Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa
File:                     AS200131.roa (raw, json)
Hash identifier:          upWCrrCanpFyOzn23BKLaMyIybZPMq0rXIL50bl69p4=
Subject key identifier:   36:81:97:C8:BB:51:9A:80:51:66:E7:41:56:3B:9C:77:76:85:57:97
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0E347EEAB177995BBD6B44D166C7BD5E74C0DC45
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa
Signing time:             Thu 20 Jun 2024 00:05:18 +0000
ROA not before:           Thu 20 Jun 2024 00:00:18 +0000
ROA not after:            Thu 19 Jun 2025 00:05:18 +0000
asID:                     200131
IP address blocks:        185.135.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:34:7e:ea:b1:77:99:5b:bd:6b:44:d1:66:c7:bd:5e:74:c0:dc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 20 00:00:18 2024 GMT
            Not After : Jun 19 00:05:18 2025 GMT
        Subject: CN=368197C8BB519A805166E741563B9C7776855797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:73:d4:64:c2:ab:0e:34:78:b3:be:c8:df:5d:
                    17:b7:50:5d:29:9f:04:ec:21:d6:8b:c4:6e:28:ae:
                    6b:35:81:4c:5a:d5:d3:f9:6a:7d:ec:6e:ad:c3:88:
                    46:8f:46:eb:90:24:39:d6:eb:bc:52:0e:39:de:5e:
                    30:73:0a:e6:e6:c8:4e:b8:64:4f:9f:e1:d1:70:85:
                    e9:53:aa:e8:09:07:04:80:a8:03:6a:44:0a:97:a7:
                    9b:59:b2:61:ce:e5:de:53:dc:b2:84:13:5a:e3:ed:
                    84:23:ce:d2:17:88:0e:3a:1a:3b:d3:4a:25:0d:16:
                    93:d4:39:f8:9e:64:5f:89:bf:fd:b9:0b:46:5b:df:
                    4e:26:a4:9c:1b:86:f4:31:03:34:5f:56:cb:38:ec:
                    a8:1c:0f:2f:a0:5f:13:b2:19:c7:16:85:35:62:d5:
                    38:bf:ec:4a:50:f2:14:15:8a:28:66:58:5a:a6:c6:
                    e8:25:79:a9:c0:ba:37:25:39:eb:9c:53:4c:96:2f:
                    c7:72:13:46:13:47:09:48:2f:4b:26:31:0f:ed:7b:
                    9e:80:44:59:ab:3a:0d:a7:26:a2:14:15:5a:6d:01:
                    c6:fa:da:c6:c2:5b:f8:dd:81:bc:b4:58:77:ce:48:
                    e3:0a:98:54:6f:e1:cc:40:7a:d1:b6:1c:9e:1f:0b:
                    68:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:81:97:C8:BB:51:9A:80:51:66:E7:41:56:3B:9C:77:76:85:57:97
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:23:b4:bd:97:99:80:b7:1d:ce:85:ec:b2:be:b8:0c:30:00:
         29:e0:50:a2:ee:2b:71:5b:a4:6a:6c:ef:19:ba:85:2e:9e:ac:
         1d:82:3a:49:26:bb:ea:00:04:e0:69:ca:c0:ea:2d:fa:3d:ad:
         29:32:0a:33:ca:10:17:71:a4:41:5b:0e:48:a3:fb:cf:fa:7a:
         f0:90:21:21:bf:b3:01:0b:8f:2f:30:04:ed:3f:a1:29:5d:be:
         90:64:ae:ea:88:d1:18:27:dd:ac:92:e3:7a:1e:b7:b8:90:48:
         48:02:69:61:9a:06:ae:df:aa:ec:c6:f2:f9:10:36:24:b1:c6:
         70:00:a1:fc:78:83:b1:a3:6a:6e:91:6f:98:48:5a:02:2e:90:
         ca:bc:68:bb:90:a8:dd:84:4d:a4:54:bb:76:ba:b8:f4:21:e8:
         f6:46:31:7a:94:41:e2:08:c3:c0:eb:1d:11:e5:51:ba:64:99:
         98:c0:94:23:20:8f:2e:d3:1b:f7:3f:1f:f4:35:26:89:15:ae:
         35:db:a1:46:b8:8b:6c:4f:d2:95:31:76:9b:1d:f0:77:bd:6b:
         0f:93:ab:ca:85:40:a2:1c:38:d9:62:2d:fa:a7:ca:3b:a2:08:
         2a:04:18:6a:03:c8:ed:2c:d7:06:d1:f6:16:60:01:90:9c:de:
         0d:e4:ff:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDjR+6rF3mVu9a0TRZse9XnTA3EUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MjAwMDAwMThaFw0yNTA2MTkwMDA1MThaMDMxMTAvBgNV
BAMTKDM2ODE5N0M4QkI1MTlBODA1MTY2RTc0MTU2M0I5Qzc3NzY4NTU3OTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSc9RkwqsONHizvsjfXRe3UF0p
nwTsIdaLxG4orms1gUxa1dP5an3sbq3DiEaPRuuQJDnW67xSDjneXjBzCubmyE64
ZE+f4dFwhelTqugJBwSAqANqRAqXp5tZsmHO5d5T3LKEE1rj7YQjztIXiA46GjvT
SiUNFpPUOfieZF+Jv/25C0Zb304mpJwbhvQxAzRfVss47KgcDy+gXxOyGccWhTVi
1Ti/7EpQ8hQViihmWFqmxugleanAujclOeucU0yWL8dyE0YTRwlIL0smMQ/te56A
RFmrOg2nJqIUFVptAcb62sbCW/jdgby0WHfOSOMKmFRv4cxAetG2HJ4fC2j5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNoGXyLtRmoBRZudBVjucd3aFV5cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQCQI7S9l5mAtx3OheyyvrgMMAAp4FCi7itxW6Rq
bO8ZuoUunqwdgjpJJrvqAATgacrA6i36Pa0pMgozyhAXcaRBWw5Io/vP+nrwkCEh
v7MBC48vMATtP6EpXb6QZK7qiNEYJ92skuN6Hre4kEhIAmlhmgau36rsxvL5EDYk
scZwAKH8eIOxo2pukW+YSFoCLpDKvGi7kKjdhE2kVLt2urj0Iej2RjF6lEHiCMPA
6x0R5VG6ZJmYwJQjII8u0xv3Px/0NSaJFa4126FGuItsT9KVMXabHfB3vWsPk6vK
hUCiHDjZYi36p8o7oggqBBhqA8jtLNcG0fYWYAGQnN4N5P/m
-----END CERTIFICATE-----