Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200223.roa
File:                     AS200223.roa (raw, json)
Hash identifier:          rcMCdYixgiVWZOXghogkoiRJfO5W33db83b92HJrerI=
Subject key identifier:   F7:8E:EC:DE:25:99:CC:E6:50:FA:ED:1C:A7:FB:E2:8E:46:EA:EF:10
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       29E95B7C59B7589B63BD8340C728C786445E3CE5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200223.roa
Signing time:             Wed 31 Jan 2024 08:05:09 +0000
ROA not before:           Wed 31 Jan 2024 08:00:09 +0000
ROA not after:            Wed 29 Jan 2025 08:05:09 +0000
asID:                     200223
IP address blocks:        5.181.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:e9:5b:7c:59:b7:58:9b:63:bd:83:40:c7:28:c7:86:44:5e:3c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:09 2024 GMT
            Not After : Jan 29 08:05:09 2025 GMT
        Subject: CN=F78EECDE2599CCE650FAED1CA7FBE28E46EAEF10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e8:98:06:19:f4:e9:c8:c3:cd:0d:86:ce:de:
                    0e:d4:61:3a:9b:d4:95:94:81:fe:8c:e1:e8:d2:dc:
                    b5:f3:2d:64:34:0a:1a:cd:76:e1:2a:ee:9c:42:ea:
                    1f:c7:5a:fc:77:42:46:94:67:7a:04:b5:67:7e:4f:
                    55:fb:bf:44:ff:2b:a4:1a:a7:8f:23:16:8b:0b:db:
                    e4:98:8c:a1:c9:4c:d9:76:57:1f:ba:23:a8:79:c9:
                    2b:57:54:96:e4:65:4f:bb:d3:9e:97:59:95:4f:10:
                    9e:45:3d:e0:da:37:5c:4b:06:64:23:a1:ce:ab:84:
                    7d:04:20:c5:d1:2d:bf:72:96:c5:5d:8e:6d:ea:bf:
                    b0:ea:9d:a7:b8:91:c1:ca:23:ee:0e:ee:a9:37:67:
                    55:55:e1:f9:64:a1:3d:a5:b0:37:1e:78:d3:b7:f0:
                    c9:5c:a8:b8:ca:c2:58:0d:c5:e7:b9:0d:55:94:6b:
                    ef:68:ee:11:94:90:8a:bc:8b:96:2f:8f:3b:6b:73:
                    ec:fd:92:e3:7c:ef:43:4b:7c:b3:0e:3f:9e:13:bf:
                    42:81:2c:4d:13:83:9a:28:42:8b:44:90:b0:c6:f3:
                    d7:d2:b5:2a:31:f1:91:b1:d2:21:f4:52:6f:2a:2c:
                    48:97:7c:68:d5:86:52:af:2c:b7:6a:a6:49:b2:e3:
                    62:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:8E:EC:DE:25:99:CC:E6:50:FA:ED:1C:A7:FB:E2:8E:46:EA:EF:10
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:b1:0c:17:67:68:f7:83:d6:ee:2c:7d:82:51:1c:b9:b2:38:
         85:b7:d4:78:d5:8f:be:57:a8:89:07:e9:ec:f3:d7:94:76:04:
         41:12:43:7d:94:5d:32:34:a5:fe:4b:87:36:32:e0:55:28:82:
         ea:5b:5f:c5:5d:0d:6e:53:cb:08:39:e7:1c:00:0a:3f:b4:04:
         7b:ee:b3:41:6a:52:49:8a:d6:cc:1d:77:7c:ed:91:e1:e3:69:
         4f:ce:5a:aa:29:74:0e:02:d2:ab:39:06:42:bf:96:7a:6b:a7:
         4a:d2:8d:76:03:65:ed:d7:44:a3:b4:e5:eb:dc:9d:5e:8c:ce:
         3f:07:c2:5d:a8:fa:6f:94:b0:9e:3c:07:4a:fe:d8:d6:8d:dd:
         ca:3b:8c:71:42:e9:d2:7b:0d:64:4c:49:55:bb:e5:e0:3b:ed:
         97:88:63:1b:03:74:2f:f7:9b:1d:92:98:e4:0e:c8:c2:b5:d5:
         59:53:00:bb:b0:0a:ff:b3:17:97:a7:18:1e:3c:4e:0d:69:c4:
         a8:46:f4:63:73:6c:e6:fb:79:40:c3:4e:26:54:19:5c:fd:40:
         de:60:2b:f3:ca:c9:74:62:b7:29:88:25:5b:27:8f:ab:bd:a3:
         38:0f:a6:37:19:22:1b:ac:00:40:2d:d7:e5:8a:47:41:cc:07:
         4d:6a:c8:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKelbfFm3WJtjvYNAxyjHhkRePOUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDlaFw0yNTAxMjkwODA1MDlaMDMxMTAvBgNV
BAMTKEY3OEVFQ0RFMjU5OUNDRTY1MEZBRUQxQ0E3RkJFMjhFNDZFQUVGMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA6JgGGfTpyMPNDYbO3g7UYTqb
1JWUgf6M4ejS3LXzLWQ0ChrNduEq7pxC6h/HWvx3QkaUZ3oEtWd+T1X7v0T/K6Qa
p48jFosL2+SYjKHJTNl2Vx+6I6h5yStXVJbkZU+7056XWZVPEJ5FPeDaN1xLBmQj
oc6rhH0EIMXRLb9ylsVdjm3qv7Dqnae4kcHKI+4O7qk3Z1VV4flkoT2lsDceeNO3
8MlcqLjKwlgNxee5DVWUa+9o7hGUkIq8i5Yvjztrc+z9kuN870NLfLMOP54Tv0KB
LE0Tg5ooQotEkLDG89fStSox8ZGx0iH0Um8qLEiXfGjVhlKvLLdqpkmy42IlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU947s3iWZzOZQ+u0cp/vijkbq7xAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMjIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWG
MA0GCSqGSIb3DQEBCwUAA4IBAQBcsQwXZ2j3g9buLH2CURy5sjiFt9R41Y++V6iJ
B+ns89eUdgRBEkN9lF0yNKX+S4c2MuBVKILqW1/FXQ1uU8sIOeccAAo/tAR77rNB
alJJitbMHXd87ZHh42lPzlqqKXQOAtKrOQZCv5Z6a6dK0o12A2Xt10SjtOXr3J1e
jM4/B8JdqPpvlLCePAdK/tjWjd3KO4xxQunSew1kTElVu+XgO+2XiGMbA3Qv95sd
kpjkDsjCtdVZUwC7sAr/sxeXpxgePE4NacSoRvRjc2zm+3lAw04mVBlc/UDeYCvz
ysl0YrcpiCVbJ4+rvaM4D6Y3GSIbrABALdflikdBzAdNashl
-----END CERTIFICATE-----