Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200223.roa
File:                     AS200223.roa (raw, json)
Hash identifier:          TzAqyMk/dJwC+Bn/z50uebCu0ftZddNs9XLLTxixw2w=
Subject key identifier:   6F:9E:F0:2F:DB:2C:FA:08:14:BF:8F:17:35:5A:41:8B:55:58:A8:FB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       580D792634EA03CE41575BFA4D5D40B8488C1CA5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200223.roa
Signing time:             Wed 01 Jan 2025 08:53:50 +0000
ROA not before:           Wed 01 Jan 2025 08:48:50 +0000
ROA not after:            Wed 31 Dec 2025 08:53:50 +0000
asID:                     200223
IP address blocks:        5.181.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:0d:79:26:34:ea:03:ce:41:57:5b:fa:4d:5d:40:b8:48:8c:1c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:50 2025 GMT
            Not After : Dec 31 08:53:50 2025 GMT
        Subject: CN=6F9EF02FDB2CFA0814BF8F17355A418B5558A8FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9b:df:c7:44:1a:7a:63:3e:21:47:b4:78:a6:
                    b9:35:39:20:23:b1:92:f9:c9:67:79:14:da:07:6d:
                    94:71:c8:34:8b:41:70:a6:2e:7f:48:32:65:ad:d4:
                    3a:6f:42:9b:a5:9c:dd:42:27:6b:36:f0:ee:88:5e:
                    89:c4:7c:78:67:43:49:c3:1a:5a:95:fb:d8:09:a6:
                    46:de:a6:e6:d3:cb:75:18:67:77:56:3d:14:e3:f4:
                    d0:11:36:ff:3c:26:6a:d7:8a:e3:e7:74:5f:a0:de:
                    f9:6b:d9:03:30:fb:b4:1a:2c:bc:86:2e:fd:f7:a9:
                    25:28:a9:12:ae:1c:b4:4b:bd:e9:60:de:b5:02:50:
                    f6:85:c9:67:93:5d:16:0d:f1:bd:23:6a:f1:95:7e:
                    08:26:78:77:98:b8:97:0d:54:73:30:87:8c:0e:d1:
                    d0:b5:a2:f8:3d:ab:aa:db:8c:3e:54:75:c7:8c:54:
                    a3:23:30:09:c3:ae:2c:e3:fd:d0:4b:a4:53:04:77:
                    8d:fd:d0:2f:dd:c8:9d:e4:26:a8:8c:26:43:67:8b:
                    13:b9:e2:88:a9:a5:7e:70:ac:55:a6:b8:6d:2c:70:
                    09:31:f1:87:43:6e:e8:ee:97:e0:72:8c:e4:66:c4:
                    5d:57:47:e5:c3:12:5b:f8:55:6f:36:36:49:76:7d:
                    2e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:9E:F0:2F:DB:2C:FA:08:14:BF:8F:17:35:5A:41:8B:55:58:A8:FB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:a3:07:55:5e:9d:c7:d0:a5:ca:91:f2:9c:cd:21:9b:ee:12:
         05:fa:4f:d6:4e:68:9d:42:9d:65:9a:87:0d:6a:6e:98:7e:02:
         99:e2:81:4b:b9:c5:3e:37:a1:5c:7a:d2:23:a0:36:62:64:d5:
         61:6b:58:6b:d0:29:aa:b5:eb:1d:9c:e0:fb:65:4c:a2:f5:0e:
         10:9e:24:31:29:45:42:a6:5b:32:bd:bb:7f:ff:b3:73:b9:7b:
         81:ab:ef:ea:ba:c7:2a:90:e1:19:4c:61:cd:21:62:46:5b:0b:
         c8:08:14:75:d6:69:2f:9f:e1:85:a3:57:30:91:87:56:2f:0e:
         d5:7d:4f:05:d9:dc:32:73:90:33:d9:6b:58:db:bb:c3:9b:df:
         b5:59:1f:3c:22:01:19:e1:a9:37:04:0d:41:61:fe:80:0d:2e:
         55:d9:b4:38:c8:60:c2:7b:cd:36:28:ac:81:55:65:f6:a8:f9:
         1c:ba:3a:c8:17:bc:8b:43:e6:ce:22:98:08:d3:34:a7:db:82:
         84:45:af:e7:2c:a8:a4:63:8c:a8:a3:c7:da:1e:5f:ca:6f:3e:
         6e:46:d0:e8:a8:2a:8d:d6:10:b3:4d:25:7f:7f:e0:fb:41:1d:
         40:e4:e3:16:e4:ff:f0:06:de:78:b4:f5:ad:0f:8a:ed:01:7d:
         07:d5:e1:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWA15JjTqA85BV1v6TV1AuEiMHKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTBaFw0yNTEyMzEwODUzNTBaMDMxMTAvBgNV
BAMTKDZGOUVGMDJGREIyQ0ZBMDgxNEJGOEYxNzM1NUE0MThCNTU1OEE4RkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRm9/HRBp6Yz4hR7R4prk1OSAj
sZL5yWd5FNoHbZRxyDSLQXCmLn9IMmWt1DpvQpulnN1CJ2s28O6IXonEfHhnQ0nD
GlqV+9gJpkbepubTy3UYZ3dWPRTj9NARNv88JmrXiuPndF+g3vlr2QMw+7QaLLyG
Lv33qSUoqRKuHLRLvelg3rUCUPaFyWeTXRYN8b0javGVfggmeHeYuJcNVHMwh4wO
0dC1ovg9q6rbjD5UdceMVKMjMAnDrizj/dBLpFMEd4390C/dyJ3kJqiMJkNnixO5
4oippX5wrFWmuG0scAkx8YdDbujul+ByjORmxF1XR+XDElv4VW82Nkl2fS71AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUb57wL9ss+ggUv48XNVpBi1VYqPswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMjIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWG
MA0GCSqGSIb3DQEBCwUAA4IBAQA3owdVXp3H0KXKkfKczSGb7hIF+k/WTmidQp1l
mocNam6YfgKZ4oFLucU+N6FcetIjoDZiZNVha1hr0CmqtesdnOD7ZUyi9Q4QniQx
KUVCplsyvbt//7NzuXuBq+/quscqkOEZTGHNIWJGWwvICBR11mkvn+GFo1cwkYdW
Lw7VfU8F2dwyc5Az2WtY27vDm9+1WR88IgEZ4ak3BA1BYf6ADS5V2bQ4yGDCe802
KKyBVWX2qPkcujrIF7yLQ+bOIpgI0zSn24KERa/nLKikY4yoo8faHl/Kbz5uRtDo
qCqN1hCzTSV/f+D7QR1A5OMW5P/wBt54tPWtD4rtAX0H1eGe
-----END CERTIFICATE-----