Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200154.roa
File:                     AS200154.roa (raw, json)
Hash identifier:          SrdwlggcsWyO97ign22IJFuCi0Y0xYWthTHCpnx640c=
Subject key identifier:   98:FA:41:14:B1:E2:68:31:64:52:EE:EC:98:E5:92:B5:DE:62:E9:BF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       613B17142D5A1E56CE85FC4FC3CA1C96E36D7A25
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200154.roa
Signing time:             Tue 27 Jun 2023 18:27:09 +0000
ROA not before:           Tue 27 Jun 2023 18:22:09 +0000
ROA not after:            Tue 25 Jun 2024 18:27:09 +0000
asID:                     200154
IP address blocks:        181.214.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:3b:17:14:2d:5a:1e:56:ce:85:fc:4f:c3:ca:1c:96:e3:6d:7a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 27 18:22:09 2023 GMT
            Not After : Jun 25 18:27:09 2024 GMT
        Subject: CN=98FA4114B1E268316452EEEC98E592B5DE62E9BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:84:b4:b8:ba:a0:a1:2d:38:a4:d3:d0:12:43:
                    f0:89:84:a5:93:23:5a:cd:02:98:88:57:b0:09:c9:
                    22:27:0d:3f:54:0f:2c:86:6a:a5:55:76:16:2d:82:
                    4e:db:25:0d:36:aa:01:4f:c6:fa:ff:ed:b5:e2:ac:
                    43:08:87:8f:c3:2f:07:cd:7c:fb:1a:bb:fe:9f:55:
                    5b:1d:c7:ff:db:78:36:ed:2b:8a:ed:f8:aa:9a:20:
                    a8:0d:5a:4f:a4:20:21:23:52:19:d8:e1:15:28:7a:
                    71:3d:73:57:8d:b5:5e:a3:b1:ad:a3:f4:a8:23:62:
                    63:fb:5d:94:ed:48:10:dc:4d:ff:d4:3e:fd:9b:d9:
                    7a:18:2c:65:ac:a6:ba:a0:c8:f3:20:08:c1:46:ed:
                    d1:25:10:28:77:3c:d6:74:0b:84:27:33:cd:8b:db:
                    ba:2d:ed:3e:8a:51:30:a1:00:43:a4:ba:88:43:19:
                    2d:05:0e:90:01:db:67:5e:a5:7d:9d:62:30:87:fe:
                    e2:72:56:a0:92:41:a3:98:f4:43:b4:51:a0:5e:51:
                    00:0a:32:6b:13:54:ab:8f:15:82:6c:e9:6a:ee:00:
                    dc:d7:eb:17:f4:16:c0:bc:77:d8:c2:81:cd:ec:0e:
                    26:fe:a9:29:83:05:a2:18:d9:ef:5d:43:fe:4c:d2:
                    f8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:FA:41:14:B1:E2:68:31:64:52:EE:EC:98:E5:92:B5:DE:62:E9:BF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200154.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d8:84:37:03:33:8b:40:3a:fa:a2:b2:e0:33:43:5a:10:bc:
         00:76:33:ef:17:a2:40:ff:ea:c3:a3:73:9f:83:0c:92:63:f9:
         9d:56:ae:ac:ab:aa:8f:72:44:fc:e0:1a:4e:62:f6:23:c4:ed:
         66:f1:f4:9b:93:bc:e4:6d:f4:ae:8c:e9:d7:8c:9e:8b:ce:d9:
         11:77:8f:d4:e8:dc:90:b5:fc:8b:40:33:81:c6:12:a1:c1:9d:
         ba:03:c1:03:ac:f6:db:9a:fe:5c:b9:bd:74:70:75:17:26:8f:
         37:a6:2e:0f:50:1a:da:77:78:b4:2a:9b:76:b7:5b:94:f9:e3:
         7f:2c:8c:9e:60:db:f2:68:ef:27:f6:0b:9c:01:b6:6b:60:07:
         12:24:0e:24:58:11:53:87:11:f0:1f:9d:26:74:d3:f6:68:b6:
         c4:a4:e5:13:f6:57:d9:82:eb:8e:4f:92:3d:07:32:26:97:fc:
         fb:80:08:4c:37:b4:bd:71:a9:50:47:dc:e5:bf:72:17:0e:12:
         93:12:af:c2:8e:ef:c7:67:ee:d4:86:0a:37:fd:9f:81:56:8a:
         d0:84:ea:c5:14:77:5c:00:57:67:f9:43:df:87:7a:fe:59:e7:
         c5:e2:5f:0b:b8:f8:ae:4f:88:9e:21:95:16:58:be:93:bf:cf:
         19:b8:72:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYTsXFC1aHlbOhfxPw8ocluNteiUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA2MjcxODIyMDlaFw0yNDA2MjUxODI3MDlaMDMxMTAvBgNV
BAMTKDk4RkE0MTE0QjFFMjY4MzE2NDUyRUVFQzk4RTU5MkI1REU2MkU5QkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5hLS4uqChLTik09ASQ/CJhKWT
I1rNApiIV7AJySInDT9UDyyGaqVVdhYtgk7bJQ02qgFPxvr/7bXirEMIh4/DLwfN
fPsau/6fVVsdx//beDbtK4rt+KqaIKgNWk+kICEjUhnY4RUoenE9c1eNtV6jsa2j
9KgjYmP7XZTtSBDcTf/UPv2b2XoYLGWsprqgyPMgCMFG7dElECh3PNZ0C4QnM82L
27ot7T6KUTChAEOkuohDGS0FDpAB22depX2dYjCH/uJyVqCSQaOY9EO0UaBeUQAK
MmsTVKuPFYJs6WruANzX6xf0FsC8d9jCgc3sDib+qSmDBaIY2e9dQ/5M0vgDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmPpBFLHiaDFkUu7smOWStd5i6b8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdbg
MA0GCSqGSIb3DQEBCwUAA4IBAQAv2IQ3AzOLQDr6orLgM0NaELwAdjPvF6JA/+rD
o3OfgwySY/mdVq6sq6qPckT84BpOYvYjxO1m8fSbk7zkbfSujOnXjJ6LztkRd4/U
6NyQtfyLQDOBxhKhwZ26A8EDrPbbmv5cub10cHUXJo83pi4PUBrad3i0Kpt2t1uU
+eN/LIyeYNvyaO8n9gucAbZrYAcSJA4kWBFThxHwH50mdNP2aLbEpOUT9lfZguuO
T5I9BzIml/z7gAhMN7S9calQR9zlv3IXDhKTEq/Cju/HZ+7Uhgo3/Z+BVorQhOrF
FHdcAFdn+UPfh3r+WefF4l8LuPiuT4ieIZUWWL6Tv88ZuHLe
-----END CERTIFICATE-----