Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa
File:                     AS200181.roa (raw, json)
Hash identifier:          rNpuxXwksE0t736bKD2KMh8KOf9cGCD57HsbY7cRwOY=
Subject key identifier:   ED:3A:AB:ED:FE:C2:1F:57:02:6C:29:ED:33:76:B0:69:41:E4:8E:85
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       07AF997876EAFDAF43638A14C69FDBAE14F96CA4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa
Signing time:             Thu 22 May 2025 00:54:08 +0000
ROA not before:           Thu 22 May 2025 00:49:08 +0000
ROA not after:            Thu 21 May 2026 00:54:08 +0000
asID:                     200181
IP address blocks:        185.135.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:af:99:78:76:ea:fd:af:43:63:8a:14:c6:9f:db:ae:14:f9:6c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 22 00:49:08 2025 GMT
            Not After : May 21 00:54:08 2026 GMT
        Subject: CN=ED3AABEDFEC21F57026C29ED3376B06941E48E85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:57:71:ec:af:11:8c:17:2e:55:91:be:4c:b2:
                    93:33:2f:65:43:ef:66:de:14:11:dd:6d:e9:e4:45:
                    fa:32:9e:0b:21:09:ae:3a:42:28:66:7c:ca:4a:2c:
                    f5:50:2f:1d:54:c0:58:43:f9:3a:cf:d8:29:ec:81:
                    79:67:31:9a:51:0e:1f:78:e2:59:b8:d2:6e:83:58:
                    d2:b4:18:7e:6a:f0:e2:04:9c:fa:f2:20:90:11:13:
                    8c:eb:bf:b0:22:13:3e:56:53:0d:90:6f:5f:13:81:
                    e5:18:ac:70:aa:cb:7b:97:6a:1a:ef:ba:71:0e:ee:
                    49:7e:4c:da:83:3d:61:6d:b6:15:81:85:49:c7:03:
                    ed:fd:61:4f:20:f5:35:9f:f2:05:b7:d3:02:c9:cf:
                    61:e9:6f:5a:7b:0d:3f:b5:22:9b:9a:2b:e8:5b:b9:
                    13:6b:db:0e:29:d1:0d:18:09:2d:27:77:40:6c:a5:
                    83:8e:8f:fe:14:ba:a7:80:93:14:8d:22:9e:af:02:
                    3d:67:a6:5c:f5:5a:39:50:f6:58:46:7a:7c:81:6e:
                    d7:03:26:b3:21:c4:ea:2c:5d:4f:05:bf:6a:8c:0d:
                    a4:c3:27:cf:50:7a:cb:31:de:66:f2:e6:21:9d:21:
                    33:7b:c7:8e:b8:6c:7f:86:86:f6:1c:bf:ef:8d:b2:
                    05:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:3A:AB:ED:FE:C2:1F:57:02:6C:29:ED:33:76:B0:69:41:E4:8E:85
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c9:40:f3:a5:7a:69:e4:0a:72:0c:21:b0:33:f2:8e:4d:9a:
         bb:ff:5f:22:2e:cb:5a:19:bc:a4:8e:3d:63:25:6f:c0:07:57:
         35:af:61:13:7f:b9:11:24:26:47:5b:1f:c3:7e:65:ca:ad:76:
         9c:42:89:cf:59:fe:8b:52:f2:66:ea:b5:89:67:e4:1c:14:7d:
         25:8b:90:fa:64:9a:af:00:8c:37:dd:c1:c9:49:08:6f:23:47:
         38:1c:fc:e3:01:87:13:0d:5c:37:6a:0a:32:1b:4e:ae:47:5d:
         d1:27:8c:c8:9f:f2:2e:6a:69:3f:1f:98:4a:1b:56:0e:fa:a6:
         41:3b:35:b6:16:b4:24:5e:e6:89:4e:c0:c1:20:99:66:71:2a:
         19:c5:1e:a2:2a:e2:e8:11:30:30:cd:3e:5c:22:29:92:c1:6b:
         b9:b9:ae:91:c8:a9:6a:67:8a:fb:25:6a:a6:b3:fb:8d:2f:12:
         23:7c:54:4b:ce:f9:77:a4:08:4a:d7:57:69:9d:0e:74:c0:cb:
         e6:e2:d6:ad:da:b1:2c:e0:14:8e:52:01:a1:d3:73:f6:0b:68:
         b2:0e:ee:21:6f:19:14:2b:92:6d:13:b5:c9:06:e7:95:cd:1c:
         fe:8d:c3:c2:2a:65:e5:6b:ac:24:79:f4:e2:ed:58:34:0e:af:
         4e:a3:a1:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUB6+ZeHbq/a9DY4oUxp/brhT5bKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MjIwMDQ5MDhaFw0yNjA1MjEwMDU0MDhaMDMxMTAvBgNV
BAMTKEVEM0FBQkVERkVDMjFGNTcwMjZDMjlFRDMzNzZCMDY5NDFFNDhFODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqV3HsrxGMFy5Vkb5MspMzL2VD
72beFBHdbenkRfoyngshCa46QihmfMpKLPVQLx1UwFhD+TrP2CnsgXlnMZpRDh94
4lm40m6DWNK0GH5q8OIEnPryIJARE4zrv7AiEz5WUw2Qb18TgeUYrHCqy3uXahrv
unEO7kl+TNqDPWFtthWBhUnHA+39YU8g9TWf8gW30wLJz2Hpb1p7DT+1IpuaK+hb
uRNr2w4p0Q0YCS0nd0BspYOOj/4UuqeAkxSNIp6vAj1nplz1WjlQ9lhGenyBbtcD
JrMhxOosXU8Fv2qMDaTDJ89Qessx3mby5iGdITN7x464bH+GhvYcv++NsgXhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7Tqr7f7CH1cCbCntM3awaUHkjoUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQBjyUDzpXpp5ApyDCGwM/KOTZq7/18iLstaGbyk
jj1jJW/AB1c1r2ETf7kRJCZHWx/DfmXKrXacQonPWf6LUvJm6rWJZ+QcFH0li5D6
ZJqvAIw33cHJSQhvI0c4HPzjAYcTDVw3agoyG06uR13RJ4zIn/Iuamk/H5hKG1YO
+qZBOzW2FrQkXuaJTsDBIJlmcSoZxR6iKuLoETAwzT5cIimSwWu5ua6RyKlqZ4r7
JWqms/uNLxIjfFRLzvl3pAhK11dpnQ50wMvm4tat2rEs4BSOUgGh03P2C2iyDu4h
bxkUK5JtE7XJBueVzRz+jcPCKmXla6wkefTi7Vg0Dq9Oo6HS
-----END CERTIFICATE-----