Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS200950.roa
File:                     AS200950.roa (raw, json)
Hash identifier:          st8q/41glneYXPrCy+7Q4eJP1mdR4AtLnZkBrsKQs3w=
Subject key identifier:   73:18:FB:AE:F7:CF:65:EE:1F:E7:12:30:A0:3A:2D:12:5F:BB:D1:24
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       40AA239FCE5DEB772E523A027C83ABC6898CF311
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS200950.roa
Signing time:             Sat 09 Nov 2024 14:15:48 +0000
ROA not before:           Sat 09 Nov 2024 14:10:48 +0000
ROA not after:            Sat 08 Nov 2025 14:15:48 +0000
asID:                     200950
IP address blocks:        2a0f:85c1:8d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:aa:23:9f:ce:5d:eb:77:2e:52:3a:02:7c:83:ab:c6:89:8c:f3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov  9 14:10:48 2024 GMT
            Not After : Nov  8 14:15:48 2025 GMT
        Subject: CN=7318FBAEF7CF65EE1FE71230A03A2D125FBBD124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c1:e9:73:4f:e6:91:d7:d5:1f:fb:57:9d:78:
                    e4:b5:d1:e1:c3:8c:76:58:e3:bc:c7:83:91:69:d6:
                    b1:70:70:84:46:26:68:f9:4e:ec:85:47:b8:d9:7a:
                    1e:b0:9d:bd:80:98:63:48:29:7a:b4:bb:5b:00:90:
                    be:b2:8a:a4:21:b0:fa:c3:cb:e9:4e:b7:40:21:d8:
                    83:cb:76:bf:34:1d:6f:af:7c:04:9a:df:46:15:7a:
                    fc:d1:45:00:4f:35:f1:e1:2f:c2:47:d3:cb:d0:59:
                    33:6a:ae:5f:4a:88:9e:b0:72:58:98:12:af:9a:73:
                    55:f9:c3:05:07:ea:cf:d6:20:42:92:73:07:71:24:
                    7d:12:dc:b5:94:33:81:df:c8:ef:e9:86:ac:70:3a:
                    06:ae:2d:d6:c7:bd:1a:76:b9:86:9b:33:a4:25:e8:
                    a5:81:ad:eb:6e:1f:db:21:6e:59:8c:95:fc:70:dd:
                    bb:53:d5:0c:de:21:f8:bc:85:bf:56:74:5f:36:ff:
                    05:ff:f3:83:a0:16:04:14:2d:dd:6b:35:5c:84:a0:
                    83:6c:8c:76:70:59:1a:d5:55:51:cd:77:d7:0a:19:
                    4d:05:a2:f6:68:81:9a:e7:15:65:31:ca:0b:5f:a6:
                    5c:74:5d:75:12:10:be:ab:96:11:42:8c:ef:7d:7c:
                    9b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:18:FB:AE:F7:CF:65:EE:1F:E7:12:30:A0:3A:2D:12:5F:BB:D1:24
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS200950.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         87:78:67:7a:54:1c:cf:77:08:67:f9:99:bc:e4:7b:6c:41:a1:
         9a:2e:b0:43:da:24:76:aa:b2:03:25:71:42:01:51:69:6d:36:
         ad:7a:69:6a:8f:c2:91:b6:40:6b:22:96:94:ed:1b:aa:15:ed:
         36:12:af:9c:63:9a:d7:62:2c:58:b3:0d:2d:f8:7d:b3:ee:fa:
         8c:12:2f:1f:bb:25:5d:18:3f:1a:84:64:5a:eb:56:c2:76:35:
         6e:9d:a8:97:28:8d:7a:f9:58:b8:0e:08:fe:93:6f:df:47:94:
         79:25:3d:e9:af:5e:2b:2a:9b:f9:da:37:5c:01:af:5d:b3:f6:
         25:50:40:fb:e4:fc:2a:4c:84:57:aa:2a:d9:5e:d2:f2:d8:67:
         42:da:e8:11:49:e8:b9:90:28:0e:26:b3:fb:23:cf:af:3a:cc:
         77:14:a7:ab:f6:b3:57:35:84:3f:3e:a9:72:d4:38:0b:28:26:
         d8:be:cd:13:11:71:c2:8d:f9:03:7d:59:07:86:43:51:50:42:
         af:b7:66:0a:f8:6d:42:7f:8d:84:fa:a5:fd:db:bd:6b:cc:27:
         7e:b1:3b:45:4d:75:98:0f:52:dd:fa:23:37:a0:be:00:0b:1a:
         dc:ec:b7:18:f2:e7:fd:e8:00:45:b3:12:48:61:eb:3c:fa:f6:
         37:a8:44:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQKojn85d63cuUjoCfIOrxomM8xEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDExMDkxNDEwNDhaFw0yNTExMDgxNDE1NDhaMDMxMTAvBgNV
BAMTKDczMThGQkFFRjdDRjY1RUUxRkU3MTIzMEEwM0EyRDEyNUZCQkQxMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSwelzT+aR19Uf+1edeOS10eHD
jHZY47zHg5Fp1rFwcIRGJmj5TuyFR7jZeh6wnb2AmGNIKXq0u1sAkL6yiqQhsPrD
y+lOt0Ah2IPLdr80HW+vfASa30YVevzRRQBPNfHhL8JH08vQWTNqrl9KiJ6wcliY
Eq+ac1X5wwUH6s/WIEKScwdxJH0S3LWUM4HfyO/phqxwOgauLdbHvRp2uYabM6Ql
6KWBretuH9shblmMlfxw3btT1QzeIfi8hb9WdF82/wX/84OgFgQULd1rNVyEoINs
jHZwWRrVVVHNd9cKGU0FovZogZrnFWUxygtfplx0XXUSEL6rlhFCjO99fJv7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUcxj7rvfPZe4f5xIwoDotEl+70SQwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjAwOTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQjQMA0GCSqGSIb3DQEBCwUAA4IBAQCHeGd6VBzPdwhn+Zm85HtsQaGaLrBD2iR2
qrIDJXFCAVFpbTatemlqj8KRtkBrIpaU7RuqFe02Eq+cY5rXYixYsw0t+H2z7vqM
Ei8fuyVdGD8ahGRa61bCdjVunaiXKI16+Vi4Dgj+k2/fR5R5JT3pr14rKpv52jdc
Aa9ds/YlUED75PwqTIRXqirZXtLy2GdC2ugRSei5kCgOJrP7I8+vOsx3FKer9rNX
NYQ/Pqly1DgLKCbYvs0TEXHCjfkDfVkHhkNRUEKvt2YK+G1Cf42E+qX9271rzCd+
sTtFTXWYD1Ld+iM3oL4ACxrc7LcY8uf96ABFsxJIYes8+vY3qET5
-----END CERTIFICATE-----