Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa
File:                     AS200017.roa (raw, json)
Hash identifier:          zRrcy8cMO9xoL0x+DTmjtI5Y3Z5uMR4HYna1d6oYWbM=
Subject key identifier:   DC:97:19:A8:17:C1:E3:2F:ED:50:7E:68:56:46:B8:54:A7:9D:ED:A1
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       068E84B42EC78B885A1C48878DF153D9A57D58E6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa
Signing time:             Fri 08 Sep 2023 09:11:57 +0000
ROA not before:           Fri 08 Sep 2023 09:06:57 +0000
ROA not after:            Fri 06 Sep 2024 09:11:57 +0000
asID:                     200017
IP address blocks:        193.161.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:8e:84:b4:2e:c7:8b:88:5a:1c:48:87:8d:f1:53:d9:a5:7d:58:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep  8 09:06:57 2023 GMT
            Not After : Sep  6 09:11:57 2024 GMT
        Subject: CN=DC9719A817C1E32FED507E685646B854A79DEDA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:17:31:5f:89:9e:5a:18:c1:33:00:6e:c4:61:
                    b6:2f:a8:5c:57:f1:f0:b7:b0:0f:76:ec:17:08:b7:
                    6b:0e:a5:b6:24:8c:e6:1e:35:dc:60:97:9f:fb:40:
                    ea:9f:b4:42:6d:7c:e2:17:6f:7a:9e:2e:54:bc:32:
                    70:99:b6:21:a1:c5:78:cb:c0:1f:c2:55:78:40:b5:
                    13:67:67:e2:6b:40:6f:db:6e:30:e3:a0:88:43:94:
                    a8:c0:0f:e1:8a:1b:e8:95:a4:ec:80:75:6a:ce:96:
                    c5:7b:59:84:ba:2b:50:86:af:4b:a3:c6:e1:34:03:
                    64:d2:35:d2:b7:87:d6:7b:15:9f:79:f3:c6:e1:f0:
                    2a:3a:ce:83:08:9b:29:93:89:0f:ff:92:b5:2c:23:
                    dc:33:fa:15:80:58:bd:fc:74:af:ad:99:32:23:21:
                    a7:9f:d4:23:40:5a:d7:0f:4a:b8:7d:9b:d7:ce:96:
                    62:de:47:50:96:af:58:ea:3d:ed:bd:2f:34:36:3d:
                    98:4d:9a:30:47:0c:53:b7:58:f1:47:de:7c:fe:6c:
                    4e:e3:2a:61:0a:91:2c:25:5b:14:75:7d:6f:85:50:
                    40:41:b6:f5:9d:2e:82:58:46:70:93:2e:15:15:ed:
                    04:9b:76:f2:dd:56:4b:90:4e:41:35:69:41:27:45:
                    73:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:97:19:A8:17:C1:E3:2F:ED:50:7E:68:56:46:B8:54:A7:9D:ED:A1
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:e7:fd:cb:c9:56:9b:06:98:ed:6b:df:44:b1:8e:bd:c0:5b:
         35:b2:8c:46:2c:b0:54:aa:9b:75:88:3b:29:05:6e:99:31:37:
         c3:0f:21:00:18:65:77:56:e9:75:6a:ee:9b:b0:b2:e2:73:25:
         ba:b8:9b:f6:f4:24:d9:dc:bb:d3:85:88:73:39:77:68:52:09:
         5d:58:26:44:0d:25:5b:7b:02:54:08:c6:61:ba:82:79:fe:82:
         05:98:44:d4:b5:21:35:40:10:a8:47:a4:f5:41:36:45:d1:7f:
         37:b0:b3:9a:cb:3c:7f:cc:c2:d2:86:9c:4a:cb:d7:fc:37:b4:
         1c:5a:fe:f4:1f:3d:d0:b7:22:75:5a:db:e0:9f:23:94:60:52:
         ff:7f:b5:c5:14:df:88:75:51:46:24:12:66:b0:25:db:99:34:
         2d:b4:71:2e:26:5d:3a:ec:48:26:07:69:ee:ae:8d:dc:2a:fa:
         1e:73:76:c1:5c:ef:df:23:7b:36:a1:c4:37:c7:fa:ee:3e:8d:
         3a:12:40:5b:c8:33:ba:d2:f1:74:c3:65:90:ed:6a:10:a4:ee:
         0e:77:69:da:21:bb:5b:cb:35:2c:60:ff:f8:7d:d2:3f:7c:b0:
         f0:94:6f:ea:07:03:74:df:16:a3:ca:49:01:99:7b:05:7b:1d:
         85:ef:4e:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBo6EtC7Hi4haHEiHjfFT2aV9WOYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA5MDgwOTA2NTdaFw0yNDA5MDYwOTExNTdaMDMxMTAvBgNV
BAMTKERDOTcxOUE4MTdDMUUzMkZFRDUwN0U2ODU2NDZCODU0QTc5REVEQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4FzFfiZ5aGMEzAG7EYbYvqFxX
8fC3sA927BcIt2sOpbYkjOYeNdxgl5/7QOqftEJtfOIXb3qeLlS8MnCZtiGhxXjL
wB/CVXhAtRNnZ+JrQG/bbjDjoIhDlKjAD+GKG+iVpOyAdWrOlsV7WYS6K1CGr0uj
xuE0A2TSNdK3h9Z7FZ9588bh8Co6zoMImymTiQ//krUsI9wz+hWAWL38dK+tmTIj
Iaef1CNAWtcPSrh9m9fOlmLeR1CWr1jqPe29LzQ2PZhNmjBHDFO3WPFH3nz+bE7j
KmEKkSwlWxR1fW+FUEBBtvWdLoJYRnCTLhUV7QSbdvLdVkuQTkE1aUEnRXNHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3JcZqBfB4y/tUH5oVka4VKed7aEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAwMDE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaH1
MA0GCSqGSIb3DQEBCwUAA4IBAQBo5/3LyVabBpjta99EsY69wFs1soxGLLBUqpt1
iDspBW6ZMTfDDyEAGGV3Vul1au6bsLLicyW6uJv29CTZ3LvThYhzOXdoUgldWCZE
DSVbewJUCMZhuoJ5/oIFmETUtSE1QBCoR6T1QTZF0X83sLOayzx/zMLShpxKy9f8
N7QcWv70Hz3QtyJ1WtvgnyOUYFL/f7XFFN+IdVFGJBJmsCXbmTQttHEuJl067Egm
B2nuro3cKvoec3bBXO/fI3s2ocQ3x/ruPo06EkBbyDO60vF0w2WQ7WoQpO4Od2na
IbtbyzUsYP/4fdI/fLDwlG/qBwN03xajykkBmXsFex2F704J
-----END CERTIFICATE-----