Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200193.roa
File:                     AS200193.roa (raw, json)
Hash identifier:          ko8unVVUXyRyQ5qs9L98LuQmI+/TW+YDcxXSeRyXrjk=
Subject key identifier:   9B:C7:43:4A:09:9C:1F:C9:C6:1B:3C:5F:F7:0E:89:B6:D8:01:0B:7F
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       1BF5325A51AF0E3AD65632DF306CAE3630815CCF
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200193.roa
Signing time:             Fri 30 May 2025 18:06:53 +0000
ROA not before:           Fri 30 May 2025 18:01:53 +0000
ROA not after:            Fri 29 May 2026 18:06:53 +0000
asID:                     200193
IP address blocks:        5.133.100.0/24 maxlen: 24
                          92.249.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:f5:32:5a:51:af:0e:3a:d6:56:32:df:30:6c:ae:36:30:81:5c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: May 30 18:01:53 2025 GMT
            Not After : May 29 18:06:53 2026 GMT
        Subject: CN=9BC7434A099C1FC9C61B3C5FF70E89B6D8010B7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:04:0a:1a:2a:f6:23:37:0c:18:98:8f:92:a9:
                    71:50:33:55:49:8d:7a:a6:c3:9f:e9:6d:0b:b1:09:
                    8c:bc:f4:1c:2c:e5:54:f9:19:bc:df:a8:f0:0e:13:
                    b4:d8:ed:f4:f8:79:0f:61:a3:4b:5e:21:28:cb:fb:
                    c6:68:06:e9:f6:1a:1a:f2:bd:df:90:52:7c:3c:f0:
                    bb:08:a2:a7:b2:fa:88:c9:ca:5c:db:bf:53:9d:8a:
                    56:26:54:cb:72:4e:34:6c:5b:76:cd:38:58:f0:84:
                    02:cd:b2:84:2e:8c:f9:67:b5:be:f5:fe:c8:fa:2f:
                    72:d4:dc:90:1a:d9:df:a2:b5:42:bf:7f:3e:5b:d3:
                    48:ea:60:a3:dd:33:0e:27:54:e0:f2:3f:ae:01:74:
                    e3:7b:cb:89:28:75:3d:99:bf:39:32:2b:bf:fa:9e:
                    fb:de:d6:41:d6:a5:f3:6d:2c:81:6c:15:6e:ab:4b:
                    da:75:79:56:50:5a:ea:7c:18:a5:26:fe:9c:4e:c7:
                    0b:06:a3:e8:02:a4:7b:d0:1c:36:ea:c8:e1:45:43:
                    8e:36:87:21:a3:03:a5:78:e8:d3:79:ce:da:2d:3b:
                    51:73:b0:67:87:cb:80:0b:33:9b:87:08:5c:73:da:
                    d8:df:70:2e:fb:84:5b:b1:97:ca:01:68:07:e2:bd:
                    23:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C7:43:4A:09:9C:1F:C9:C6:1B:3C:5F:F7:0E:89:B6:D8:01:0B:7F
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200193.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/24
                  92.249.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:00:68:12:cf:f6:dd:8e:a7:60:a8:9a:41:36:7a:84:3c:1e:
         eb:6a:51:ee:d8:1c:fa:24:01:d5:3b:02:3b:f3:95:35:ed:f2:
         83:8e:0b:e1:a0:3d:27:bb:b4:82:5f:c6:1d:76:f9:63:61:08:
         ce:20:e3:b2:bc:d7:5e:ba:c1:21:9e:97:4d:5e:66:9b:ec:34:
         f7:74:d7:de:56:d0:68:13:cf:de:cd:e7:3b:9e:23:0f:ca:7f:
         6a:d6:50:a1:0c:5d:f3:e7:12:0e:08:bb:18:e4:08:49:b2:86:
         2b:2f:60:75:bb:51:eb:48:c1:39:25:39:18:ec:5e:5f:48:f6:
         e1:c6:e6:d9:00:83:f3:44:45:12:d3:85:0f:4b:d1:0d:40:e6:
         62:1c:de:d1:c7:ae:84:3c:07:b0:63:dc:59:e1:a8:9c:6a:98:
         04:48:cb:eb:74:05:dd:b4:1d:8a:ad:b0:9e:8c:b8:98:03:2d:
         34:72:e9:91:2d:95:9f:40:60:e7:2d:fb:32:8c:af:a9:2a:dd:
         4b:99:d6:f6:83:95:f3:14:7b:bf:68:b9:ec:9c:c3:83:d1:ef:
         14:b3:71:16:af:8b:50:b8:fe:85:7b:ab:58:25:5a:23:af:7e:
         62:54:3d:d0:a2:34:6c:62:db:0b:05:04:5f:f0:c1:84:ad:03:
         98:c4:30:c0
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUG/UyWlGvDjrWVjLfMGyuNjCBXM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA1MzAxODAxNTNaFw0yNjA1MjkxODA2NTNaMDMxMTAvBgNV
BAMTKDlCQzc0MzRBMDk5QzFGQzlDNjFCM0M1RkY3MEU4OUI2RDgwMTBCN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3BAoaKvYjNwwYmI+SqXFQM1VJ
jXqmw5/pbQuxCYy89Bws5VT5GbzfqPAOE7TY7fT4eQ9ho0teISjL+8ZoBun2Ghry
vd+QUnw88LsIoqey+ojJylzbv1OdilYmVMtyTjRsW3bNOFjwhALNsoQujPlntb71
/sj6L3LU3JAa2d+itUK/fz5b00jqYKPdMw4nVODyP64BdON7y4kodT2ZvzkyK7/6
nvve1kHWpfNtLIFsFW6rS9p1eVZQWup8GKUm/pxOxwsGo+gCpHvQHDbqyOFFQ442
hyGjA6V46NN5ztotO1FzsGeHy4ALM5uHCFxz2tjfcC77hFuxl8oBaAfivSOxAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUm8dDSgmcH8nGGzxf9w6JttgBC38wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjAwMTkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABYVk
AwQAXPk8MA0GCSqGSIb3DQEBCwUAA4IBAQBvAGgSz/bdjqdgqJpBNnqEPB7ralHu
2Bz6JAHVOwI785U17fKDjgvhoD0nu7SCX8YddvljYQjOIOOyvNdeusEhnpdNXmab
7DT3dNfeVtBoE8/ezec7niMPyn9q1lChDF3z5xIOCLsY5AhJsoYrL2B1u1HrSME5
JTkY7F5fSPbhxubZAIPzREUS04UPS9ENQOZiHN7Rx66EPAewY9xZ4aicapgESMvr
dAXdtB2KrbCejLiYAy00cumRLZWfQGDnLfsyjK+pKt1Lmdb2g5XzFHu/aLnsnMOD
0e8Us3EWr4tQuP6Fe6tYJVojr35iVD3QojRsYtsLBQRf8MGErQOYxDDA
-----END CERTIFICATE-----