Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200213.roa
File:                     AS200213.roa (raw, json)
Hash identifier:          6vta1ei42bV2s3D53QWMJ4x9N6+AA4q7ufsg9Z6gc0U=
Subject key identifier:   9C:24:07:7B:60:6B:B0:A2:B7:EE:89:3A:50:9D:FF:36:5F:E0:CA:A6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       71E14249DA7C89E28059137B86FAC5A432DD99EE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200213.roa
Signing time:             Tue 19 May 2026 06:16:30 +0000
ROA not before:           Tue 19 May 2026 06:11:30 +0000
ROA not after:            Tue 18 May 2027 06:16:30 +0000
asID:                     200213
IP address blocks:        82.24.25.0/24 maxlen: 24
                          2a13:9500:155::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:e1:42:49:da:7c:89:e2:80:59:13:7b:86:fa:c5:a4:32:dd:99:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 19 06:11:30 2026 GMT
            Not After : May 18 06:16:30 2027 GMT
        Subject: CN=9C24077B606BB0A2B7EE893A509DFF365FE0CAA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5b:62:90:2c:df:28:78:9f:ae:15:0c:aa:f1:
                    a2:ee:7a:ac:6a:0e:14:be:cc:ee:4a:eb:33:dd:6d:
                    d1:58:1d:03:ab:04:77:42:ad:08:5c:fd:1c:27:1f:
                    04:6f:f4:9e:5d:bc:54:07:d5:b0:cf:12:00:31:a8:
                    09:29:a1:7e:58:6e:ea:4c:d4:10:4d:04:b6:03:cc:
                    c8:a8:e4:7f:30:1d:1a:80:6b:a4:bf:40:b0:d5:55:
                    55:43:ae:06:96:32:c3:94:71:6a:66:22:dc:01:23:
                    df:bf:6a:af:b0:ea:fb:8f:f6:f9:c4:6c:39:af:9f:
                    51:54:12:aa:5e:29:ec:0f:4e:8f:df:21:68:8e:a5:
                    ea:a8:4f:59:41:17:5a:cf:bc:26:75:89:01:a2:cc:
                    9f:01:cb:9b:42:4b:9b:6e:73:a1:ff:d9:46:ca:a9:
                    28:4b:8b:97:f4:7d:d7:4d:7b:c5:84:99:68:87:20:
                    33:4a:55:74:57:a7:f9:2c:c1:3b:c0:32:23:1b:71:
                    4b:4e:f0:ac:a1:39:24:47:e8:da:a3:c0:9d:8f:bc:
                    83:79:02:96:a6:7e:c8:1f:9b:3b:dc:72:97:3c:c0:
                    e6:c1:93:96:85:fc:29:32:3b:bd:1f:e5:29:bd:5d:
                    52:fd:d6:b2:8a:dc:1d:bd:30:70:f5:67:9b:74:e9:
                    ed:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:24:07:7B:60:6B:B0:A2:B7:EE:89:3A:50:9D:FF:36:5F:E0:CA:A6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200213.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.25.0/24
                IPv6:
                  2a13:9500:155::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:65:a4:29:b3:b0:14:75:80:c1:21:c9:11:56:58:0f:90:1d:
         b3:d6:d9:5f:d6:af:68:a0:9c:8b:8c:9c:e3:9f:25:d4:57:be:
         1d:82:05:fe:9e:33:c1:01:7f:1e:f8:6c:1a:38:76:eb:63:1a:
         e4:41:1b:27:1b:4b:ed:4b:f3:b3:f9:c8:c3:25:09:4e:b2:6a:
         c0:c1:00:5e:4e:c1:bf:81:75:07:60:f5:16:9f:9e:df:a4:4d:
         fe:1c:a3:4c:cc:90:e9:9a:67:f5:ac:3e:c0:2c:1c:4e:7a:b1:
         13:65:a3:65:2b:64:c3:b8:38:e4:e5:b6:a4:f9:41:a1:4e:b7:
         6d:8e:fc:90:6e:5c:45:4f:51:3b:eb:3b:8f:3b:57:da:a0:50:
         6d:2b:a9:20:78:83:2d:4e:b0:56:b6:35:85:ca:5c:80:e0:04:
         12:a0:7b:6d:52:34:91:4b:29:f3:1f:8a:cf:b7:d6:12:d4:c5:
         7c:7c:73:38:4b:16:5c:30:58:d1:0e:c8:ad:69:5b:c7:94:63:
         24:95:71:a9:ce:ed:8e:ab:72:cd:fc:82:2d:c8:92:f6:56:b6:
         7c:9a:38:fd:bc:8a:8a:c7:7d:8d:d5:aa:00:93:72:9a:ae:1c:
         4b:73:a6:0c:d6:60:0f:d0:d9:02:24:15:81:78:cb:57:b8:b8:
         a2:36:91:15
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUceFCSdp8ieKAWRN7hvrFpDLdme4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTkwNjExMzBaFw0yNzA1MTgwNjE2MzBaMDMxMTAvBgNV
BAMTKDlDMjQwNzdCNjA2QkIwQTJCN0VFODkzQTUwOURGRjM2NUZFMENBQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChW2KQLN8oeJ+uFQyq8aLueqxq
DhS+zO5K6zPdbdFYHQOrBHdCrQhc/RwnHwRv9J5dvFQH1bDPEgAxqAkpoX5YbupM
1BBNBLYDzMio5H8wHRqAa6S/QLDVVVVDrgaWMsOUcWpmItwBI9+/aq+w6vuP9vnE
bDmvn1FUEqpeKewPTo/fIWiOpeqoT1lBF1rPvCZ1iQGizJ8By5tCS5tuc6H/2UbK
qShLi5f0fddNe8WEmWiHIDNKVXRXp/kswTvAMiMbcUtO8KyhOSRH6NqjwJ2PvIN5
Apamfsgfmzvccpc8wObBk5aF/CkyO70f5Sm9XVL91rKK3B29MHD1Z5t06e2ZAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUnCQHe2BrsKK37ok6UJ3/Nl/gyqYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAwMjEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhgZ
MA8EAgACMAkDBwAqE5UAAVUwDQYJKoZIhvcNAQELBQADggEBAJtlpCmzsBR1gMEh
yRFWWA+QHbPW2V/Wr2ignIuMnOOfJdRXvh2CBf6eM8EBfx74bBo4dutjGuRBGycb
S+1L87P5yMMlCU6yasDBAF5Owb+BdQdg9Rafnt+kTf4co0zMkOmaZ/WsPsAsHE56
sRNlo2UrZMO4OOTltqT5QaFOt22O/JBuXEVPUTvrO487V9qgUG0rqSB4gy1OsFa2
NYXKXIDgBBKge21SNJFLKfMfis+31hLUxXx8czhLFlwwWNEOyK1pW8eUYySVcanO
7Y6rcs38gi3IkvZWtnyaOP28iorHfY3VqgCTcpquHEtzpgzWYA/Q2QIkFYF4y1e4
uKI2kRU=
-----END CERTIFICATE-----