Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200019.roa
File:                     AS200019.roa (raw, json)
Hash identifier:          QnZP+HASXYZN0tydo+9iIJCiDDZctrl0uop3jOSMqbc=
Subject key identifier:   27:E0:8C:3F:5B:EE:B8:C4:CA:FC:65:01:5C:23:0D:08:C3:38:20:63
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       46537FB33CF727B232F65EBB99369D908EAE31EC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200019.roa
Signing time:             Wed 04 Dec 2024 17:00:12 +0000
ROA not before:           Wed 04 Dec 2024 16:55:12 +0000
ROA not after:            Wed 03 Dec 2025 17:00:12 +0000
asID:                     200019
IP address blocks:        140.233.167.0/24 maxlen: 24
                          140.233.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:53:7f:b3:3c:f7:27:b2:32:f6:5e:bb:99:36:9d:90:8e:ae:31:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Dec  4 16:55:12 2024 GMT
            Not After : Dec  3 17:00:12 2025 GMT
        Subject: CN=27E08C3F5BEEB8C4CAFC65015C230D08C3382063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:87:29:3c:79:a6:8e:98:5f:80:f2:12:74:7b:
                    9a:cf:12:22:5d:d9:29:5f:2c:dd:ee:9f:1d:8c:fc:
                    ce:01:a7:b4:d0:f4:c5:90:02:16:15:4f:72:75:00:
                    19:99:70:5f:76:22:a8:48:f0:05:e2:26:03:d6:06:
                    fb:8b:31:57:27:28:4d:cf:54:9c:6d:a5:1d:c0:f2:
                    9d:0b:61:00:91:1c:8a:a9:2c:42:45:af:fc:30:84:
                    59:e8:63:b0:44:b2:b0:39:e4:9e:35:af:40:a5:7e:
                    eb:c3:f2:f1:7e:d7:56:de:3c:77:e6:4f:ee:21:de:
                    c4:0a:da:97:7f:5b:90:df:27:d0:92:f1:ba:5d:45:
                    2b:65:14:32:ac:27:53:f1:23:69:df:85:a1:a4:08:
                    30:34:da:ba:08:36:a1:a9:d3:92:87:1c:09:39:dd:
                    49:11:48:eb:1c:7a:40:63:85:e2:a6:71:ca:e9:95:
                    3d:77:72:d9:e1:b5:c3:90:bb:3e:bf:d6:c3:01:e4:
                    1e:ea:79:8f:e6:87:c8:98:55:a6:e9:5f:56:00:dd:
                    c6:59:2d:4a:ac:34:69:ed:a1:34:16:6f:6e:05:b7:
                    10:39:73:e2:16:08:f1:fe:e7:58:11:d0:c5:d7:c9:
                    36:69:69:ac:b7:6f:2e:82:29:91:a6:89:8c:b5:9c:
                    a8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E0:8C:3F:5B:EE:B8:C4:CA:FC:65:01:5C:23:0D:08:C3:38:20:63
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200019.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.167.0/24
                  140.233.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:ec:04:93:c9:26:93:60:5b:0b:9e:8b:0c:2a:2d:13:dd:22:
         2c:6d:aa:62:d2:b2:e8:31:07:61:8d:14:b9:69:d7:fe:fb:01:
         38:e8:84:e9:a9:76:fe:75:bd:54:d2:7c:be:e7:d7:99:49:4a:
         22:a0:96:7e:c9:c5:fa:f2:be:fb:af:4e:f6:20:0f:4c:64:e1:
         70:77:f8:28:47:43:19:af:2d:eb:5b:1b:39:a9:f3:65:9c:bc:
         b5:fe:b2:77:e6:a7:c7:86:e0:c8:3b:a8:7d:48:ab:b0:a1:fa:
         75:d8:ab:ef:ab:4f:89:93:b4:b8:12:12:e8:52:4a:fb:5b:36:
         9d:a6:0c:44:c9:3d:8e:94:01:24:4a:1c:b9:16:bd:59:6c:af:
         23:1c:23:bb:5a:e9:f2:b4:f5:29:8b:dc:f4:34:9d:f0:2a:36:
         1a:5f:86:46:5f:bc:19:a0:7e:15:f0:75:55:d6:0d:21:ec:4f:
         30:75:9f:0e:09:9a:6f:ca:34:05:2f:ea:4a:ba:9c:14:af:37:
         10:be:39:23:fa:13:c3:51:94:eb:0e:ac:d1:25:ae:9a:b6:f6:
         28:c0:f0:71:53:a0:ed:de:7c:99:9c:eb:53:65:83:6f:88:78:
         2e:80:1a:fe:40:fe:ad:64:ae:a6:19:e7:48:8e:e5:31:4e:0b:
         9b:15:73:0c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURlN/szz3J7Iy9l67mTadkI6uMewwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDEyMDQxNjU1MTJaFw0yNTEyMDMxNzAwMTJaMDMxMTAvBgNV
BAMTKDI3RTA4QzNGNUJFRUI4QzRDQUZDNjUwMTVDMjMwRDA4QzMzODIwNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAhyk8eaaOmF+A8hJ0e5rPEiJd
2SlfLN3unx2M/M4Bp7TQ9MWQAhYVT3J1ABmZcF92IqhI8AXiJgPWBvuLMVcnKE3P
VJxtpR3A8p0LYQCRHIqpLEJFr/wwhFnoY7BEsrA55J41r0ClfuvD8vF+11bePHfm
T+4h3sQK2pd/W5DfJ9CS8bpdRStlFDKsJ1PxI2nfhaGkCDA02roINqGp05KHHAk5
3UkRSOscekBjheKmccrplT13ctnhtcOQuz6/1sMB5B7qeY/mh8iYVabpX1YA3cZZ
LUqsNGntoTQWb24FtxA5c+IWCPH+51gR0MXXyTZpaay3by6CKZGmiYy1nKgxAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUJ+CMP1vuuMTK/GUBXCMNCMM4IGMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAwMDE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjOmn
AwQAjOm4MA0GCSqGSIb3DQEBCwUAA4IBAQAx7ASTySaTYFsLnosMKi0T3SIsbapi
0rLoMQdhjRS5adf++wE46ITpqXb+db1U0ny+59eZSUoioJZ+ycX68r77r072IA9M
ZOFwd/goR0MZry3rWxs5qfNlnLy1/rJ35qfHhuDIO6h9SKuwofp12Kvvq0+Jk7S4
EhLoUkr7WzadpgxEyT2OlAEkShy5Fr1ZbK8jHCO7WunytPUpi9z0NJ3wKjYaX4ZG
X7wZoH4V8HVV1g0h7E8wdZ8OCZpvyjQFL+pKupwUrzcQvjkj+hPDUZTrDqzRJa6a
tvYowPBxU6Dt3nyZnOtTZYNviHgugBr+QP6tZK6mGedIjuUxTgubFXMM
-----END CERTIFICATE-----