Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa
File:                     AS200181.roa (raw, json)
Hash identifier:          lu7kz9LSvzGjb0P1XpgSkRT7fRSu6pxisfg4ZPK2J+U=
Subject key identifier:   31:C4:47:B6:A3:C0:01:29:C6:5A:A3:E7:FC:FD:DE:DF:D5:98:A2:94
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       78AF3866AFEED189DA951E66B0FF3BBAEBC72156
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa
Signing time:             Thu 20 Jul 2023 00:00:16 +0000
ROA not before:           Wed 19 Jul 2023 23:55:16 +0000
ROA not after:            Thu 18 Jul 2024 00:00:16 +0000
asID:                     200181
IP address blocks:        185.135.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:af:38:66:af:ee:d1:89:da:95:1e:66:b0:ff:3b:ba:eb:c7:21:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 19 23:55:16 2023 GMT
            Not After : Jul 18 00:00:16 2024 GMT
        Subject: CN=31C447B6A3C00129C65AA3E7FCFDDEDFD598A294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9e:28:7e:36:a4:7c:2e:b6:f6:1b:18:41:a9:
                    05:62:b2:3c:72:46:8a:38:2a:59:fc:91:dd:61:c9:
                    7c:76:68:58:85:ca:e5:f0:45:f7:c3:b9:3d:b9:34:
                    a5:06:e6:61:09:d6:06:87:c1:a6:3b:2e:26:41:d9:
                    79:ce:25:bd:bb:d7:6c:f1:93:79:f1:3c:0c:36:2c:
                    0e:d1:80:28:b7:61:4c:02:b0:e0:39:02:02:47:74:
                    72:a5:49:5d:d2:29:3c:a9:69:20:83:cf:cf:d7:b3:
                    95:eb:63:fe:0d:0b:e6:5e:98:c6:c6:e8:43:1b:dc:
                    4e:ff:b4:d0:df:b5:2e:c1:c1:79:b1:6b:df:4b:28:
                    34:32:c1:f0:3d:92:d9:d0:d6:d3:dc:af:3c:bb:18:
                    e9:d5:b8:7f:67:61:9c:00:bd:50:60:6e:c1:90:f0:
                    07:61:63:0f:cc:44:c7:b4:4c:0b:d1:79:27:45:4e:
                    fb:11:a2:75:56:6a:be:ea:ee:7f:98:16:c0:33:4b:
                    a8:f3:51:62:a3:d6:cf:9a:f2:b7:0c:d3:46:e8:03:
                    14:b7:05:fc:16:f1:d5:fc:6c:35:20:05:90:8b:f8:
                    ea:c4:3c:a8:f2:2a:c9:b5:f1:33:dc:fd:4c:57:97:
                    5b:69:20:65:b8:b0:d3:69:c7:28:c6:d1:87:f7:fc:
                    09:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C4:47:B6:A3:C0:01:29:C6:5A:A3:E7:FC:FD:DE:DF:D5:98:A2:94
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:11:79:4a:f3:87:70:d6:0f:fe:bc:a0:2a:b0:03:29:36:f7:
         9f:cb:48:04:8e:60:ca:93:10:f7:29:06:c2:fa:d4:bb:02:46:
         47:44:94:ff:91:f7:ad:92:ff:dc:6f:36:ed:75:03:ed:b3:60:
         ce:89:3a:a1:42:71:ae:1a:24:cb:98:fa:11:f3:20:76:29:9a:
         6d:e6:09:11:64:82:c1:34:63:b4:d6:cc:04:5c:f5:bd:ab:e7:
         a6:8d:4c:d1:35:d6:85:79:5e:a7:dc:30:cd:dd:e8:0e:ef:eb:
         f5:3f:b2:12:ae:5d:7a:6a:75:ba:b2:2d:93:1a:78:9f:29:9b:
         9d:13:0e:66:7b:2e:d8:af:7b:b6:e1:c8:4f:b4:74:85:3b:de:
         d6:a9:66:9f:fa:a3:86:9f:15:5f:ca:a1:d4:5f:f6:bd:d6:7c:
         84:02:84:df:42:63:bb:cd:69:d5:5b:b3:86:32:fc:20:af:47:
         ff:ca:6e:fd:02:f2:bb:5d:4c:0d:e0:c3:ae:68:6c:4e:00:11:
         d8:a7:5c:a1:c0:ae:d2:4b:ea:a1:46:34:e1:4e:f8:05:4a:d7:
         61:67:04:75:f0:94:37:0b:c4:89:ec:6d:99:81:49:23:e2:f6:
         5b:87:9e:28:46:75:87:d0:75:6e:94:f7:21:79:55:2c:84:6f:
         36:d2:a3:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeK84Zq/u0YnalR5msP87uuvHIVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MTkyMzU1MTZaFw0yNDA3MTgwMDAwMTZaMDMxMTAvBgNV
BAMTKDMxQzQ0N0I2QTNDMDAxMjlDNjVBQTNFN0ZDRkRERURGRDU5OEEyOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVnih+NqR8Lrb2GxhBqQVisjxy
Roo4Kln8kd1hyXx2aFiFyuXwRffDuT25NKUG5mEJ1gaHwaY7LiZB2XnOJb2712zx
k3nxPAw2LA7RgCi3YUwCsOA5AgJHdHKlSV3SKTypaSCDz8/Xs5XrY/4NC+ZemMbG
6EMb3E7/tNDftS7BwXmxa99LKDQywfA9ktnQ1tPcrzy7GOnVuH9nYZwAvVBgbsGQ
8AdhYw/MRMe0TAvReSdFTvsRonVWar7q7n+YFsAzS6jzUWKj1s+a8rcM00boAxS3
BfwW8dX8bDUgBZCL+OrEPKjyKsm18TPc/UxXl1tpIGW4sNNpxyjG0Yf3/AmzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMcRHtqPAASnGWqPn/P3e39WYopQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQCwEXlK84dw1g/+vKAqsAMpNvefy0gEjmDKkxD3
KQbC+tS7AkZHRJT/kfetkv/cbzbtdQPts2DOiTqhQnGuGiTLmPoR8yB2KZpt5gkR
ZILBNGO01swEXPW9q+emjUzRNdaFeV6n3DDN3egO7+v1P7ISrl16anW6si2TGnif
KZudEw5mey7Yr3u24chPtHSFO97WqWaf+qOGnxVfyqHUX/a91nyEAoTfQmO7zWnV
W7OGMvwgr0f/ym79AvK7XUwN4MOuaGxOABHYp1yhwK7SS+qhRjThTvgFStdhZwR1
8JQ3C8SJ7G2ZgUkj4vZbh54oRnWH0HVulPcheVUshG820qMa
-----END CERTIFICATE-----