Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200193.roa
File:                     AS200193.roa (raw, json)
Hash identifier:          SSptXBffD8vyfJ8+ItmqHOXRVZPoCHM2Olja4YnMGSw=
Subject key identifier:   D7:51:8B:AD:96:B3:A6:B6:DE:59:F9:9D:1B:3D:02:F5:0F:BD:CF:FF
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       172A5C44EBF8188CB84079FBAC07770B32A63F2B
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200193.roa
Signing time:             Wed 15 Jan 2025 17:10:18 +0000
ROA not before:           Wed 15 Jan 2025 17:05:18 +0000
ROA not after:            Wed 14 Jan 2026 17:10:18 +0000
asID:                     200193
IP address blocks:        5.133.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:2a:5c:44:eb:f8:18:8c:b8:40:79:fb:ac:07:77:0b:32:a6:3f:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 17:05:18 2025 GMT
            Not After : Jan 14 17:10:18 2026 GMT
        Subject: CN=D7518BAD96B3A6B6DE59F99D1B3D02F50FBDCFFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a1:59:10:63:54:02:fa:10:db:b1:71:e3:b1:
                    d8:bb:0e:95:87:6a:59:9e:c6:cd:d2:fe:20:c0:56:
                    1a:78:1f:e6:e1:98:a7:6f:12:b2:01:3c:c8:69:2f:
                    87:7f:33:e5:e1:ec:c6:df:b1:4c:0b:8f:5f:77:77:
                    60:cd:fd:7b:93:4f:e2:f8:cd:a3:15:aa:d3:77:76:
                    24:4a:be:ac:e3:ef:eb:c2:f7:7d:ed:04:f8:51:d7:
                    b4:b4:62:94:01:3e:b3:cc:d0:94:80:61:64:ad:06:
                    5c:74:4d:c7:6c:42:b7:85:62:c9:95:2e:6d:d2:31:
                    ce:e7:03:49:a9:51:0d:0e:13:29:47:03:85:fe:72:
                    cb:b9:fd:d3:4e:a6:23:d8:62:63:08:ec:fd:fd:74:
                    3a:85:2d:35:d7:24:1f:fa:e3:8c:ee:27:01:61:e8:
                    c5:a0:21:37:27:8c:fd:ce:2e:dc:98:d3:bf:17:75:
                    32:b6:f6:8e:9f:6a:f9:e3:de:7a:42:86:a5:75:a9:
                    75:e5:df:68:dd:6a:15:83:db:ba:c8:d9:70:58:9c:
                    a3:5f:14:ac:ac:56:41:e4:d4:3d:4c:b3:a3:d2:1a:
                    45:d3:74:4e:f6:08:97:48:57:41:6e:96:f1:52:97:
                    b3:bf:4c:20:c7:22:29:6f:9e:4a:73:c7:6b:a7:af:
                    63:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:51:8B:AD:96:B3:A6:B6:DE:59:F9:9D:1B:3D:02:F5:0F:BD:CF:FF
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200193.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:63:6e:a1:3d:4e:6d:e5:5d:b1:bb:ff:58:f8:3d:59:3a:29:
         0b:39:c2:42:7c:d5:7a:8b:c9:78:dc:35:91:d0:dd:9f:b8:2e:
         cd:29:47:27:6c:b5:24:0e:b3:ea:0b:48:71:63:f7:c3:1e:20:
         70:9b:f9:83:09:a0:c5:cc:a8:49:83:6c:25:12:b3:51:16:9f:
         9d:79:d9:a5:15:e5:bb:a9:5b:47:ee:d5:53:92:b8:5c:8f:37:
         f4:93:52:da:33:ce:a5:f5:6a:76:7e:65:77:3e:53:11:00:b6:
         cd:ad:6e:3f:2a:30:f0:97:a8:47:5a:be:52:cc:f3:de:ed:9b:
         c0:83:45:7b:5b:95:88:62:d3:1c:cc:d1:53:15:1e:f5:2f:30:
         55:10:dc:26:07:3d:c2:b3:68:a2:8f:bd:6c:dd:33:75:34:f6:
         0d:86:ca:52:5c:f3:ee:95:a1:4f:c8:1b:ae:f5:00:ae:3e:38:
         0e:88:16:ca:d1:6f:3b:8a:2d:8c:30:50:d6:3e:02:bf:78:14:
         11:6b:63:a5:04:09:2d:d5:85:8b:20:e6:da:a4:ae:1d:b1:76:
         cc:86:2f:6a:ea:08:b1:f5:9c:56:03:8d:b2:a8:61:e7:00:82:
         b9:45:a1:91:95:48:5c:a7:f4:e0:73:d0:ee:26:b3:04:70:ca:
         aa:11:1b:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFypcROv4GIy4QHn7rAd3CzKmPyswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNzA1MThaFw0yNjAxMTQxNzEwMThaMDMxMTAvBgNV
BAMTKEQ3NTE4QkFEOTZCM0E2QjZERTU5Rjk5RDFCM0QwMkY1MEZCRENGRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcoVkQY1QC+hDbsXHjsdi7DpWH
almexs3S/iDAVhp4H+bhmKdvErIBPMhpL4d/M+Xh7MbfsUwLj193d2DN/XuTT+L4
zaMVqtN3diRKvqzj7+vC933tBPhR17S0YpQBPrPM0JSAYWStBlx0TcdsQreFYsmV
Lm3SMc7nA0mpUQ0OEylHA4X+csu5/dNOpiPYYmMI7P39dDqFLTXXJB/644zuJwFh
6MWgITcnjP3OLtyY078XdTK29o6favnj3npChqV1qXXl32jdahWD27rI2XBYnKNf
FKysVkHk1D1Ms6PSGkXTdE72CJdIV0FulvFSl7O/TCDHIilvnkpzx2unr2PPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU11GLrZazprbeWfmdGz0C9Q+9z/8wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjAwMTkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVk
MA0GCSqGSIb3DQEBCwUAA4IBAQATY26hPU5t5V2xu/9Y+D1ZOikLOcJCfNV6i8l4
3DWR0N2fuC7NKUcnbLUkDrPqC0hxY/fDHiBwm/mDCaDFzKhJg2wlErNRFp+dedml
FeW7qVtH7tVTkrhcjzf0k1LaM86l9Wp2fmV3PlMRALbNrW4/KjDwl6hHWr5SzPPe
7ZvAg0V7W5WIYtMczNFTFR71LzBVENwmBz3Cs2iij71s3TN1NPYNhspSXPPulaFP
yBuu9QCuPjgOiBbK0W87ii2MMFDWPgK/eBQRa2OlBAkt1YWLIObapK4dsXbMhi9q
6gix9ZxWA42yqGHnAIK5RaGRlUhcp/Tgc9DuJrMEcMqqERvb
-----END CERTIFICATE-----