Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200017.roa
File:                     AS200017.roa (raw, json)
Hash identifier:          M8uPGsB2o0zyJxs4NX/x4EdNqk8YsnXVEYMbrTvPh4I=
Subject key identifier:   AB:94:59:92:19:67:55:6F:91:FE:ED:00:1E:14:51:8C:FD:96:49:22
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0B629D8D88D6F729B76CD0C11A1CAB65D24D7B6E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200017.roa
Signing time:             Thu 28 Sep 2023 00:00:05 +0000
ROA not before:           Wed 27 Sep 2023 23:55:05 +0000
ROA not after:            Thu 26 Sep 2024 00:00:05 +0000
asID:                     200017
IP address blocks:        5.45.39.0/24 maxlen: 24
                          185.170.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:62:9d:8d:88:d6:f7:29:b7:6c:d0:c1:1a:1c:ab:65:d2:4d:7b:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 27 23:55:05 2023 GMT
            Not After : Sep 26 00:00:05 2024 GMT
        Subject: CN=AB9459921967556F91FEED001E14518CFD964922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:05:09:00:28:a1:00:df:5b:a4:f3:e4:b3:43:
                    ba:a9:de:f6:7c:cd:0d:87:46:7e:6a:92:76:f4:ef:
                    78:19:1b:cf:c9:4d:dc:1e:2b:88:5c:e7:61:93:ae:
                    e5:64:80:78:02:4a:1d:73:0f:56:13:bf:35:fb:32:
                    05:d0:25:8d:ad:c8:ba:3a:8e:f1:b2:bc:a2:23:38:
                    30:c9:60:54:03:6c:95:d3:d8:64:3f:b4:3a:73:53:
                    c9:13:5f:d2:f7:02:e8:6e:76:67:d6:21:14:93:28:
                    c4:41:7c:7f:66:50:60:14:91:67:62:9f:21:88:f4:
                    47:60:8f:f8:13:00:e1:ce:b2:e2:a7:5d:c4:c6:46:
                    88:6e:ad:ea:6d:ba:72:26:23:36:89:78:cb:82:d4:
                    6f:71:26:d3:01:a4:30:b6:b9:d3:e6:5b:47:ef:a6:
                    8a:45:0c:ee:75:59:02:d0:1e:74:dd:5b:07:2f:60:
                    5f:0d:09:c2:27:64:44:90:07:7a:c4:c3:f1:e8:8f:
                    55:88:e3:a4:3b:45:d1:a0:22:8b:47:f5:c1:03:7a:
                    e2:77:f9:a7:7c:5e:12:76:02:1d:7f:9f:81:16:45:
                    92:96:30:12:67:87:79:0a:a6:ae:7b:12:e7:b6:f6:
                    50:e6:4a:8c:b4:a0:6e:a3:29:55:2b:64:5a:97:7a:
                    56:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:94:59:92:19:67:55:6F:91:FE:ED:00:1E:14:51:8C:FD:96:49:22
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.39.0/24
                  185.170.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:c6:1f:6e:93:e7:ec:40:4d:e7:06:9f:af:6d:12:9b:bc:a3:
         95:b9:2f:d2:4d:ea:a5:3c:22:53:2d:9a:54:db:9a:c4:c3:e5:
         64:ed:b9:49:fc:fc:81:d7:16:a2:60:db:a7:72:45:7c:11:64:
         9a:36:15:ff:f6:8b:49:00:65:37:d6:8e:b5:64:e6:5a:47:5d:
         fd:f8:98:83:df:09:10:d8:31:59:38:f8:31:21:91:43:bd:ed:
         9b:ce:cb:54:0e:2c:6a:3c:a4:ae:2b:e8:96:77:94:7c:5a:46:
         e2:d6:1c:1b:52:f8:bf:1b:49:da:76:b3:86:33:95:48:88:68:
         74:81:ad:5a:87:21:57:74:f7:f8:f1:06:d5:c2:41:9f:8c:b6:
         39:1c:b6:b6:77:08:93:19:3c:aa:57:7c:53:18:d5:d1:54:f1:
         fa:22:2d:87:6d:ec:fb:2b:18:54:cb:65:31:f1:df:22:d2:39:
         ec:ce:26:51:c4:07:fb:61:08:08:30:e6:68:06:e6:8f:7d:2c:
         08:f4:05:c6:1a:6f:1a:58:a3:65:62:9e:ae:f1:20:fd:34:5c:
         d9:80:c3:7e:e2:cf:e5:a0:65:93:54:37:12:fb:7c:7b:c1:ce:
         54:2f:9c:da:2c:f1:90:3e:06:7e:49:cf:b0:c2:08:1b:2b:0d:
         02:be:28:7d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUC2KdjYjW9ym3bNDBGhyrZdJNe24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA5MjcyMzU1MDVaFw0yNDA5MjYwMDAwMDVaMDMxMTAvBgNV
BAMTKEFCOTQ1OTkyMTk2NzU1NkY5MUZFRUQwMDFFMTQ1MThDRkQ5NjQ5MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwBQkAKKEA31uk8+SzQ7qp3vZ8
zQ2HRn5qknb073gZG8/JTdweK4hc52GTruVkgHgCSh1zD1YTvzX7MgXQJY2tyLo6
jvGyvKIjODDJYFQDbJXT2GQ/tDpzU8kTX9L3AuhudmfWIRSTKMRBfH9mUGAUkWdi
nyGI9Edgj/gTAOHOsuKnXcTGRohureptunImIzaJeMuC1G9xJtMBpDC2udPmW0fv
popFDO51WQLQHnTdWwcvYF8NCcInZESQB3rEw/Hoj1WI46Q7RdGgIotH9cEDeuJ3
+ad8XhJ2Ah1/n4EWRZKWMBJnh3kKpq57Eue29lDmSoy0oG6jKVUrZFqXelZLAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUq5RZkhlnVW+R/u0AHhRRjP2WSSIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMDE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABS0n
AwQAuaopMA0GCSqGSIb3DQEBCwUAA4IBAQCyxh9uk+fsQE3nBp+vbRKbvKOVuS/S
TeqlPCJTLZpU25rEw+Vk7blJ/PyB1xaiYNunckV8EWSaNhX/9otJAGU31o61ZOZa
R139+JiD3wkQ2DFZOPgxIZFDve2bzstUDixqPKSuK+iWd5R8Wkbi1hwbUvi/G0na
drOGM5VIiGh0ga1ahyFXdPf48QbVwkGfjLY5HLa2dwiTGTyqV3xTGNXRVPH6Ii2H
bez7KxhUy2Ux8d8i0jnsziZRxAf7YQgIMOZoBuaPfSwI9AXGGm8aWKNlYp6u8SD9
NFzZgMN+4s/loGWTVDcS+3x7wc5UL5zaLPGQPgZ+Sc+wwggbKw0Cvih9
-----END CERTIFICATE-----