Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa
File:                     AS200017.roa (raw, json)
Hash identifier:          BCRFLJ6ia1VIW0sgrNWDlqdgVSZOIGCpXpCFjShyMHg=
Subject key identifier:   82:44:E8:41:DB:80:F7:0F:AA:FB:1D:5F:5B:FC:75:25:F0:28:2D:EA
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       11B6153E9EADD6B0E876FF219816FD4A25E4CF61
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa
Signing time:             Fri 09 Aug 2024 10:05:19 +0000
ROA not before:           Fri 09 Aug 2024 10:00:19 +0000
ROA not after:            Fri 08 Aug 2025 10:05:19 +0000
asID:                     200017
IP address blocks:        193.161.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:b6:15:3e:9e:ad:d6:b0:e8:76:ff:21:98:16:fd:4a:25:e4:cf:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug  9 10:00:19 2024 GMT
            Not After : Aug  8 10:05:19 2025 GMT
        Subject: CN=8244E841DB80F70FAAFB1D5F5BFC7525F0282DEA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e4:f8:89:13:27:83:3d:df:61:ba:2e:e4:87:
                    c7:1a:d1:7b:6b:25:f0:d5:72:1a:da:0e:35:3c:0a:
                    dd:5e:62:55:34:7b:57:3a:39:66:ce:76:e0:be:e7:
                    8d:c9:e8:5d:e5:86:2f:59:9c:9c:4d:d6:9d:41:7f:
                    6c:b2:15:57:5a:5a:9a:4b:c2:af:e9:7e:be:e2:ed:
                    0b:91:3f:c3:f3:db:e2:04:74:80:f6:9e:ef:ac:54:
                    18:ca:98:f5:2c:11:c7:fd:73:e9:aa:84:88:19:a7:
                    be:f6:43:77:6a:51:a2:ec:e6:77:7c:53:a3:8a:d8:
                    ad:a8:7c:ad:04:8f:89:ad:07:e1:ca:d1:a2:08:05:
                    32:a1:3f:88:99:3d:73:bf:73:d8:87:c5:da:04:35:
                    0e:1a:f2:41:2c:3e:05:4d:70:61:70:d6:d9:16:eb:
                    b2:88:71:78:9c:96:3e:5e:de:df:93:fa:eb:8d:7d:
                    19:54:86:50:8b:69:df:a6:d4:00:f4:00:74:89:15:
                    3b:97:52:8e:4b:b0:ae:e5:95:16:97:07:ed:eb:fc:
                    79:3a:b6:88:30:62:ff:98:16:cf:d8:78:c9:cc:79:
                    1c:9f:d8:84:74:5c:53:8f:a7:30:1e:b2:50:74:79:
                    f7:93:29:e7:c3:26:f5:d6:df:aa:14:7f:03:f8:77:
                    fe:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:44:E8:41:DB:80:F7:0F:AA:FB:1D:5F:5B:FC:75:25:F0:28:2D:EA
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:30:4b:86:90:b7:8d:f3:58:97:4b:15:93:cf:bf:ce:7f:9a:
         86:87:17:75:d6:b7:db:6c:15:3e:14:77:b9:c5:21:fc:34:c8:
         cd:d9:78:57:c2:18:be:67:ba:1b:03:59:c7:fd:98:e6:c3:39:
         37:af:be:30:20:db:ae:54:46:24:28:dc:e7:27:c6:fa:a1:50:
         a1:b7:d3:1b:90:93:18:a4:46:80:27:05:39:9f:55:3b:59:5a:
         4d:23:3b:7a:63:2c:d0:59:31:f7:3d:d3:a8:a9:7a:54:d1:cf:
         bf:93:a1:7d:1a:95:f7:a2:10:ab:a2:bf:b2:3a:eb:15:0f:f0:
         d6:d1:6c:d7:ca:41:b4:1d:91:7c:77:51:e9:17:20:0e:2c:38:
         26:fc:eb:e4:49:4f:e7:83:fd:58:15:ea:97:50:cb:b5:f7:91:
         c2:df:37:e1:d6:5a:36:24:9b:b0:dc:13:32:93:c9:33:0f:35:
         14:e6:17:f8:32:e4:c7:f1:0f:e3:c2:89:06:49:e9:44:b4:c6:
         7f:23:2d:37:de:00:3a:83:a8:41:ad:29:aa:2d:86:95:00:e5:
         e9:42:40:d4:66:ff:65:08:66:09:0c:c6:c7:72:6c:7d:59:1a:
         be:bb:e2:86:3e:8a:fc:d3:66:62:f8:67:77:a9:93:7b:69:1a:
         0d:7b:d5:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEbYVPp6t1rDodv8hmBb9SiXkz2EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA4MDkxMDAwMTlaFw0yNTA4MDgxMDA1MTlaMDMxMTAvBgNV
BAMTKDgyNDRFODQxREI4MEY3MEZBQUZCMUQ1RjVCRkM3NTI1RjAyODJERUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa5PiJEyeDPd9hui7kh8ca0Xtr
JfDVchraDjU8Ct1eYlU0e1c6OWbOduC+543J6F3lhi9ZnJxN1p1Bf2yyFVdaWppL
wq/pfr7i7QuRP8Pz2+IEdID2nu+sVBjKmPUsEcf9c+mqhIgZp772Q3dqUaLs5nd8
U6OK2K2ofK0Ej4mtB+HK0aIIBTKhP4iZPXO/c9iHxdoENQ4a8kEsPgVNcGFw1tkW
67KIcXiclj5e3t+T+uuNfRlUhlCLad+m1AD0AHSJFTuXUo5LsK7llRaXB+3r/Hk6
togwYv+YFs/YeMnMeRyf2IR0XFOPpzAeslB0efeTKefDJvXW36oUfwP4d/5pAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgkToQduA9w+q+x1fW/x1JfAoLeowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAwMDE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaH1
MA0GCSqGSIb3DQEBCwUAA4IBAQDFMEuGkLeN81iXSxWTz7/Of5qGhxd11rfbbBU+
FHe5xSH8NMjN2XhXwhi+Z7obA1nH/Zjmwzk3r74wINuuVEYkKNznJ8b6oVCht9Mb
kJMYpEaAJwU5n1U7WVpNIzt6YyzQWTH3PdOoqXpU0c+/k6F9GpX3ohCror+yOusV
D/DW0WzXykG0HZF8d1HpFyAOLDgm/OvkSU/ng/1YFeqXUMu195HC3zfh1lo2JJuw
3BMyk8kzDzUU5hf4MuTH8Q/jwokGSelEtMZ/Iy033gA6g6hBrSmqLYaVAOXpQkDU
Zv9lCGYJDMbHcmx9WRq+u+KGPor802Zi+Gd3qZN7aRoNe9XM
-----END CERTIFICATE-----