Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209988.roa
File:                     AS209988.roa (raw, json)
Hash identifier:          2O3ZjwNeskn+wN8S/YKc8KnUTtzWhu6BSru1chd7ONk=
Subject key identifier:   FB:72:B7:70:51:74:38:58:24:C7:7F:67:F6:C5:A0:FF:D4:D7:CE:DB
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5A031CB4F97A02465213FFF76DE07E8FBA6864E8
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209988.roa
Signing time:             Tue 22 Jul 2025 00:01:11 +0000
ROA not before:           Mon 21 Jul 2025 23:56:11 +0000
ROA not after:            Tue 21 Jul 2026 00:01:11 +0000
asID:                     209988
IP address blocks:        141.11.238.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:12:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:03:1c:b4:f9:7a:02:46:52:13:ff:f7:6d:e0:7e:8f:ba:68:64:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 21 23:56:11 2025 GMT
            Not After : Jul 21 00:01:11 2026 GMT
        Subject: CN=FB72B7705174385824C77F67F6C5A0FFD4D7CEDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1c:5a:00:b8:68:8c:95:20:41:3e:63:b2:cb:
                    47:94:cc:86:29:0d:ff:33:92:f3:a9:c7:b7:e6:2b:
                    aa:cd:f8:3d:25:4d:90:fb:9b:a4:f7:11:71:5d:0f:
                    ef:c4:4a:c1:69:1f:85:b9:2a:2b:65:3f:ca:40:52:
                    4f:28:63:42:e6:46:93:ce:d0:c3:22:9b:3f:6a:48:
                    ab:47:62:ac:9c:7c:31:4a:15:af:7b:8e:fe:66:10:
                    83:96:e6:77:c7:01:bc:f9:4a:67:fd:6b:19:cf:e1:
                    22:19:0b:c7:61:2c:39:2c:55:84:f3:bf:32:9c:84:
                    7c:ad:c1:67:14:07:c4:bc:36:79:63:75:7b:4e:95:
                    12:c8:b0:11:44:7a:b4:a1:dd:29:dd:d0:49:54:1d:
                    a7:d0:dc:b6:25:6a:3e:4d:c7:bb:ce:37:c7:d2:9f:
                    d6:bf:2d:a5:75:a5:a3:7e:85:3f:92:96:10:3f:e6:
                    14:94:57:fd:1d:93:3f:d2:a8:08:cc:b1:ec:d4:a2:
                    72:71:d8:6a:52:e6:1e:6d:3e:6c:c6:85:da:94:87:
                    88:02:60:98:e9:6b:a9:f9:f9:10:df:f6:55:5c:bc:
                    5f:3d:0d:26:84:63:c0:a7:2b:91:4b:7b:b7:6a:02:
                    73:1d:20:c7:3c:43:83:6e:8b:1e:f9:43:ec:32:8a:
                    69:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:72:B7:70:51:74:38:58:24:C7:7F:67:F6:C5:A0:FF:D4:D7:CE:DB
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209988.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:56:19:3b:f3:c2:81:dc:eb:fd:f9:d8:87:9d:19:e7:97:80:
         ab:45:2c:69:39:f7:9d:a2:e2:8e:d0:d5:32:de:26:12:07:b7:
         fe:6c:52:fa:bb:c5:48:2b:62:32:e9:5d:19:eb:d4:51:81:0e:
         fa:c6:8d:be:8c:c3:e0:f3:74:40:ac:db:9d:3d:1b:cb:5f:59:
         e6:ca:64:d6:df:8c:09:3e:8b:0b:03:a0:c3:53:10:3f:21:e7:
         94:27:55:c1:c6:a0:a4:bb:3e:17:d7:8d:c9:da:7f:67:9e:0c:
         a4:ce:a0:e1:f8:87:3e:01:ac:d4:2d:fc:96:73:26:27:b9:36:
         33:3a:fb:2c:57:1b:d2:74:87:2e:a3:2d:0c:f6:7a:fa:a8:8a:
         10:ed:62:84:79:3f:10:34:63:4f:ca:53:b1:4a:af:1d:ac:39:
         46:cf:35:23:96:93:7e:58:21:69:14:b4:9b:b6:be:4b:3a:fe:
         2b:ca:fd:8f:f4:74:f9:36:4d:1b:a1:5b:e5:b9:f5:f7:4a:97:
         d5:f2:cb:f2:fa:ac:37:14:cf:14:d5:39:51:a0:50:9e:bf:04:
         e3:5f:db:62:72:c7:c4:bc:d5:90:5b:2c:b6:8c:90:87:aa:65:
         27:ce:92:59:2b:4d:3e:16:49:ef:51:49:7f:ff:25:89:79:00:
         1c:c1:7e:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWgMctPl6AkZSE//3beB+j7poZOgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA3MjEyMzU2MTFaFw0yNjA3MjEwMDAxMTFaMDMxMTAvBgNV
BAMTKEZCNzJCNzcwNTE3NDM4NTgyNEM3N0Y2N0Y2QzVBMEZGRDREN0NFREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyHFoAuGiMlSBBPmOyy0eUzIYp
Df8zkvOpx7fmK6rN+D0lTZD7m6T3EXFdD+/ESsFpH4W5KitlP8pAUk8oY0LmRpPO
0MMimz9qSKtHYqycfDFKFa97jv5mEIOW5nfHAbz5Smf9axnP4SIZC8dhLDksVYTz
vzKchHytwWcUB8S8NnljdXtOlRLIsBFEerSh3Snd0ElUHafQ3LYlaj5Nx7vON8fS
n9a/LaV1paN+hT+SlhA/5hSUV/0dkz/SqAjMsezUonJx2GpS5h5tPmzGhdqUh4gC
YJjpa6n5+RDf9lVcvF89DSaEY8CnK5FLe7dqAnMdIMc8Q4Nuix75Q+wyimm5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+3K3cFF0OFgkx39n9sWg/9TXztswHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA5OTg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQvu
MA0GCSqGSIb3DQEBCwUAA4IBAQAqVhk788KB3Ov9+diHnRnnl4CrRSxpOfedouKO
0NUy3iYSB7f+bFL6u8VIK2Iy6V0Z69RRgQ76xo2+jMPg83RArNudPRvLX1nmymTW
34wJPosLA6DDUxA/IeeUJ1XBxqCkuz4X143J2n9nngykzqDh+Ic+AazULfyWcyYn
uTYzOvssVxvSdIcuoy0M9nr6qIoQ7WKEeT8QNGNPylOxSq8drDlGzzUjlpN+WCFp
FLSbtr5LOv4ryv2P9HT5Nk0boVvlufX3SpfV8svy+qw3FM8U1TlRoFCevwTjX9ti
csfEvNWQWyy2jJCHqmUnzpJZK00+FknvUUl//yWJeQAcwX4f
-----END CERTIFICATE-----