Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200017.roa
File:                     AS200017.roa (raw, json)
Hash identifier:          Tg405xW3Th2q1rMXrs6IDJ7xUf55YEdmsnL4A5sYnfE=
Subject key identifier:   E4:6F:FE:3F:54:C6:F3:1A:18:C7:96:0F:FD:2C:35:91:FF:71:2D:FF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6E9492D3F850C7AA264A8C03C0F1B801B10825F4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200017.roa
Signing time:             Wed 07 May 2025 11:54:07 +0000
ROA not before:           Wed 07 May 2025 11:49:07 +0000
ROA not after:            Wed 06 May 2026 11:54:07 +0000
asID:                     200017
IP address blocks:        5.45.39.0/24 maxlen: 24
                          181.215.26.0/24 maxlen: 24
                          185.170.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:94:92:d3:f8:50:c7:aa:26:4a:8c:03:c0:f1:b8:01:b1:08:25:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  7 11:49:07 2025 GMT
            Not After : May  6 11:54:07 2026 GMT
        Subject: CN=E46FFE3F54C6F31A18C7960FFD2C3591FF712DFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5d:c2:3d:54:08:59:25:70:21:f3:47:08:66:
                    2f:22:9d:6a:55:f7:c3:36:13:25:8b:bd:43:9e:5e:
                    8c:b3:e9:95:36:ad:ac:0f:b5:20:8d:43:2d:86:b3:
                    f6:40:a0:21:d2:ae:3d:33:f4:48:64:e2:b1:8f:67:
                    c9:f0:ce:d2:f6:e8:08:0e:6c:4c:ae:17:28:64:e3:
                    8c:e0:07:43:41:9b:e7:47:ea:92:e6:68:50:be:c4:
                    73:7b:c1:4c:aa:15:58:3d:ba:96:6e:d2:ae:00:7c:
                    f3:ac:0a:28:4c:ac:cb:4f:35:01:10:ef:e4:dd:62:
                    ae:2c:f8:14:2a:a6:74:9f:8c:02:4f:57:92:30:6f:
                    7c:30:28:d7:25:ea:75:e7:5e:75:31:d2:28:5a:b0:
                    bc:0c:f6:e7:c2:af:14:34:42:f6:ec:3f:3c:6e:cc:
                    36:0a:c8:40:ef:f5:ba:f0:ec:60:3b:48:4b:6a:cc:
                    ba:cf:52:18:a8:d7:80:61:d1:b7:67:08:6b:13:dc:
                    e0:e8:d7:31:ec:93:db:1c:f2:8f:13:65:f6:28:23:
                    d9:dd:c4:a5:a6:7f:e9:12:4a:3b:f3:a8:5e:80:d1:
                    48:be:62:34:06:e8:5c:3f:34:fc:ca:de:79:81:92:
                    8f:97:c4:86:a9:11:d8:ee:2b:fa:5e:3a:3c:b5:1c:
                    e2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:6F:FE:3F:54:C6:F3:1A:18:C7:96:0F:FD:2C:35:91:FF:71:2D:FF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.39.0/24
                  181.215.26.0/24
                  185.170.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:0a:a6:01:4c:a4:f9:9f:7b:4c:b4:16:9d:af:9a:5e:d8:a0:
         a1:49:19:c1:83:9e:57:bc:11:16:43:34:bb:8a:1c:52:0e:5b:
         73:67:c4:ed:e6:72:54:30:ff:21:f1:d1:7f:41:ec:cb:a6:6e:
         59:9c:d9:c7:31:b6:89:f8:8d:0c:50:fa:b4:25:ba:1d:6f:8c:
         b9:18:85:ba:03:1f:74:e9:7a:1b:4a:34:b1:21:a0:ac:6d:56:
         07:f0:20:ac:4a:25:43:08:5a:4c:f1:18:7f:2e:52:af:07:95:
         f5:83:f5:d4:a8:d4:39:bb:08:77:39:2a:fe:02:2e:b2:a7:84:
         94:7e:b6:55:0c:48:0b:59:b3:62:b9:84:14:22:c2:37:dd:94:
         6d:9d:87:f8:13:4a:8b:09:dd:9d:b7:6d:35:eb:e2:4c:a6:de:
         25:c9:3b:c3:07:53:75:46:8c:ff:65:11:c8:56:85:36:94:7d:
         a9:5d:f2:71:d2:7c:0b:85:da:97:55:6d:62:b5:91:44:74:9f:
         f5:24:1e:32:36:89:e0:72:a6:6e:a5:87:6f:95:6b:a3:a4:74:
         e3:5b:18:86:90:0d:24:28:f0:2e:a9:0a:78:10:0b:b0:89:83:
         5e:83:9a:b4:fc:e5:dc:34:43:82:f2:fb:a9:a8:de:fb:be:19:
         31:bb:30:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUbpSS0/hQx6omSowDwPG4AbEIJfQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MDcxMTQ5MDdaFw0yNjA1MDYxMTU0MDdaMDMxMTAvBgNV
BAMTKEU0NkZGRTNGNTRDNkYzMUExOEM3OTYwRkZEMkMzNTkxRkY3MTJERkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlXcI9VAhZJXAh80cIZi8inWpV
98M2EyWLvUOeXoyz6ZU2rawPtSCNQy2Gs/ZAoCHSrj0z9Ehk4rGPZ8nwztL26AgO
bEyuFyhk44zgB0NBm+dH6pLmaFC+xHN7wUyqFVg9upZu0q4AfPOsCihMrMtPNQEQ
7+TdYq4s+BQqpnSfjAJPV5Iwb3wwKNcl6nXnXnUx0ihasLwM9ufCrxQ0QvbsPzxu
zDYKyEDv9brw7GA7SEtqzLrPUhio14Bh0bdnCGsT3ODo1zHsk9sc8o8TZfYoI9nd
xKWmf+kSSjvzqF6A0Ui+YjQG6Fw/NPzK3nmBko+XxIapEdjuK/peOjy1HOJ9AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU5G/+P1TG8xoYx5YP/Sw1kf9xLf8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMDE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABS0n
AwQAtdcaAwQAuaopMA0GCSqGSIb3DQEBCwUAA4IBAQBRCqYBTKT5n3tMtBadr5pe
2KChSRnBg55XvBEWQzS7ihxSDltzZ8Tt5nJUMP8h8dF/QezLpm5ZnNnHMbaJ+I0M
UPq0Jbodb4y5GIW6Ax906XobSjSxIaCsbVYH8CCsSiVDCFpM8Rh/LlKvB5X1g/XU
qNQ5uwh3OSr+Ai6yp4SUfrZVDEgLWbNiuYQUIsI33ZRtnYf4E0qLCd2dt2016+JM
pt4lyTvDB1N1Roz/ZRHIVoU2lH2pXfJx0nwLhdqXVW1itZFEdJ/1JB4yNongcqZu
pYdvlWujpHTjWxiGkA0kKPAuqQp4EAuwiYNeg5q0/OXcNEOC8vupqN77vhkxuzBG
-----END CERTIFICATE-----