Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa
File:                     AS200131.roa (raw, json)
Hash identifier:          FvHgTE8a7v3eqQmRS0FFyPYbh1renYiTiYYNeNlC62A=
Subject key identifier:   06:08:D1:44:C1:F5:35:D5:0D:98:28:B1:58:7A:8A:C6:CD:B7:E1:0E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       391BA84BB7FC5EDB1B2CCB45826C804F659CE55A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa
Signing time:             Thu 20 Jul 2023 00:00:16 +0000
ROA not before:           Wed 19 Jul 2023 23:55:16 +0000
ROA not after:            Thu 18 Jul 2024 00:00:16 +0000
asID:                     200131
IP address blocks:        185.135.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:1b:a8:4b:b7:fc:5e:db:1b:2c:cb:45:82:6c:80:4f:65:9c:e5:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 19 23:55:16 2023 GMT
            Not After : Jul 18 00:00:16 2024 GMT
        Subject: CN=0608D144C1F535D50D9828B1587A8AC6CDB7E10E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:29:27:fe:9f:57:5a:78:32:df:74:d0:d9:4e:
                    5f:23:c6:c3:73:c1:ac:1b:17:a6:ce:39:e0:06:1d:
                    c6:0d:a1:1c:86:78:d1:07:85:da:eb:db:1f:64:89:
                    b4:ea:0b:5f:54:f3:9b:ad:aa:63:7d:93:e2:8a:4a:
                    15:17:c7:28:20:5e:bc:01:c3:c7:02:d5:45:ce:05:
                    8b:4d:e7:2f:5d:59:75:1e:8a:14:3c:15:7f:1c:79:
                    f7:69:cc:37:6c:75:77:ba:33:13:75:9c:0f:96:86:
                    9f:e1:9d:65:7c:11:8b:c0:e9:e2:43:fd:ab:bc:94:
                    a5:a8:cd:ff:37:b8:3a:74:63:53:10:3b:a1:25:79:
                    e5:06:09:2e:b8:81:17:1c:9e:4a:b1:e8:6f:9d:ad:
                    20:92:0e:5e:d5:e3:dd:64:3a:7e:ab:f8:07:0b:a9:
                    f6:44:c7:3a:cf:d6:4d:e0:06:fa:1f:4d:bd:42:42:
                    88:8c:21:e1:85:12:31:30:e2:05:fb:9d:64:41:d0:
                    8c:85:7d:86:8a:01:43:8d:d9:bc:8e:5c:52:00:bd:
                    69:04:74:38:6f:4a:a7:05:d2:6b:e8:c5:a7:78:06:
                    d5:8a:b7:5e:f9:99:36:43:7d:1a:b5:e7:33:a4:16:
                    95:f1:50:aa:02:dd:26:e6:ff:78:f0:df:89:9a:db:
                    4f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:08:D1:44:C1:F5:35:D5:0D:98:28:B1:58:7A:8A:C6:CD:B7:E1:0E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:20:36:4c:b5:b0:a3:51:8f:20:ad:b0:39:a6:d4:f5:e8:19:
         1f:f4:f0:50:31:6c:fd:06:f6:16:40:f4:89:c6:b1:a7:e3:a5:
         5b:15:10:3e:5c:85:3e:ad:c4:70:e4:0f:a2:72:f8:6e:d1:e6:
         46:ae:80:9c:79:d7:ee:f7:00:94:12:8b:82:2d:f7:23:b2:94:
         38:d4:c1:89:8b:5a:f2:95:0b:7a:a4:2e:9c:e4:10:c1:d4:3a:
         da:14:d0:d6:99:5a:fb:5f:95:8f:af:07:7c:2f:23:3f:27:11:
         f9:10:65:4c:46:c9:dd:a0:98:f3:a2:05:55:01:d6:c9:6d:d2:
         2b:44:d2:9c:52:7d:36:44:24:4a:6e:61:d0:f6:9d:e3:dd:4f:
         b3:d2:ec:76:b6:91:fe:15:36:61:c1:a0:6a:93:f6:8f:10:79:
         fd:ce:87:a9:9f:1d:58:c7:27:f1:97:87:47:5d:a3:0f:82:08:
         da:32:bb:b5:18:50:5b:96:d9:1f:06:1b:43:f3:b9:77:92:53:
         b5:fe:ab:03:1e:e6:cc:cf:43:72:d5:b5:50:83:73:21:90:a9:
         5a:e0:20:72:24:aa:3f:f5:c2:2a:df:a1:c0:da:7b:25:06:ca:
         2e:fa:cf:dc:1f:e0:d1:51:c7:43:57:d0:56:7d:3b:1f:8f:92:
         ea:cf:a4:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUORuoS7f8XtsbLMtFgmyAT2Wc5VowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MTkyMzU1MTZaFw0yNDA3MTgwMDAwMTZaMDMxMTAvBgNV
BAMTKDA2MDhEMTQ0QzFGNTM1RDUwRDk4MjhCMTU4N0E4QUM2Q0RCN0UxMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXKSf+n1daeDLfdNDZTl8jxsNz
wawbF6bOOeAGHcYNoRyGeNEHhdrr2x9kibTqC19U85utqmN9k+KKShUXxyggXrwB
w8cC1UXOBYtN5y9dWXUeihQ8FX8cefdpzDdsdXe6MxN1nA+Whp/hnWV8EYvA6eJD
/au8lKWozf83uDp0Y1MQO6EleeUGCS64gRccnkqx6G+drSCSDl7V491kOn6r+AcL
qfZExzrP1k3gBvofTb1CQoiMIeGFEjEw4gX7nWRB0IyFfYaKAUON2byOXFIAvWkE
dDhvSqcF0mvoxad4BtWKt175mTZDfRq15zOkFpXxUKoC3Sbm/3jw34ma208jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBgjRRMH1NdUNmCixWHqKxs234Q4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQCTIDZMtbCjUY8grbA5ptT16Bkf9PBQMWz9BvYW
QPSJxrGn46VbFRA+XIU+rcRw5A+icvhu0eZGroCcedfu9wCUEouCLfcjspQ41MGJ
i1rylQt6pC6c5BDB1DraFNDWmVr7X5WPrwd8LyM/JxH5EGVMRsndoJjzogVVAdbJ
bdIrRNKcUn02RCRKbmHQ9p3j3U+z0ux2tpH+FTZhwaBqk/aPEHn9zoepnx1Yxyfx
l4dHXaMPggjaMru1GFBbltkfBhtD87l3klO1/qsDHubMz0Ny1bVQg3MhkKla4CBy
JKo/9cIq36HA2nslBsou+s/cH+DRUcdDV9BWfTsfj5Lqz6TA
-----END CERTIFICATE-----