Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200105.roa
File:                     AS200105.roa (raw, json)
Hash identifier:          nEpHXoGqXkLb3x85VTg1cEICp1UVHzXieU1zNgRb38s=
Subject key identifier:   01:B8:7A:7A:4E:9E:57:10:40:87:D1:4E:34:C3:AA:2A:78:41:96:6D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6C02D9AE03ADEFC229163EC17B8FFCE7FAC41C7C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200105.roa
Signing time:             Wed 20 May 2026 08:40:07 +0000
ROA not before:           Wed 20 May 2026 08:35:07 +0000
ROA not after:            Wed 19 May 2027 08:40:07 +0000
asID:                     200105
IP address blocks:        155.117.108.0/24 maxlen: 24
                          168.222.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:02:d9:ae:03:ad:ef:c2:29:16:3e:c1:7b:8f:fc:e7:fa:c4:1c:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 20 08:35:07 2026 GMT
            Not After : May 19 08:40:07 2027 GMT
        Subject: CN=01B87A7A4E9E57104087D14E34C3AA2A7841966D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:89:be:17:73:f4:4d:3a:a4:21:7a:d0:44:86:
                    ff:fe:15:97:5f:c0:a0:4e:f2:8c:7f:03:0f:76:91:
                    97:7f:03:54:11:d5:29:74:a0:4b:3d:8b:35:00:b0:
                    76:bf:4d:a0:d5:d8:0a:54:b6:e8:8f:1b:59:1c:3f:
                    30:c5:e2:45:96:00:3b:c3:f8:8d:6f:e1:f7:dd:5d:
                    43:be:91:2e:81:89:ec:c5:2a:b8:9d:08:ca:b7:ae:
                    5e:05:bd:9c:23:83:4e:c2:5d:b4:5b:af:d2:31:e8:
                    9d:49:27:f0:97:65:a7:39:41:50:f2:07:59:94:13:
                    f3:f7:28:b1:a9:39:f7:24:71:78:04:0b:b2:eb:a3:
                    7f:9d:7d:df:73:4f:81:7d:71:ed:4d:b7:45:c1:1b:
                    95:59:68:91:38:5c:27:52:1c:7c:44:da:8b:c5:c3:
                    93:53:63:15:8e:cc:9b:94:83:7d:59:18:f0:dc:ba:
                    aa:38:b5:a5:1d:af:7c:03:c3:b4:ba:f4:93:f1:a5:
                    21:7b:05:7b:08:c5:c8:db:b6:c0:95:84:84:a3:14:
                    d4:1a:46:40:c5:b7:fb:ac:54:36:3b:2c:67:73:03:
                    b2:d9:49:27:dd:18:14:be:31:2d:fa:1f:24:92:9b:
                    d5:9c:63:b7:6b:fa:ae:37:8b:30:7a:64:0a:69:52:
                    d9:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B8:7A:7A:4E:9E:57:10:40:87:D1:4E:34:C3:AA:2A:78:41:96:6D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200105.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.108.0/24
                  168.222.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:83:c6:9e:eb:02:b8:07:09:cc:a7:b3:b8:b3:fa:b8:15:4d:
         7b:6b:a0:bb:29:68:f5:85:cc:91:3a:a0:d1:28:fc:6f:03:67:
         65:eb:aa:3c:61:8a:8a:2d:cd:71:ab:7f:3f:87:7b:a0:6b:aa:
         36:b4:aa:e7:69:b9:2d:90:25:ca:d3:80:de:76:c6:0e:f0:41:
         89:1a:75:a5:b6:1f:52:8b:74:a6:df:d0:2c:b8:52:9c:1c:5c:
         5d:03:14:2f:03:eb:82:ac:bd:37:a2:9f:fb:c6:40:30:e8:37:
         a9:61:d7:ed:e6:ad:35:42:52:d2:d9:3f:17:9e:a1:ae:03:11:
         63:54:7a:cd:46:dc:e5:ed:e1:cc:20:49:ac:9e:7c:04:15:9a:
         31:e9:13:de:9e:4c:0e:ae:90:75:c6:c6:19:6f:8e:73:e5:67:
         9f:72:0a:a8:e8:d5:70:ec:3a:7f:c9:9f:af:99:37:1f:2e:e9:
         7e:23:6d:a0:37:24:4a:dc:cc:61:83:32:ac:7f:cd:f1:4a:56:
         5a:11:cc:3e:89:18:0f:56:93:d2:0b:5b:4f:5f:96:de:c2:26:
         5a:64:ed:e8:75:64:61:92:27:69:4e:00:02:a4:02:af:78:d5:
         8f:8f:4d:35:21:94:6b:55:12:1e:30:e4:eb:62:31:5a:b6:a6:
         66:9b:fd:f6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbALZrgOt78IpFj7Be4/85/rEHHwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjAwODM1MDdaFw0yNzA1MTkwODQwMDdaMDMxMTAvBgNV
BAMTKDAxQjg3QTdBNEU5RTU3MTA0MDg3RDE0RTM0QzNBQTJBNzg0MTk2NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIib4Xc/RNOqQhetBEhv/+FZdf
wKBO8ox/Aw92kZd/A1QR1Sl0oEs9izUAsHa/TaDV2ApUtuiPG1kcPzDF4kWWADvD
+I1v4ffdXUO+kS6BiezFKridCMq3rl4FvZwjg07CXbRbr9Ix6J1JJ/CXZac5QVDy
B1mUE/P3KLGpOfckcXgEC7Lro3+dfd9zT4F9ce1Nt0XBG5VZaJE4XCdSHHxE2ovF
w5NTYxWOzJuUg31ZGPDcuqo4taUdr3wDw7S69JPxpSF7BXsIxcjbtsCVhISjFNQa
RkDFt/usVDY7LGdzA7LZSSfdGBS+MS36HySSm9WcY7dr+q43izB6ZAppUtkrAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAbh6ek6eVxBAh9FONMOqKnhBlm0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAwMTA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAm3Vs
AwQAqN5QMA0GCSqGSIb3DQEBCwUAA4IBAQBhg8ae6wK4BwnMp7O4s/q4FU17a6C7
KWj1hcyROqDRKPxvA2dl66o8YYqKLc1xq38/h3uga6o2tKrnabktkCXK04DedsYO
8EGJGnWlth9Si3Sm39AsuFKcHFxdAxQvA+uCrL03op/7xkAw6DepYdft5q01QlLS
2T8XnqGuAxFjVHrNRtzl7eHMIEmsnnwEFZox6RPenkwOrpB1xsYZb45z5Wefcgqo
6NVw7Dp/yZ+vmTcfLul+I22gNyRK3MxhgzKsf83xSlZaEcw+iRgPVpPSC1tPX5be
wiZaZO3odWRhkidpTgACpAKveNWPj001IZRrVRIeMOTrYjFatqZmm/32
-----END CERTIFICATE-----