Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200790.roa
File:                     AS200790.roa (raw, json)
Hash identifier:          5K+1RbXa4OxoJgqSpHgZSygTviSvb0tkWDcH2EH57MQ=
Subject key identifier:   A4:CB:1B:F4:1C:CA:B2:80:E7:09:05:2E:C9:8C:2C:05:D2:CC:08:EB
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       49BBA8369D19840CC9BB854807BEDEA82C067C3E
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200790.roa
Signing time:             Sat 21 Feb 2026 03:21:36 +0000
ROA not before:           Sat 21 Feb 2026 03:16:36 +0000
ROA not after:            Sat 20 Feb 2027 03:21:36 +0000
asID:                     200790
IP address blocks:        2a14:7583:e400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:bb:a8:36:9d:19:84:0c:c9:bb:85:48:07:be:de:a8:2c:06:7c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb 21 03:16:36 2026 GMT
            Not After : Feb 20 03:21:36 2027 GMT
        Subject: CN=A4CB1BF41CCAB280E709052EC98C2C05D2CC08EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3f:57:54:cb:78:36:70:9b:a6:8e:83:20:09:
                    17:ba:3e:a1:7c:12:55:8d:48:0d:1a:ae:70:e5:34:
                    09:e3:ca:0f:8a:44:5e:8a:84:f8:73:89:7b:89:94:
                    e6:e2:70:c0:53:27:a3:3a:e2:41:ac:79:30:10:2a:
                    8a:f0:31:92:fb:e9:65:94:e7:a5:f2:08:a0:40:da:
                    b0:77:a8:b2:aa:ab:25:12:7b:6c:20:a2:18:b2:ea:
                    61:4e:92:8d:17:92:eb:a7:e9:54:0d:0d:55:92:92:
                    4b:a1:c8:0b:f6:f4:97:bd:6a:86:7d:1c:47:81:e2:
                    8f:49:2f:0a:ee:65:31:06:73:24:c6:25:f0:d6:b5:
                    b2:01:a3:11:a3:73:84:45:81:0c:06:ee:e9:33:c0:
                    2e:d3:da:c1:b3:65:7c:39:8f:91:55:7d:c9:70:20:
                    bf:e2:51:fd:b4:53:c3:4d:c1:57:25:ee:01:4f:dd:
                    45:13:42:72:c1:c2:44:e1:94:a5:ff:c0:1e:34:bf:
                    72:4d:4f:a9:bd:75:96:64:d0:10:4a:4d:80:71:78:
                    1d:bc:98:dd:b6:41:7b:be:f9:97:10:15:d2:2b:0d:
                    a3:37:69:d7:a0:16:be:f0:67:fb:0c:0d:bc:dd:39:
                    60:55:52:39:6e:e7:4f:a9:bd:28:36:e6:a1:d9:f2:
                    23:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:CB:1B:F4:1C:CA:B2:80:E7:09:05:2E:C9:8C:2C:05:D2:CC:08:EB
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200790.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:e400::/40

    Signature Algorithm: sha256WithRSAEncryption
         7f:00:19:75:68:d0:bb:cc:91:df:2c:e4:5f:f6:15:0c:70:72:
         8f:cc:35:bf:7c:ff:d8:a5:4f:f6:60:48:53:f0:67:36:12:80:
         17:11:57:17:43:74:ed:36:57:09:5d:29:6b:42:be:8e:69:84:
         5d:c2:b0:a8:99:fa:44:53:3c:d5:2d:2a:f9:3c:50:e3:a8:de:
         24:e8:ce:08:92:71:a6:6b:fb:25:02:1c:03:0d:90:8a:0e:65:
         d7:2b:31:50:2b:33:64:6a:59:9b:f9:2a:c6:a4:4b:fd:46:95:
         b5:05:5f:d7:5a:ad:fa:63:1e:a5:cf:50:90:9a:f8:3b:80:4f:
         99:41:04:e2:ea:b0:65:32:ae:e1:86:b0:df:80:ea:f7:ce:03:
         e7:42:c2:e0:df:d1:af:4e:16:5f:37:dc:a5:61:d2:d6:b7:9e:
         b0:96:1e:c1:a9:16:61:9b:8a:fa:4d:06:a5:9f:f0:9e:4f:96:
         43:48:9b:d2:d3:91:0a:a7:06:d8:ca:e0:3c:c4:4b:2f:7a:a5:
         6c:68:6e:ab:11:6f:ed:b6:b2:e5:97:fc:c1:a3:27:12:c8:a6:
         f9:88:aa:e4:4a:f0:60:34:c6:a4:42:16:4b:42:c6:26:ea:ac:
         6a:dc:7b:e0:2e:d3:0d:d4:67:e0:2d:f0:80:20:0f:e1:a0:81:
         a6:36:a3:85
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUSbuoNp0ZhAzJu4VIB77eqCwGfD4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAyMjEwMzE2MzZaFw0yNzAyMjAwMzIxMzZaMDMxMTAvBgNV
BAMTKEE0Q0IxQkY0MUNDQUIyODBFNzA5MDUyRUM5OEMyQzA1RDJDQzA4RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGP1dUy3g2cJumjoMgCRe6PqF8
ElWNSA0arnDlNAnjyg+KRF6KhPhziXuJlObicMBTJ6M64kGseTAQKorwMZL76WWU
56XyCKBA2rB3qLKqqyUSe2wgohiy6mFOko0Xkuun6VQNDVWSkkuhyAv29Je9aoZ9
HEeB4o9JLwruZTEGcyTGJfDWtbIBoxGjc4RFgQwG7ukzwC7T2sGzZXw5j5FVfclw
IL/iUf20U8NNwVcl7gFP3UUTQnLBwkThlKX/wB40v3JNT6m9dZZk0BBKTYBxeB28
mN22QXu++ZcQFdIrDaM3adegFr7wZ/sMDbzdOWBVUjlu50+pvSg25qHZ8iMxAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUpMsb9BzKsoDnCQUuyYwsBdLMCOswHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjAwNzkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
g+QwDQYJKoZIhvcNAQELBQADggEBAH8AGXVo0LvMkd8s5F/2FQxwco/MNb98/9il
T/ZgSFPwZzYSgBcRVxdDdO02VwldKWtCvo5phF3CsKiZ+kRTPNUtKvk8UOOo3iTo
zgiScaZr+yUCHAMNkIoOZdcrMVArM2RqWZv5KsakS/1GlbUFX9darfpjHqXPUJCa
+DuAT5lBBOLqsGUyruGGsN+A6vfOA+dCwuDf0a9OFl833KVh0ta3nrCWHsGpFmGb
ivpNBqWf8J5PlkNIm9LTkQqnBtjK4DzESy96pWxobqsRb+22suWX/MGjJxLIpvmI
quRK8GA0xqRCFktCxibqrGrce+Au0w3UZ+At8IAgD+GggaY2o4U=
-----END CERTIFICATE-----