:6b:ff:dc:ce:07:b1:7a:48:9a:
                    c2:b1:98:8f:b2:a3:8e:0e:11:d7:1e:e2:7e:54:b9:
                    3a:70:e5:63:2f:07:75:af:cb:40:f2:40:3d:e2:10:
                    7c:a1:7b:f9:75:2f:08:83:82:06:de:ec:5f:46:38:
                    5a:b2:4a:d1:40:01:eb:eb:98:c2:c4:82:00:c3:ac:
                    b6:d4:a6:51:56:bb:3f:60:bf:a0:ec:d4:ef:a0:d9:
                    e2:29:bb:c9:92:b3:32:94:f0:d1:fd:27:c8:aa:d8:
                    2f:c5:dd:a2:b3:2b:76:ed:5d:dc:02:10:2c:cc:9a:
                    75:8b:3d:c0:70:14:bc:10:f0:ed:bb:58:5e:a0:00:
                    94:c7:bd:ec:7e:0a:67:4a:63:da:ac:79:fe:a7:e5:
                    26:49:5e:ca:85:04:fe:1f:91:1a:a4:2f:39:94:ae:
                    84:cc:73:36:a2:ec:d3:11:d1:14:f0:e6:58:91:e5:
                    64:35:39:f9:5a:11:77:78:7f:08:56:94:38:91:dd:
                    79:52:66:91:5f:6a:3b:4c:94:55:de:f3:d6:e1:f9:
                    c4:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:A0:EC:7E:B4:92:6A:A7:8A:B4:CD:0F:98:B3:1D:90:B3:C4:4B:C5
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209988.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.140.0/23
                  141.11.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:23:82:a0:13:8e:8f:e6:b0:ee:59:5b:e6:d1:19:83:1f:49:
         42:e7:fe:4c:82:d1:9e:c6:92:6d:8c:8f:80:ba:5a:88:45:c0:
         aa:71:57:df:d6:2e:7e:86:32:61:19:de:56:09:07:72:90:0f:
         27:c6:5f:7d:2c:2b:26:fd:97:d1:b4:18:e4:05:3c:7d:42:4c:
         f0:c2:ba:ea:37:09:09:d6:65:65:40:d8:b3:06:c4:8a:6c:aa:
         c8:59:88:3b:bd:5a:e6:1f:73:47:f0:45:e2:be:64:65:d4:20:
         09:3e:1b:47:be:18:83:ec:4b:ae:f9:fb:0d:64:46:a0:d4:da:
         1e:61:31:b6:11:19:c5:0d:72:bb:10:e6:2d:56:31:23:bd:58:
         1e:7c:05:6d:c5:48:0b:f4:96:24:7c:87:51:bb:99:d3:59:20:
         fa:aa:21:06:4f:d5:55:87:a8:b3:d4:a9:7d:35:be:41:86:c4:
         4d:05:0b:a8:dd:98:06:2c:52:ad:d9:b7:5a:0d:41:ee:a3:3a:
         b1:70:fc:f9:50:82:1b:07:4f:a4:a9:0f:9b:65:62:80:3c:9f:
         3c:51:c1:38:04:81:7d:a0:d1:73:f6:56:cd:3b:ea:76:b5:50:
         32:72:aa:a9:a4:34:c1:63:1b:10:90:07:81:ff:2b:11:60:3d:
         ba:69:d1:aa
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUH5wNu1Dvl8PtE4lywd50qdQCZwgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA4MjIxMjEzMDNaFw0yNTA4MjExMjE4MDNaMDMxMTAvBgNV
BAMTKEZCQTBFQzdFQjQ5MjZBQTc4QUI0Q0QwRjk4QjMxRDkwQjNDNDRCQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBNaA2mHWoBPCuvi5GMbmxLkSW
n1mZknHNTatdbJkBBDdXRB4u6sgnP9BZrpLsq88pQGv/3M4HsXpImsKxmI+yo44O
Edce4n5UuTpw5WMvB3Wvy0DyQD3iEHyhe/l1LwiDggbe7F9GOFqyStFAAevrmMLE
ggDDrLbUplFWuz9gv6Ds1O+g2eIpu8mSszKU8NH9J8iq2C/F3aKzK3btXdwCECzM
mnWLPcBwFLwQ8O27WF6gAJTHvex+CmdKY9qsef6n5SZJXsqFBP4fkRqkLzmUroTM
czai7NMR0RTw5liR5WQ1OflaEXd4fwhWlDiR3XlSZpFfajtMlFXe89bh+cTDAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU+6DsfrSSaqeKtM0PmLMdkLPES8UwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA5OTg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBjQuM
AwQBjQvuMA0GCSqGSIb3DQEBCwUAA4IBAQAxI4KgE46P5rDuWVvm0RmDH0lC5/5M
gtGexpJtjI+AulqIRcCqcVff1i5+hjJhGd5WCQdykA8nxl99LCsm/ZfRtBjkBTx9
QkzwwrrqNwkJ1mVlQNizBsSKbKrIWYg7vVrmH3NH8EXivmRl1CAJPhtHvhiD7Euu
+fsNZEag1NoeYTG2ERnFDXK7EOYtVjEjvVgefAVtxUgL9JYkfIdRu5nTWSD6qiEG
T9VVh6iz1Kl9Nb5BhsRNBQuo3ZgGLFKt2bdaDUHuozqxcPz5UIIbB0+kqQ+bZWKA
PJ88UcE4BIF9oNFz9lbNO+p2tVAycqqppDTBYxsQkAeB/ysRYD26adGq
-----END CERTIFICATE-----