Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200829.roa
File:                     AS200829.roa (raw, json)
Hash identifier:          ljVQxN9VHuOie/3AB5xoYRrKm7jl6dPqYV5C3dq8aeI=
Subject key identifier:   90:D0:B3:43:B1:CA:20:5C:09:18:EC:3B:77:B2:28:EA:68:21:99:78
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3571401BC71DD13B88194E0D712ABA30B2ABDDAF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200829.roa
Signing time:             Thu 14 May 2026 17:04:27 +0000
ROA not before:           Thu 14 May 2026 16:59:27 +0000
ROA not after:            Thu 13 May 2027 17:04:27 +0000
asID:                     200829
IP address blocks:        84.75.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:71:40:1b:c7:1d:d1:3b:88:19:4e:0d:71:2a:ba:30:b2:ab:dd:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 14 16:59:27 2026 GMT
            Not After : May 13 17:04:27 2027 GMT
        Subject: CN=90D0B343B1CA205C0918EC3B77B228EA68219978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:93:71:fd:f7:a1:3a:88:be:4a:c7:5e:b3:3c:
                    9a:e8:b9:1d:f8:89:44:a3:d3:34:a2:11:5d:50:1e:
                    09:6f:9a:ce:b6:b4:3c:77:dc:76:e4:2d:b6:71:23:
                    0b:df:33:5a:54:dd:43:8f:14:2f:77:4d:2d:92:25:
                    69:ef:fe:ae:50:fb:66:d6:0d:4c:e4:4d:f0:e5:df:
                    82:e4:4b:92:f1:76:c8:83:41:97:12:fe:04:d3:f9:
                    a7:7e:bd:92:77:a0:42:da:14:4e:fd:d0:cc:37:7d:
                    f2:af:fb:9e:78:75:0c:66:97:f4:b8:d9:80:7c:a8:
                    d0:3f:ee:68:eb:3d:3f:40:d8:0d:52:5b:b5:49:80:
                    d0:53:62:5c:27:3d:e0:0d:1d:5a:0b:3c:f6:ed:8e:
                    b6:09:5f:26:d9:89:d6:d3:35:57:62:b6:ea:ad:8b:
                    4d:53:ba:bc:39:b7:1d:51:4d:e9:c8:7c:2e:77:ea:
                    46:05:34:1b:8b:de:a9:41:58:96:38:8d:62:37:c7:
                    06:b0:ed:ae:ee:b7:61:50:74:6a:65:a3:bd:e8:97:
                    57:e1:c6:e3:9f:a1:e1:e5:11:cb:df:67:d2:39:8f:
                    dc:c1:52:60:ad:e4:2f:27:97:38:af:21:5e:93:04:
                    6b:1b:05:81:d8:f6:ca:f5:b7:ab:9b:b9:36:c5:2f:
                    76:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D0:B3:43:B1:CA:20:5C:09:18:EC:3B:77:B2:28:EA:68:21:99:78
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200829.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:75:ae:46:29:22:ef:70:7e:ea:f5:b1:93:c2:b1:63:d2:50:
         fe:fc:03:8c:3f:18:38:77:a0:f7:75:47:24:22:47:98:79:40:
         2b:a7:2b:a1:d3:4c:7a:c7:ed:d9:20:48:1e:87:72:f0:d2:10:
         24:2a:7c:b6:72:a0:db:05:11:89:b4:51:a7:8f:29:08:56:39:
         9e:75:6d:df:a8:f2:20:9b:11:fe:18:94:e5:0a:cd:57:d0:c2:
         26:3b:00:8c:59:f4:10:2a:73:a6:9f:e6:cd:25:73:29:c3:0c:
         9b:d0:f2:2e:88:dd:d0:7c:37:56:07:a4:e5:90:8d:11:7b:a0:
         08:26:e4:65:06:36:74:9b:77:06:d7:12:48:f1:4b:ae:03:85:
         46:83:35:9a:51:c5:07:0b:3b:bd:f4:83:ee:18:ea:41:16:7c:
         45:59:76:bc:e1:8e:e2:09:90:89:38:37:f7:89:e4:8e:d4:35:
         1e:c8:d7:a5:c0:9f:76:18:8e:ec:5a:8e:db:47:0f:53:4f:7a:
         98:6d:7c:3a:44:60:4f:f2:1f:2d:6b:62:fd:fd:e4:69:df:ce:
         e9:35:8a:62:f3:39:32:0c:92:11:4a:9f:73:03:07:4b:d1:83:
         d4:50:98:5c:c2:d4:99:e5:75:8d:dd:f1:42:a0:95:4f:39:ef:
         5b:97:92:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNXFAG8cd0TuIGU4NcSq6MLKr3a8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTQxNjU5MjdaFw0yNzA1MTMxNzA0MjdaMDMxMTAvBgNV
BAMTKDkwRDBCMzQzQjFDQTIwNUMwOTE4RUMzQjc3QjIyOEVBNjgyMTk5NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjk3H996E6iL5Kx16zPJrouR34
iUSj0zSiEV1QHglvms62tDx33HbkLbZxIwvfM1pU3UOPFC93TS2SJWnv/q5Q+2bW
DUzkTfDl34LkS5LxdsiDQZcS/gTT+ad+vZJ3oELaFE790Mw3ffKv+554dQxml/S4
2YB8qNA/7mjrPT9A2A1SW7VJgNBTYlwnPeANHVoLPPbtjrYJXybZidbTNVdituqt
i01Turw5tx1RTenIfC536kYFNBuL3qlBWJY4jWI3xwaw7a7ut2FQdGplo73ol1fh
xuOfoeHlEcvfZ9I5j9zBUmCt5C8nlzivIV6TBGsbBYHY9sr1t6ubuTbFL3ZpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkNCzQ7HKIFwJGOw7d7Io6mghmXgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAwODI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVEsB
MA0GCSqGSIb3DQEBCwUAA4IBAQAhda5GKSLvcH7q9bGTwrFj0lD+/AOMPxg4d6D3
dUckIkeYeUArpyuh00x6x+3ZIEgeh3Lw0hAkKny2cqDbBRGJtFGnjykIVjmedW3f
qPIgmxH+GJTlCs1X0MImOwCMWfQQKnOmn+bNJXMpwwyb0PIuiN3QfDdWB6TlkI0R
e6AIJuRlBjZ0m3cG1xJI8UuuA4VGgzWaUcUHCzu99IPuGOpBFnxFWXa84Y7iCZCJ
ODf3ieSO1DUeyNelwJ92GI7sWo7bRw9TT3qYbXw6RGBP8h8ta2L9/eRp387pNYpi
8zkyDJIRSp9zAwdL0YPUUJhcwtSZ5XWN3fFCoJVPOe9bl5Jp
-----END CERTIFICATE-----