Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200019.roa
File:                     AS200019.roa (raw, json)
Hash identifier:          4t9MBCeB+2VyhRjS771TIC4Zgfqr61FL70GB05Ojen8=
Subject key identifier:   FD:08:D7:73:C6:57:B3:88:BA:88:44:BB:9B:88:6D:0F:9E:4C:89:0A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6BB4B92E42AE6BA489B91BF7F82B82A6204C7A58
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200019.roa
Signing time:             Wed 17 Apr 2024 14:25:32 +0000
ROA not before:           Wed 17 Apr 2024 14:20:32 +0000
ROA not after:            Wed 16 Apr 2025 14:25:32 +0000
asID:                     200019
IP address blocks:        181.215.170.0/24 maxlen: 24
                          191.96.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:b4:b9:2e:42:ae:6b:a4:89:b9:1b:f7:f8:2b:82:a6:20:4c:7a:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 17 14:20:32 2024 GMT
            Not After : Apr 16 14:25:32 2025 GMT
        Subject: CN=FD08D773C657B388BA8844BB9B886D0F9E4C890A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:16:08:70:48:eb:c7:6c:94:58:12:65:00:b7:
                    f1:cb:42:e8:2b:b6:0f:5d:6d:ef:9f:75:4c:b2:d3:
                    51:d3:02:86:31:04:92:3f:c6:6f:32:94:cc:77:17:
                    56:82:9f:59:1f:b2:83:d7:33:e9:37:83:51:8b:86:
                    94:d2:c0:4e:d8:bd:1b:9e:c7:a9:eb:60:54:00:87:
                    80:04:b4:98:28:43:8c:c1:52:4d:6b:2e:d7:a4:54:
                    35:b2:3e:fb:3c:38:a7:75:36:c4:6c:30:39:c0:03:
                    a9:95:25:42:94:5b:42:9b:2c:04:88:2b:95:24:b2:
                    40:58:42:94:69:8e:27:85:e0:3b:c2:7a:d8:ba:95:
                    be:31:15:61:8c:1b:2b:e9:d9:9e:f0:1e:51:3f:d1:
                    6a:eb:5a:80:4a:b1:7c:b0:3c:dd:1f:b9:df:ed:5a:
                    38:8e:07:a9:fb:81:fe:6f:f4:03:c5:e5:ed:37:44:
                    0b:75:79:3a:10:ca:3b:47:79:76:7f:d8:b9:64:79:
                    c4:cc:4b:5a:8c:a0:2d:97:80:7a:92:d3:fb:ac:07:
                    6e:8d:86:f6:ee:c1:18:cc:44:48:f0:d8:f0:b5:c0:
                    18:d6:d3:e8:ad:79:ca:0d:c7:20:42:76:59:20:cd:
                    07:7c:5b:df:01:d2:bb:2a:33:62:5d:97:a6:dc:f2:
                    25:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:08:D7:73:C6:57:B3:88:BA:88:44:BB:9B:88:6D:0F:9E:4C:89:0A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200019.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.170.0/24
                  191.96.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:01:bd:90:96:66:58:3d:cf:fc:f0:f3:dd:a3:15:52:2d:3a:
         d1:b8:34:88:bf:ad:ab:3d:31:b8:40:ec:e7:7d:52:00:e1:00:
         27:09:74:6d:05:32:26:b0:16:67:cc:46:c2:06:b4:09:e1:d5:
         a0:35:d6:63:10:d2:f5:19:98:64:da:39:8b:f1:ae:2c:c0:47:
         24:47:19:52:62:44:d8:61:7b:7e:dd:da:33:f8:1f:8d:e9:16:
         e3:4c:9b:4c:dd:52:1b:2d:ca:d3:89:22:95:55:0d:a8:b7:86:
         b6:03:5a:af:1f:10:08:ee:34:eb:09:d5:cb:9a:92:0e:c8:a3:
         84:54:f7:8f:35:20:29:fc:94:13:36:f9:30:ec:11:f3:e5:db:
         d1:c5:96:db:e0:92:88:0c:c4:11:fa:44:fd:f7:00:08:5f:5c:
         cc:ed:fd:fa:4c:e7:7a:28:43:93:05:74:17:e3:23:d5:49:f1:
         2f:ee:a6:d1:c5:cb:4f:dd:82:98:74:3d:32:92:11:00:57:df:
         cd:c7:27:21:b5:5f:8a:2c:82:28:2c:a7:c7:f7:b0:a6:c7:e3:
         86:45:0d:7d:66:a8:c4:d0:bf:24:05:ce:2c:f1:69:a1:77:ba:
         e5:91:89:34:1b:bc:ae:fc:a7:c5:48:e9:b2:a8:2c:62:e1:cd:
         86:2d:8e:a2
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUa7S5LkKua6SJuRv3+CuCpiBMelgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MTcxNDIwMzJaFw0yNTA0MTYxNDI1MzJaMDMxMTAvBgNV
BAMTKEZEMDhENzczQzY1N0IzODhCQTg4NDRCQjlCODg2RDBGOUU0Qzg5MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqFghwSOvHbJRYEmUAt/HLQugr
tg9dbe+fdUyy01HTAoYxBJI/xm8ylMx3F1aCn1kfsoPXM+k3g1GLhpTSwE7YvRue
x6nrYFQAh4AEtJgoQ4zBUk1rLtekVDWyPvs8OKd1NsRsMDnAA6mVJUKUW0KbLASI
K5UkskBYQpRpjieF4DvCeti6lb4xFWGMGyvp2Z7wHlE/0WrrWoBKsXywPN0fud/t
WjiOB6n7gf5v9APF5e03RAt1eToQyjtHeXZ/2LlkecTMS1qMoC2XgHqS0/usB26N
hvbuwRjMREjw2PC1wBjW0+itecoNxyBCdlkgzQd8W98B0rsqM2Jdl6bc8iXlAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU/QjXc8ZXs4i6iES7m4htD55MiQowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMDE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdeq
AwQAv2AMMA0GCSqGSIb3DQEBCwUAA4IBAQCYAb2QlmZYPc/88PPdoxVSLTrRuDSI
v62rPTG4QOznfVIA4QAnCXRtBTImsBZnzEbCBrQJ4dWgNdZjENL1GZhk2jmL8a4s
wEckRxlSYkTYYXt+3doz+B+N6RbjTJtM3VIbLcrTiSKVVQ2ot4a2A1qvHxAI7jTr
CdXLmpIOyKOEVPePNSAp/JQTNvkw7BHz5dvRxZbb4JKIDMQR+kT99wAIX1zM7f36
TOd6KEOTBXQX4yPVSfEv7qbRxctP3YKYdD0ykhEAV9/NxychtV+KLIIoLKfH97Cm
x+OGRQ19ZqjE0L8kBc4s8Wmhd7rlkYk0G7yu/KfFSOmyqCxi4c2GLY6i
-----END CERTIFICATE-----