Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa
File:                     AS200181.roa (raw, json)
Hash identifier:          zm2vdAAl6cYkJW27ADiRkwlcNfg6jl3T4s2aeuuVlHE=
Subject key identifier:   98:64:C5:75:C7:68:D2:31:5C:AC:70:0C:37:48:B4:0D:B9:07:D6:1B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       77E9EEFA4E50384496D2891D7A207C7785A027F5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa
Signing time:             Thu 23 Apr 2026 01:47:05 +0000
ROA not before:           Thu 23 Apr 2026 01:42:05 +0000
ROA not after:            Thu 22 Apr 2027 01:47:05 +0000
asID:                     200181
IP address blocks:        185.135.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 10:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:e9:ee:fa:4e:50:38:44:96:d2:89:1d:7a:20:7c:77:85:a0:27:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 23 01:42:05 2026 GMT
            Not After : Apr 22 01:47:05 2027 GMT
        Subject: CN=9864C575C768D2315CAC700C3748B40DB907D61B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:73:4b:34:68:d3:ae:a1:0e:9c:53:0c:c7:c7:
                    7f:c9:f4:03:ca:90:b4:a1:24:a5:5d:42:51:18:96:
                    1b:aa:24:a6:d6:6f:2e:b9:3b:d0:1f:86:03:a4:b4:
                    e9:7f:83:ad:bd:b0:95:df:47:67:ad:5d:75:2a:cd:
                    10:58:57:e3:af:7a:e7:6e:78:4b:b7:e3:8d:06:ae:
                    1d:4e:cc:d6:62:cd:5a:70:1c:d2:14:78:62:e3:a6:
                    e4:5f:d5:cd:f9:c3:00:a7:fb:fc:40:1a:69:4f:56:
                    05:aa:c6:87:e8:b8:fd:44:cd:cb:52:77:47:71:e4:
                    c5:40:01:9f:30:cb:95:7c:fa:4f:9c:53:b4:d6:c5:
                    2a:a2:73:24:39:6d:2c:02:25:cd:49:a5:bf:b0:b4:
                    5b:27:eb:2c:e3:e4:05:8e:3e:15:9f:a1:98:d5:83:
                    ab:a0:50:b7:d7:99:4d:22:a8:8a:70:2e:5d:d0:87:
                    80:68:1d:06:09:9d:53:57:99:00:1c:53:89:31:f5:
                    da:f1:db:62:4f:b6:9a:36:9a:f7:ba:e8:15:2f:03:
                    df:6e:25:34:59:60:77:e6:0c:68:67:d8:3a:cc:c3:
                    41:95:bb:a5:0c:99:3e:44:fe:ae:c3:09:66:37:f2:
                    5e:92:a0:4d:e5:2e:65:99:46:65:61:07:db:2d:01:
                    2f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:64:C5:75:C7:68:D2:31:5C:AC:70:0C:37:48:B4:0D:B9:07:D6:1B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:4a:65:74:3f:77:52:ad:27:3b:c4:a7:61:22:85:3f:4b:1a:
         76:03:1c:22:a8:65:6a:c3:cc:1c:7d:80:13:e3:8e:b1:3a:7b:
         8f:62:8e:26:1a:c3:cc:02:1b:07:da:56:31:a7:33:80:ac:06:
         5b:0d:26:91:bc:ab:11:ec:2f:64:d2:30:ce:29:79:c1:fb:54:
         ad:a6:78:2a:ac:fa:23:fc:57:b1:78:0e:fd:e5:92:ff:92:0a:
         ea:c3:32:5b:82:b9:65:87:d0:f8:e2:93:96:96:c8:5a:cf:b5:
         43:0e:09:5f:43:a5:d0:3c:cd:cf:f5:53:97:17:fa:15:58:1e:
         fd:e1:9c:8d:24:e2:a1:c0:c0:68:3f:98:22:84:ed:56:46:e7:
         2a:ba:54:b1:53:c1:6b:fa:b3:bf:0d:c0:86:14:a2:8b:6b:15:
         88:a8:80:36:62:b3:e9:50:6f:8d:26:1a:ba:92:1c:79:03:30:
         ed:a5:12:0a:d2:0d:92:d4:d4:10:a4:e7:f4:91:6a:1f:05:25:
         04:8c:80:94:e4:32:a4:c8:e0:6c:7f:25:98:76:05:0d:db:66:
         ae:c0:d2:45:04:63:8d:12:cc:e8:56:11:1a:32:13:fa:c3:3a:
         e1:6a:13:b2:6c:b2:39:3d:cd:16:ae:31:1d:b1:cb:48:e7:8f:
         a6:57:78:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUd+nu+k5QOESW0okdeiB8d4WgJ/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MjMwMTQyMDVaFw0yNzA0MjIwMTQ3MDVaMDMxMTAvBgNV
BAMTKDk4NjRDNTc1Qzc2OEQyMzE1Q0FDNzAwQzM3NDhCNDBEQjkwN0Q2MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOc0s0aNOuoQ6cUwzHx3/J9APK
kLShJKVdQlEYlhuqJKbWby65O9AfhgOktOl/g629sJXfR2etXXUqzRBYV+Oveudu
eEu3440Grh1OzNZizVpwHNIUeGLjpuRf1c35wwCn+/xAGmlPVgWqxofouP1EzctS
d0dx5MVAAZ8wy5V8+k+cU7TWxSqicyQ5bSwCJc1Jpb+wtFsn6yzj5AWOPhWfoZjV
g6ugULfXmU0iqIpwLl3Qh4BoHQYJnVNXmQAcU4kx9drx22JPtpo2mve66BUvA99u
JTRZYHfmDGhn2DrMw0GVu6UMmT5E/q7DCWY38l6SoE3lLmWZRmVhB9stAS+JAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmGTFdcdo0jFcrHAMN0i0DbkH1hswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQBFSmV0P3dSrSc7xKdhIoU/Sxp2AxwiqGVqw8wc
fYAT446xOnuPYo4mGsPMAhsH2lYxpzOArAZbDSaRvKsR7C9k0jDOKXnB+1Stpngq
rPoj/FexeA795ZL/kgrqwzJbgrllh9D44pOWlshaz7VDDglfQ6XQPM3P9VOXF/oV
WB794ZyNJOKhwMBoP5gihO1WRucqulSxU8Fr+rO/DcCGFKKLaxWIqIA2YrPpUG+N
Jhq6khx5AzDtpRIK0g2S1NQQpOf0kWofBSUEjICU5DKkyOBsfyWYdgUN22auwNJF
BGONEszoVhEaMhP6wzrhahOybLI5Pc0WrjEdsctI54+mV3jx
-----END CERTIFICATE-----