Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa
File:                     AS200181.roa (raw, json)
Hash identifier:          m44MO57sbL4rmrBnXvsqdmyuzGIE/mfQ6O9/Y0e8ojY=
Subject key identifier:   83:0A:2D:4D:37:C9:A5:BA:D2:80:12:41:76:A2:37:AD:23:E7:8B:87
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       575C4FE86A7A3FC2E9474E151CFFA0302D7CF4A8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa
Signing time:             Thu 20 Jun 2024 00:05:18 +0000
ROA not before:           Thu 20 Jun 2024 00:00:18 +0000
ROA not after:            Thu 19 Jun 2025 00:05:18 +0000
asID:                     200181
IP address blocks:        185.135.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:5c:4f:e8:6a:7a:3f:c2:e9:47:4e:15:1c:ff:a0:30:2d:7c:f4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 20 00:00:18 2024 GMT
            Not After : Jun 19 00:05:18 2025 GMT
        Subject: CN=830A2D4D37C9A5BAD280124176A237AD23E78B87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:80:e6:db:7d:aa:2c:a5:09:1f:ba:45:7f:69:
                    55:70:f5:21:b3:f6:a0:78:14:8a:ef:df:b6:9a:2d:
                    41:bb:3e:dd:d0:9f:2a:02:d9:38:fb:b4:0b:53:54:
                    10:78:63:de:6b:b9:99:81:b9:b6:87:d3:1f:02:0e:
                    44:56:39:3d:fb:15:9c:23:76:0d:86:94:3f:47:d2:
                    cb:18:5c:9e:55:c3:dd:14:79:68:cc:23:02:cd:4f:
                    0d:fd:31:26:9a:a9:7f:fb:43:32:b3:d7:7d:49:26:
                    ae:d9:03:fa:ee:ff:3e:43:19:2f:75:c6:ea:ed:2d:
                    59:be:f7:81:c5:bb:0a:f7:95:f5:b2:62:39:89:76:
                    a7:15:e1:fa:ae:f1:55:1c:0c:5f:9a:03:6f:aa:0d:
                    b6:dd:96:04:57:b1:9e:08:87:fd:61:1f:de:10:96:
                    14:04:dd:28:52:4a:55:7e:0d:d2:e5:82:8f:35:ad:
                    30:cd:49:b3:c3:58:0b:5f:17:b1:1a:a4:d0:2e:13:
                    41:ef:32:4c:a0:14:af:dc:10:57:37:eb:11:c6:f1:
                    47:7a:73:17:c7:20:3e:0e:48:5b:ab:5e:19:c9:d2:
                    f9:de:73:81:13:06:64:b2:36:ca:55:9b:f6:0a:94:
                    4c:69:5f:cc:48:4c:e6:92:7f:f8:21:3a:c3:4d:e6:
                    0a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0A:2D:4D:37:C9:A5:BA:D2:80:12:41:76:A2:37:AD:23:E7:8B:87
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:79:36:93:93:60:e7:85:26:13:30:00:2b:21:08:0f:17:b0:
         c2:95:9d:3f:e1:af:07:d2:3b:03:e5:aa:42:4f:13:bc:05:a6:
         e5:f7:5b:cb:bb:67:0e:f5:23:c9:46:4b:a2:2a:d1:36:1b:ba:
         ae:df:1c:ef:73:02:eb:dc:89:e2:02:74:63:3c:fc:fb:6f:72:
         8a:88:b1:4c:02:30:e9:09:a6:40:7b:81:4e:86:60:5e:2c:e0:
         9c:ce:f7:a8:6e:f2:b3:db:39:a7:79:5a:d7:9a:f7:e2:1e:13:
         89:f9:4e:11:0b:1e:90:91:aa:b9:6a:90:f9:53:8e:f0:3c:d1:
         16:39:fb:9d:f8:aa:4c:de:11:7b:1e:4d:58:f0:fc:bc:fe:2a:
         1a:9c:60:e9:b7:57:ba:d2:5d:ac:ec:c6:2f:de:d7:d7:67:aa:
         c2:f9:ca:18:4b:9b:75:dd:80:1e:eb:ba:e1:c5:35:f2:f2:94:
         40:85:88:5d:b7:f6:50:31:e6:09:fa:fe:c0:64:cb:c3:eb:4e:
         58:7b:f9:f7:94:ae:ab:78:23:da:e2:87:03:42:a1:64:75:fe:
         f8:fe:0d:e8:c3:0c:ca:16:fd:92:02:2e:49:64:58:89:f2:28:
         e7:5d:60:38:91:6d:24:39:0a:7d:c8:63:11:27:a6:4e:d1:11:
         14:2c:61:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUV1xP6Gp6P8LpR04VHP+gMC189KgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MjAwMDAwMThaFw0yNTA2MTkwMDA1MThaMDMxMTAvBgNV
BAMTKDgzMEEyRDREMzdDOUE1QkFEMjgwMTI0MTc2QTIzN0FEMjNFNzhCODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1gObbfaospQkfukV/aVVw9SGz
9qB4FIrv37aaLUG7Pt3QnyoC2Tj7tAtTVBB4Y95ruZmBubaH0x8CDkRWOT37FZwj
dg2GlD9H0ssYXJ5Vw90UeWjMIwLNTw39MSaaqX/7QzKz131JJq7ZA/ru/z5DGS91
xurtLVm+94HFuwr3lfWyYjmJdqcV4fqu8VUcDF+aA2+qDbbdlgRXsZ4Ih/1hH94Q
lhQE3ShSSlV+DdLlgo81rTDNSbPDWAtfF7EapNAuE0HvMkygFK/cEFc36xHG8Ud6
cxfHID4OSFurXhnJ0vnec4ETBmSyNspVm/YKlExpX8xITOaSf/ghOsNN5grnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgwotTTfJpbrSgBJBdqI3rSPni4cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQCieTaTk2DnhSYTMAArIQgPF7DClZ0/4a8H0jsD
5apCTxO8Babl91vLu2cO9SPJRkuiKtE2G7qu3xzvcwLr3IniAnRjPPz7b3KKiLFM
AjDpCaZAe4FOhmBeLOCczveobvKz2zmneVrXmvfiHhOJ+U4RCx6Qkaq5apD5U47w
PNEWOfud+KpM3hF7Hk1Y8Py8/ioanGDpt1e60l2s7MYv3tfXZ6rC+coYS5t13YAe
67rhxTXy8pRAhYhdt/ZQMeYJ+v7AZMvD605Ye/n3lK6reCPa4ocDQqFkdf74/g3o
wwzKFv2SAi5JZFiJ8ijnXWA4kW0kOQp9yGMRJ6ZO0REULGHU
-----END CERTIFICATE-----