Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29208.roa
File:                     AS29208.roa (raw, json)
Hash identifier:          t9MP0aH+saF+xD9+3YOJfPmpRUXRIQG45fFOub8PVDs=
Subject key identifier:   6B:75:B6:DC:FF:92:4F:2F:C3:4D:D0:0F:5B:D5:72:72:02:D6:07:60
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4D76E91C0467B8091827950A32D4A7E860EA2DC4
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29208.roa
Signing time:             Wed 28 Aug 2024 11:05:19 +0000
ROA not before:           Wed 28 Aug 2024 11:00:19 +0000
ROA not after:            Wed 27 Aug 2025 11:05:19 +0000
asID:                     29208
IP address blocks:        141.11.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:76:e9:1c:04:67:b8:09:18:27:95:0a:32:d4:a7:e8:60:ea:2d:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 28 11:00:19 2024 GMT
            Not After : Aug 27 11:05:19 2025 GMT
        Subject: CN=6B75B6DCFF924F2FC34DD00F5BD5727202D60760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:be:5b:0b:3b:e7:2c:39:cd:c8:09:ec:23:ac:
                    8d:81:4b:38:9e:c1:bb:19:03:00:b2:20:da:c5:5c:
                    7b:c2:86:bc:8a:1c:eb:2e:c3:09:7b:6f:d7:50:f3:
                    1e:7b:3b:eb:dc:7c:65:d6:b1:b3:12:9b:4a:c8:05:
                    25:d3:3a:ae:c5:6c:30:e3:8e:56:9f:36:83:a0:b4:
                    e6:18:3b:16:cc:52:5d:e5:88:a4:f9:d5:8a:37:4f:
                    d5:84:73:96:2a:ce:e0:8d:77:aa:d9:ce:c4:87:36:
                    5a:1f:4d:67:c2:10:38:42:11:21:a2:dd:52:8a:ce:
                    7a:e7:fe:f8:89:80:f9:60:83:4e:ff:e3:e1:31:5e:
                    c5:66:3d:7b:89:c8:3f:95:4c:e8:1f:02:6a:b8:5e:
                    b9:45:59:de:e7:f3:79:9b:af:de:d1:eb:e2:9f:f7:
                    bf:94:56:be:a8:a5:3b:67:c1:9f:11:50:50:34:81:
                    b4:44:91:4e:a7:71:aa:8a:65:3a:c9:e2:7d:5e:83:
                    e6:b0:22:68:4e:39:e9:8b:84:cd:6a:c9:68:f2:39:
                    20:fa:b0:79:4d:ea:b1:63:ba:dd:73:ee:f8:eb:21:
                    ec:a7:a0:63:e2:96:ac:00:7c:e7:fc:ba:0b:b1:3e:
                    8a:c5:dd:87:c3:54:9c:c9:fc:b2:f7:c4:42:82:fa:
                    e3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:75:B6:DC:FF:92:4F:2F:C3:4D:D0:0F:5B:D5:72:72:02:D6:07:60
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS29208.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:aa:0e:1a:81:cf:de:67:70:90:ed:bc:49:e1:e2:40:87:f0:
         96:62:2a:fc:c4:ea:51:a7:d2:ae:08:0a:dd:11:8b:f2:71:db:
         f0:37:09:21:cf:0d:24:4f:64:69:ab:8b:05:0d:7c:e9:f8:d4:
         48:3c:54:cc:e6:92:21:19:1c:64:b5:f0:a9:09:da:f6:16:ef:
         d6:8e:ae:1d:37:22:92:33:60:1f:43:54:9f:b3:23:52:4f:c0:
         51:d6:b2:d8:82:52:2a:33:df:83:14:55:2e:cf:98:3e:df:e6:
         8d:3d:0d:18:ef:2b:af:87:fb:2d:05:7b:02:45:7c:f0:6e:58:
         66:ef:dc:40:a6:38:03:cd:f2:3f:cb:84:9b:eb:98:ff:30:43:
         f0:65:54:f7:17:d8:82:b7:1d:2d:c8:77:f4:ca:e5:84:20:30:
         51:9b:32:93:79:d7:9a:7f:22:fa:b4:c2:59:b6:e6:26:61:64:
         04:f1:b7:41:14:8b:e9:60:ca:62:79:cb:4a:b1:e4:af:ee:36:
         f2:5b:40:3e:11:37:00:a3:cb:53:a9:a8:0f:e2:d2:1b:bf:eb:
         16:92:ee:27:d3:df:89:4c:14:c8:db:d3:ca:3f:b3:33:0a:cb:
         14:08:ce:33:d6:2e:36:62:61:1e:1b:06:5f:90:37:1a:0f:e5:
         75:8c:10:e6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTXbpHARnuAkYJ5UKMtSn6GDqLcQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA4MjgxMTAwMTlaFw0yNTA4MjcxMTA1MTlaMDMxMTAvBgNV
BAMTKDZCNzVCNkRDRkY5MjRGMkZDMzRERDAwRjVCRDU3MjcyMDJENjA3NjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvvlsLO+csOc3ICewjrI2BSzie
wbsZAwCyINrFXHvChryKHOsuwwl7b9dQ8x57O+vcfGXWsbMSm0rIBSXTOq7FbDDj
jlafNoOgtOYYOxbMUl3liKT51Yo3T9WEc5YqzuCNd6rZzsSHNlofTWfCEDhCESGi
3VKKznrn/viJgPlgg07/4+ExXsVmPXuJyD+VTOgfAmq4XrlFWd7n83mbr97R6+Kf
97+UVr6opTtnwZ8RUFA0gbREkU6ncaqKZTrJ4n1eg+awImhOOemLhM1qyWjyOSD6
sHlN6rFjut1z7vjrIeynoGPilqwAfOf8uguxPorF3YfDVJzJ/LL3xEKC+uPBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUa3W23P+STy/DTdAPW9VycgLWB2AwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjkyMDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC7Mw
DQYJKoZIhvcNAQELBQADggEBAJCqDhqBz95ncJDtvEnh4kCH8JZiKvzE6lGn0q4I
Ct0Ri/Jx2/A3CSHPDSRPZGmriwUNfOn41Eg8VMzmkiEZHGS18KkJ2vYW79aOrh03
IpIzYB9DVJ+zI1JPwFHWstiCUioz34MUVS7PmD7f5o09DRjvK6+H+y0FewJFfPBu
WGbv3ECmOAPN8j/LhJvrmP8wQ/BlVPcX2IK3HS3Id/TK5YQgMFGbMpN515p/Ivq0
wlm25iZhZATxt0EUi+lgymJ5y0qx5K/uNvJbQD4RNwCjy1OpqA/i0hu/6xaS7ifT
34lMFMjb08o/szMKyxQIzjPWLjZiYR4bBl+QNxoP5XWMEOY=
-----END CERTIFICATE-----