Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200154.roa
File:                     AS200154.roa (raw, json)
Hash identifier:          PYJva+wdGGbM8zlG0E/MqMu+LcMmo/HPueC43KYbeYg=
Subject key identifier:   A9:3E:13:61:11:76:2F:3D:D2:53:F9:F9:A5:CA:3E:F4:EA:D5:72:E4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5A164B7409592C93038713F0D2EB9227E3F74090
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200154.roa
Signing time:             Tue 28 May 2024 19:05:16 +0000
ROA not before:           Tue 28 May 2024 19:00:16 +0000
ROA not after:            Tue 27 May 2025 19:05:16 +0000
asID:                     200154
IP address blocks:        181.214.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:16:4b:74:09:59:2c:93:03:87:13:f0:d2:eb:92:27:e3:f7:40:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 28 19:00:16 2024 GMT
            Not After : May 27 19:05:16 2025 GMT
        Subject: CN=A93E136111762F3DD253F9F9A5CA3EF4EAD572E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5e:85:b5:41:71:35:f1:87:34:93:e1:75:75:
                    8d:ed:f9:9c:04:2d:b8:a2:09:52:39:cb:cf:47:80:
                    10:0b:db:4c:f9:f3:7d:46:67:cb:d5:46:c9:f1:e2:
                    70:c2:76:49:b2:64:bc:e4:f8:69:bf:24:86:f1:25:
                    d0:01:a6:ee:6c:97:e6:5e:3c:b8:ec:63:56:77:40:
                    e2:a8:36:e5:85:a7:81:3e:ab:ef:65:eb:48:37:3c:
                    12:0e:6c:b5:a2:5a:ad:41:ef:0b:67:f4:80:2e:30:
                    ae:75:5c:ba:d4:ac:0b:21:0f:67:8c:00:97:ad:ea:
                    67:91:b7:dc:66:86:03:cf:8f:9d:6c:39:92:ab:69:
                    86:49:b2:66:a6:ab:73:aa:83:86:dc:e8:46:ea:9f:
                    e1:ac:5c:57:d0:5b:d8:4c:0c:83:b0:ed:9f:1f:fd:
                    2e:fa:0c:2e:19:71:9d:ba:b6:5d:d7:b7:ba:84:b1:
                    c4:9c:89:0c:b5:55:b5:b7:9e:42:0b:f7:6d:ba:47:
                    16:c5:23:67:0b:17:ba:ce:5c:8e:3f:7e:22:81:c5:
                    eb:a6:55:a4:1c:f0:82:36:e7:2f:d2:6c:02:5c:88:
                    00:02:75:20:5a:b5:6d:75:3c:21:9e:4f:33:b0:92:
                    ae:e9:26:34:60:2d:10:86:b0:f4:4c:ba:10:d7:99:
                    34:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:3E:13:61:11:76:2F:3D:D2:53:F9:F9:A5:CA:3E:F4:EA:D5:72:E4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200154.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:69:03:46:67:2f:48:1b:e6:9f:3b:ab:96:e9:6d:b9:86:ce:
         d1:96:d3:f3:65:ef:43:7a:93:05:4e:7a:ea:c3:9c:81:2e:94:
         64:79:ef:ae:8a:92:73:43:9a:37:bf:8f:17:10:cf:22:20:5d:
         f7:10:33:e1:0f:ea:cb:95:3e:18:a9:e2:09:0a:98:09:89:89:
         7e:2d:05:12:19:e2:53:2f:69:e5:9a:c7:d5:f1:cd:d3:92:34:
         a2:0d:04:40:11:71:bd:e7:49:4c:dc:36:3b:84:68:39:d7:b7:
         04:ea:a7:b9:a6:b5:47:2c:4e:17:5c:29:57:82:29:ba:9c:76:
         70:de:f2:db:1c:c9:82:ed:47:f8:2a:d7:fc:cc:b7:e7:29:b9:
         3e:cb:9b:f4:0d:f5:f9:ed:4f:07:2d:ad:4e:5c:20:a3:84:86:
         6f:8e:d5:71:08:f3:80:7d:a9:7b:70:87:1f:60:89:7a:fe:98:
         15:0f:7b:dd:ac:a9:3a:29:47:d8:b6:cd:e6:cf:7e:be:c6:08:
         a0:2d:76:ab:0c:74:5a:09:e3:7f:42:8a:d5:64:55:74:ba:d9:
         90:fc:ef:ff:9d:1a:8d:b2:46:e3:42:7d:2c:da:12:bf:72:67:
         e9:18:ce:db:35:f3:d5:0c:4d:16:a3:41:72:c6:16:1f:91:81:
         57:c3:b3:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWhZLdAlZLJMDhxPw0uuSJ+P3QJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MjgxOTAwMTZaFw0yNTA1MjcxOTA1MTZaMDMxMTAvBgNV
BAMTKEE5M0UxMzYxMTE3NjJGM0REMjUzRjlGOUE1Q0EzRUY0RUFENTcyRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2XoW1QXE18Yc0k+F1dY3t+ZwE
LbiiCVI5y89HgBAL20z5831GZ8vVRsnx4nDCdkmyZLzk+Gm/JIbxJdABpu5sl+Ze
PLjsY1Z3QOKoNuWFp4E+q+9l60g3PBIObLWiWq1B7wtn9IAuMK51XLrUrAshD2eM
AJet6meRt9xmhgPPj51sOZKraYZJsmamq3Oqg4bc6Ebqn+GsXFfQW9hMDIOw7Z8f
/S76DC4ZcZ26tl3Xt7qEscSciQy1VbW3nkIL9226RxbFI2cLF7rOXI4/fiKBxeum
VaQc8II25y/SbAJciAACdSBatW11PCGeTzOwkq7pJjRgLRCGsPRMuhDXmTTpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqT4TYRF2Lz3SU/n5pco+9OrVcuQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdbg
MA0GCSqGSIb3DQEBCwUAA4IBAQA3aQNGZy9IG+afO6uW6W25hs7RltPzZe9DepMF
Tnrqw5yBLpRkee+uipJzQ5o3v48XEM8iIF33EDPhD+rLlT4YqeIJCpgJiYl+LQUS
GeJTL2nlmsfV8c3TkjSiDQRAEXG950lM3DY7hGg517cE6qe5prVHLE4XXClXgim6
nHZw3vLbHMmC7Uf4Ktf8zLfnKbk+y5v0DfX57U8HLa1OXCCjhIZvjtVxCPOAfal7
cIcfYIl6/pgVD3vdrKk6KUfYts3mz36+xgigLXarDHRaCeN/QorVZFV0utmQ/O//
nRqNskbjQn0s2hK/cmfpGM7bNfPVDE0Wo0FyxhYfkYFXw7OD
-----END CERTIFICATE-----