Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200506.roa
File:                     AS200506.roa (raw, json)
Hash identifier:          R99cn01LsL4WiXpCLU3kLqRIkRSsOLQwh0AV6sRCjCU=
Subject key identifier:   3A:42:9D:B6:63:52:12:94:E9:93:52:D8:7F:39:72:E8:6F:E1:99:BA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       46485CCA7FBB68364B9D233DC6A1496DC14C6C7F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200506.roa
Signing time:             Tue 31 Mar 2026 08:56:39 +0000
ROA not before:           Tue 31 Mar 2026 08:51:39 +0000
ROA not after:            Tue 30 Mar 2027 08:56:39 +0000
asID:                     200506
IP address blocks:        181.214.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Apr 2026 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:48:5c:ca:7f:bb:68:36:4b:9d:23:3d:c6:a1:49:6d:c1:4c:6c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 31 08:51:39 2026 GMT
            Not After : Mar 30 08:56:39 2027 GMT
        Subject: CN=3A429DB663521294E99352D87F3972E86FE199BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c7:35:0f:26:50:27:a3:d3:49:d8:18:b2:92:
                    a0:0f:1b:85:fa:8b:b5:5d:8a:b2:4a:36:54:d5:ec:
                    a0:06:02:9a:18:ba:0f:e9:28:b0:8c:9b:8d:bf:40:
                    bb:0c:f6:c7:1a:b0:69:3c:26:5a:20:5f:65:09:6c:
                    b2:28:a0:fa:b4:c4:50:5e:62:4b:7b:58:8f:64:12:
                    c1:ac:b8:fe:ac:26:9d:ca:71:cb:23:90:e2:e5:85:
                    a8:d3:a0:d8:31:2f:45:84:a6:47:88:52:9e:b0:0d:
                    1e:66:a3:de:78:af:ef:e9:a1:70:ac:ee:e6:18:72:
                    03:b2:db:47:20:e7:11:a3:dd:53:07:4a:5b:44:c8:
                    59:7b:f2:d3:4c:06:c3:48:43:85:b2:71:c6:0e:a6:
                    15:a3:0c:92:0d:21:0c:19:56:07:17:a9:f2:ba:40:
                    72:06:a5:5b:b3:6d:12:80:67:c0:d7:93:11:ca:c2:
                    15:12:2f:ad:f7:ea:f0:fb:8f:2b:5c:2e:8e:99:9e:
                    7e:67:bc:86:ef:39:7e:87:8e:a0:59:df:2b:63:a1:
                    b6:af:54:84:97:fe:79:c1:6e:33:7d:88:83:44:4c:
                    aa:c0:c9:01:3d:a7:0b:72:5e:94:f9:fe:6a:5c:c5:
                    d6:e3:75:c5:bb:17:5b:97:ce:5c:e4:f5:e1:30:db:
                    5b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:42:9D:B6:63:52:12:94:E9:93:52:D8:7F:39:72:E8:6F:E1:99:BA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200506.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:0b:f7:f5:1d:f8:b5:cb:ec:50:a5:58:ac:9b:bd:80:27:44:
         9e:43:91:95:48:81:62:76:4c:0f:9b:25:2c:02:46:13:2e:8c:
         e9:0f:69:f8:fe:92:54:f3:9d:0b:1e:35:aa:67:16:85:8c:2d:
         3a:0a:33:5e:ee:f2:4f:7d:4e:ed:44:89:7d:35:86:e3:db:fc:
         6f:d0:f4:b9:ef:47:6c:06:29:49:80:68:17:b9:85:9a:0f:23:
         00:97:f7:77:aa:a4:9e:1f:3b:ed:f0:80:60:d7:a9:ac:28:a5:
         f1:64:cd:75:ed:a3:81:7c:60:29:a8:50:6f:d3:3f:c9:4b:ec:
         cb:0f:c6:a3:48:74:e9:7e:60:fb:e7:68:30:fd:e1:8d:b9:e7:
         f0:a3:4c:e9:ab:83:14:64:6c:44:ba:89:e9:98:45:22:51:24:
         50:bf:15:0b:73:ae:e8:94:d3:fc:d3:c7:18:a7:97:f3:73:5f:
         36:77:6e:e8:1f:18:97:47:04:23:ff:17:4f:c1:26:e2:91:8a:
         aa:6a:ae:87:48:57:fc:5e:9b:c2:c6:88:c9:4d:21:06:88:f4:
         90:5a:29:8c:af:bc:a9:3d:5f:df:d7:36:a3:c9:cb:ac:1e:50:
         ab:af:2f:a9:e2:86:58:e3:12:b8:4f:c2:b9:f1:8c:97:37:65:
         76:94:2a:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURkhcyn+7aDZLnSM9xqFJbcFMbH8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMzEwODUxMzlaFw0yNzAzMzAwODU2MzlaMDMxMTAvBgNV
BAMTKDNBNDI5REI2NjM1MjEyOTRFOTkzNTJEODdGMzk3MkU4NkZFMTk5QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgxzUPJlAno9NJ2BiykqAPG4X6
i7VdirJKNlTV7KAGApoYug/pKLCMm42/QLsM9scasGk8JlogX2UJbLIooPq0xFBe
Ykt7WI9kEsGsuP6sJp3KccsjkOLlhajToNgxL0WEpkeIUp6wDR5mo954r+/poXCs
7uYYcgOy20cg5xGj3VMHSltEyFl78tNMBsNIQ4WyccYOphWjDJINIQwZVgcXqfK6
QHIGpVuzbRKAZ8DXkxHKwhUSL6336vD7jytcLo6Znn5nvIbvOX6HjqBZ3ytjobav
VISX/nnBbjN9iINETKrAyQE9pwtyXpT5/mpcxdbjdcW7F1uXzlzk9eEw21sVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOkKdtmNSEpTpk1LYfzly6G/hmbowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwNTA2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdbU
MA0GCSqGSIb3DQEBCwUAA4IBAQBOC/f1Hfi1y+xQpVism72AJ0SeQ5GVSIFidkwP
myUsAkYTLozpD2n4/pJU850LHjWqZxaFjC06CjNe7vJPfU7tRIl9NYbj2/xv0PS5
70dsBilJgGgXuYWaDyMAl/d3qqSeHzvt8IBg16msKKXxZM117aOBfGApqFBv0z/J
S+zLD8ajSHTpfmD752gw/eGNuefwo0zpq4MUZGxEuonpmEUiUSRQvxULc67olNP8
08cYp5fzc182d27oHxiXRwQj/xdPwSbikYqqaq6HSFf8XpvCxojJTSEGiPSQWimM
r7ypPV/f1zajycusHlCrry+p4oZY4xK4T8K58YyXN2V2lCoh
-----END CERTIFICATE-----