Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa
File:                     AS200131.roa (raw, json)
Hash identifier:          CKsbOb+Ftv6MdXZBOaTSa0ms65/S37M6LzJh+AzAOlk=
Subject key identifier:   4D:FF:C0:7C:FC:9A:5A:27:ED:CD:8F:D8:37:09:64:72:5B:7E:AC:CE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3B9E6F10A92330C1A1D306609132D84E0ED3C978
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa
Signing time:             Thu 22 May 2025 00:54:08 +0000
ROA not before:           Thu 22 May 2025 00:49:08 +0000
ROA not after:            Thu 21 May 2026 00:54:08 +0000
asID:                     200131
IP address blocks:        185.135.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:9e:6f:10:a9:23:30:c1:a1:d3:06:60:91:32:d8:4e:0e:d3:c9:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 22 00:49:08 2025 GMT
            Not After : May 21 00:54:08 2026 GMT
        Subject: CN=4DFFC07CFC9A5A27EDCD8FD8370964725B7EACCE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:23:07:33:5c:fc:cb:13:db:7e:34:f1:19:4f:
                    8b:0e:8b:e3:a8:4a:4a:06:7a:dc:f7:7d:53:83:39:
                    e9:9d:45:de:77:b4:bf:cb:c4:54:65:1c:11:ee:02:
                    d5:13:70:fc:2a:c8:a2:f5:ed:98:7d:54:34:97:31:
                    19:37:70:61:03:48:c9:d2:aa:30:66:0b:da:27:43:
                    70:63:68:c0:10:fa:c6:c5:a2:75:34:26:aa:fa:6e:
                    12:e8:06:41:4a:da:24:b8:06:15:e0:69:3c:da:41:
                    7f:a9:99:8c:13:50:5a:78:47:38:06:a8:cc:4a:3b:
                    54:8b:32:7c:aa:47:d0:90:d1:d2:39:3f:80:4a:87:
                    19:f4:a4:ce:10:36:9c:fb:60:12:c6:24:c0:f0:09:
                    4c:e3:5e:7e:79:c2:ee:77:06:c5:36:72:74:4f:98:
                    d8:98:76:03:84:90:93:56:c6:6c:06:8d:aa:0b:86:
                    d5:21:ef:c5:02:ce:cf:87:77:22:a2:2e:b6:88:1f:
                    b1:5c:15:d9:ae:75:56:3d:e1:20:45:20:55:93:14:
                    68:10:31:5a:69:d3:26:89:27:3e:10:5c:7f:d7:98:
                    63:00:9f:a1:6d:1e:cd:e1:14:be:45:cd:6d:4f:28:
                    64:7d:33:a4:41:4f:01:6a:02:8f:8c:5e:85:20:b7:
                    37:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:FF:C0:7C:FC:9A:5A:27:ED:CD:8F:D8:37:09:64:72:5B:7E:AC:CE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:39:d1:f3:95:5c:44:8f:52:3d:45:2c:c8:76:46:08:af:6f:
         d1:ef:f2:b3:85:67:03:6d:f2:34:14:8c:45:12:15:87:9f:5f:
         00:56:ca:b5:d7:9e:48:e3:f2:a5:b3:e3:f0:6e:e7:68:ea:42:
         50:97:93:e7:35:e7:9c:f5:a9:4b:b5:3a:e9:a8:de:87:b7:1a:
         60:98:d4:d3:d6:70:87:05:72:21:25:fc:c0:61:d9:6a:e2:b8:
         46:3a:24:3a:66:b3:8c:b7:1e:8e:32:af:a8:24:d5:ae:73:de:
         20:06:5d:0a:78:71:05:39:10:b6:80:44:2e:ac:7b:77:b4:14:
         ed:47:75:da:3a:e3:a5:3a:65:7b:40:26:d6:13:0e:41:54:a3:
         63:aa:9d:60:92:e2:fc:59:bb:f2:62:65:71:9b:70:95:77:6c:
         d7:d6:d2:cb:f2:ea:90:b4:65:24:d5:85:be:e2:a5:33:55:d2:
         d3:5d:b9:61:93:0a:c2:f0:6a:0d:2d:b7:4a:bf:21:14:c9:d0:
         aa:8c:ec:c7:12:3f:fe:4b:dc:d3:f8:9f:03:08:d2:40:f3:16:
         29:9e:0f:ab:4b:be:ef:a9:c8:19:fd:ef:ee:77:c6:ef:b2:93:
         ee:54:1a:a6:c3:92:fe:16:97:42:3f:25:aa:d3:a0:b0:10:ff:
         f7:88:2d:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUO55vEKkjMMGh0wZgkTLYTg7TyXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MjIwMDQ5MDhaFw0yNjA1MjEwMDU0MDhaMDMxMTAvBgNV
BAMTKDRERkZDMDdDRkM5QTVBMjdFRENEOEZEODM3MDk2NDcyNUI3RUFDQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLIwczXPzLE9t+NPEZT4sOi+Oo
SkoGetz3fVODOemdRd53tL/LxFRlHBHuAtUTcPwqyKL17Zh9VDSXMRk3cGEDSMnS
qjBmC9onQ3BjaMAQ+sbFonU0Jqr6bhLoBkFK2iS4BhXgaTzaQX+pmYwTUFp4RzgG
qMxKO1SLMnyqR9CQ0dI5P4BKhxn0pM4QNpz7YBLGJMDwCUzjXn55wu53BsU2cnRP
mNiYdgOEkJNWxmwGjaoLhtUh78UCzs+HdyKiLraIH7FcFdmudVY94SBFIFWTFGgQ
MVpp0yaJJz4QXH/XmGMAn6FtHs3hFL5FzW1PKGR9M6RBTwFqAo+MXoUgtzdlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUTf/AfPyaWiftzY/YNwlkclt+rM4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQBCOdHzlVxEj1I9RSzIdkYIr2/R7/KzhWcDbfI0
FIxFEhWHn18AVsq1155I4/Kls+Pwbudo6kJQl5PnNeec9alLtTrpqN6HtxpgmNTT
1nCHBXIhJfzAYdlq4rhGOiQ6ZrOMtx6OMq+oJNWuc94gBl0KeHEFORC2gEQurHt3
tBTtR3XaOuOlOmV7QCbWEw5BVKNjqp1gkuL8WbvyYmVxm3CVd2zX1tLL8uqQtGUk
1YW+4qUzVdLTXblhkwrC8GoNLbdKvyEUydCqjOzHEj/+S9zT+J8DCNJA8xYpng+r
S77vqcgZ/e/ud8bvspPuVBqmw5L+FpdCPyWq06CwEP/3iC3v
-----END CERTIFICATE-----