Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200385.roa
File:                     AS200385.roa (raw, json)
Hash identifier:          lUbYJUUtmC59iMeyhKcxYgEg2vM8y5MdXfSFIZiRB0c=
Subject key identifier:   0B:70:59:93:D8:25:B7:82:E7:89:49:3A:F6:7A:B1:62:4B:81:57:BC
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       6A26809D70DAA7CA6D493461463175ABDD1F258F
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200385.roa
Signing time:             Mon 17 Mar 2025 11:39:52 +0000
ROA not before:           Mon 17 Mar 2025 11:34:52 +0000
ROA not after:            Mon 16 Mar 2026 11:39:52 +0000
asID:                     200385
IP address blocks:        31.40.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:26:80:9d:70:da:a7:ca:6d:49:34:61:46:31:75:ab:dd:1f:25:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Mar 17 11:34:52 2025 GMT
            Not After : Mar 16 11:39:52 2026 GMT
        Subject: CN=0B705993D825B782E789493AF67AB1624B8157BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2e:39:7e:75:54:81:3b:16:1b:cf:26:2f:9c:
                    2f:81:7d:88:17:21:c7:22:6c:bd:a3:f1:d0:97:1e:
                    70:7c:02:6b:77:e6:6a:0d:6a:3b:19:7d:ad:0d:8c:
                    07:8d:af:ff:c8:2b:3c:e3:84:18:a0:1e:bb:22:c9:
                    d8:1e:e0:79:ee:74:e3:0c:82:0f:d6:63:04:29:65:
                    61:b4:f7:3c:01:95:5c:fc:63:88:2d:e2:15:16:08:
                    08:94:01:c7:06:f7:95:9d:d4:7c:20:ec:62:4d:c2:
                    34:59:03:ff:1f:cf:67:a4:1a:88:47:09:aa:8b:70:
                    8e:73:77:fe:74:fb:13:bb:93:0b:e6:19:d9:8c:58:
                    5b:49:f3:cb:ee:92:e7:1c:cf:da:8d:60:01:33:b2:
                    f4:db:96:38:f8:bc:72:2d:85:24:e3:dd:ac:59:8d:
                    4e:81:ea:31:ef:48:6c:18:52:e6:e5:09:5a:1d:ca:
                    46:72:8a:f1:b9:ea:ef:e4:87:bd:fe:c9:8f:1f:87:
                    0f:c4:7c:7d:80:55:7a:72:de:04:3c:b4:fc:ad:63:
                    f2:d4:d2:99:ec:ac:75:d1:9c:d0:fa:7f:dc:27:f5:
                    26:f4:b9:af:65:09:70:12:06:72:44:36:c8:73:f3:
                    33:8a:3f:3a:8f:17:7a:21:11:0c:60:fb:a2:4c:f4:
                    45:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:70:59:93:D8:25:B7:82:E7:89:49:3A:F6:7A:B1:62:4B:81:57:BC
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS200385.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:7c:44:b9:08:8f:39:79:0c:dd:27:91:d3:b0:c8:0c:a3:7c:
         9c:5b:0f:57:56:5b:ae:ba:66:72:ca:a3:e1:8c:1f:80:97:46:
         6c:6c:b5:55:90:e1:60:24:45:7f:d2:4a:c3:50:25:b9:78:59:
         2e:1f:89:60:0c:be:77:ed:09:7d:0d:96:6f:a2:e4:b4:8a:79:
         4f:b4:ea:c4:8b:5f:22:47:e9:5a:c6:9c:81:52:e1:ce:25:c8:
         0c:bd:67:ea:9f:d2:8e:ef:cc:ed:97:e2:e1:d9:ef:26:a4:32:
         b8:f4:7f:91:b3:8b:44:c5:31:06:9e:15:1b:19:35:d2:d5:c6:
         7a:98:37:ed:37:01:dd:b7:ec:fb:6d:97:52:a5:4d:6e:44:02:
         f1:bb:d2:44:e5:b9:b6:eb:50:46:f1:39:39:f7:3b:ed:ff:5d:
         9e:88:f5:ff:69:ee:e4:b0:7f:02:39:df:79:5d:be:1e:55:37:
         20:11:36:60:dd:06:1a:2f:9b:53:2c:96:62:9f:bd:2b:e4:6e:
         9f:4d:95:86:c6:73:43:f3:84:6e:11:01:33:1e:de:f8:2d:c0:
         c9:46:b5:15:8b:35:71:22:29:4e:f2:fb:8c:c3:31:ad:81:44:
         88:9d:4b:22:b3:e8:b2:06:bb:6e:d2:35:8c:12:9f:6e:fe:05:
         c5:a1:27:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaiaAnXDap8ptSTRhRjF1q90fJY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAzMTcxMTM0NTJaFw0yNjAzMTYxMTM5NTJaMDMxMTAvBgNV
BAMTKDBCNzA1OTkzRDgyNUI3ODJFNzg5NDkzQUY2N0FCMTYyNEI4MTU3QkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLLjl+dVSBOxYbzyYvnC+BfYgX
IccibL2j8dCXHnB8Amt35moNajsZfa0NjAeNr//IKzzjhBigHrsiydge4HnudOMM
gg/WYwQpZWG09zwBlVz8Y4gt4hUWCAiUAccG95Wd1Hwg7GJNwjRZA/8fz2ekGohH
CaqLcI5zd/50+xO7kwvmGdmMWFtJ88vukuccz9qNYAEzsvTbljj4vHIthSTj3axZ
jU6B6jHvSGwYUublCVodykZyivG56u/kh73+yY8fhw/EfH2AVXpy3gQ8tPytY/LU
0pnsrHXRnND6f9wn9Sb0ua9lCXASBnJENshz8zOKPzqPF3ohEQxg+6JM9EUVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUC3BZk9glt4LniUk69nqxYkuBV7wwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjAwMzg1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyjO
MA0GCSqGSIb3DQEBCwUAA4IBAQALfES5CI85eQzdJ5HTsMgMo3ycWw9XVluuumZy
yqPhjB+Al0ZsbLVVkOFgJEV/0krDUCW5eFkuH4lgDL537Ql9DZZvouS0inlPtOrE
i18iR+laxpyBUuHOJcgMvWfqn9KO78ztl+Lh2e8mpDK49H+Rs4tExTEGnhUbGTXS
1cZ6mDftNwHdt+z7bZdSpU1uRALxu9JE5bm261BG8Tk59zvt/12eiPX/ae7ksH8C
Od95Xb4eVTcgETZg3QYaL5tTLJZin70r5G6fTZWGxnND84RuEQEzHt74LcDJRrUV
izVxIilO8vuMwzGtgUSInUsis+iyBrtu0jWMEp9u/gXFoSeY
-----END CERTIFICATE-----