Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS200469.roa
File:                     AS200469.roa (raw, json)
Hash identifier:          VLvrKFl7K7jJSy8ENYxLlyaaMdHfqHQNGnD3zWjeoA8=
Subject key identifier:   5A:A5:68:03:51:88:59:B7:63:71:23:F7:5E:BA:30:56:F7:A1:34:82
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2990284FB3178DEA85B2788F20E6DAF5424ACECC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS200469.roa
Signing time:             Thu 05 Mar 2026 15:01:18 +0000
ROA not before:           Thu 05 Mar 2026 14:56:18 +0000
ROA not after:            Thu 04 Mar 2027 15:01:18 +0000
asID:                     200469
IP address blocks:        141.11.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 16:52:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:90:28:4f:b3:17:8d:ea:85:b2:78:8f:20:e6:da:f5:42:4a:ce:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  5 14:56:18 2026 GMT
            Not After : Mar  4 15:01:18 2027 GMT
        Subject: CN=5AA56803518859B7637123F75EBA3056F7A13482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b8:a7:d8:49:9b:57:20:f2:80:b1:d0:03:ac:
                    e9:59:2e:e8:31:63:27:68:ea:e3:c7:ac:d4:ad:62:
                    d1:1c:ec:60:72:a2:32:18:e5:d4:38:ed:e9:09:9c:
                    fe:9c:21:92:09:d0:a3:12:4a:33:9a:c1:2d:76:55:
                    d9:99:3e:49:fe:18:e2:b8:53:df:41:12:c2:2b:d2:
                    c0:c9:89:c4:ad:a5:5d:8e:fd:80:16:33:a4:17:2e:
                    cf:6f:f0:f0:fd:7d:20:46:82:7b:63:a9:54:5e:49:
                    a5:c5:a3:9b:10:af:91:ac:8b:41:33:a8:e6:dd:3e:
                    9b:6f:e5:68:d3:1c:7c:38:42:25:9a:53:49:d2:01:
                    e8:17:a5:9d:ed:d9:4a:59:1b:fc:96:78:36:af:d6:
                    70:72:ec:81:cb:05:b0:d7:26:72:de:a2:fb:5b:1f:
                    76:7f:e2:a8:36:9d:17:58:ef:88:10:4b:98:24:af:
                    92:89:c5:77:a4:c7:c6:5c:99:5e:12:22:18:d0:e9:
                    8f:da:b1:4f:1c:b5:19:8e:06:eb:43:b2:5d:d8:ad:
                    b3:7d:1a:5a:0b:75:95:17:ad:e0:aa:d4:f7:dd:80:
                    26:5d:05:43:29:71:15:00:a5:d4:f1:fd:97:ea:b3:
                    c8:27:a7:4b:2a:1b:00:1b:ef:b7:6f:e6:39:a2:73:
                    1f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:A5:68:03:51:88:59:B7:63:71:23:F7:5E:BA:30:56:F7:A1:34:82
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS200469.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:aa:7a:55:3c:08:b5:2b:a6:a8:79:12:af:9f:c9:9e:a3:81:
         d1:ed:40:af:30:6b:9b:d0:0e:e0:cb:29:1c:b1:a3:8a:fc:96:
         e5:45:b2:57:45:d5:9d:9a:cd:ed:26:11:7b:fa:2d:30:bc:56:
         39:b8:30:76:d5:79:e4:aa:6a:d6:a7:55:fc:a8:09:4f:2b:f7:
         a1:8e:0c:c0:f7:f8:01:38:7f:3e:8c:7e:ba:e1:0f:a2:f7:03:
         e9:ee:fd:71:7a:e8:ab:45:51:74:75:63:7f:58:bf:76:93:b5:
         ce:74:07:95:97:b4:6c:55:7a:ab:fb:7e:82:1f:46:3b:41:ac:
         fa:c5:2d:46:c9:5a:d4:48:06:dd:d1:45:8b:8e:be:24:16:0f:
         73:bb:cf:55:5d:a2:81:95:23:a8:3f:c1:26:4d:41:d3:f2:a1:
         18:a9:a4:dc:73:27:b9:bd:ea:16:9f:57:8b:6a:82:2c:c2:91:
         7b:1c:6e:94:db:b0:19:aa:5c:17:72:de:46:4f:b6:26:c0:c7:
         ef:6e:04:86:e4:ae:02:34:d9:1c:cb:05:1d:6f:37:50:5e:b2:
         d9:2b:85:b6:b4:2d:01:b6:40:f3:5c:e2:0d:be:f9:a2:98:46:
         69:5f:21:db:e7:85:2b:c7:93:0b:73:97:95:36:ec:98:e0:36:
         50:bb:62:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKZAoT7MXjeqFsniPIOba9UJKzswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMDUxNDU2MThaFw0yNzAzMDQxNTAxMThaMDMxMTAvBgNV
BAMTKDVBQTU2ODAzNTE4ODU5Qjc2MzcxMjNGNzVFQkEzMDU2RjdBMTM0ODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFuKfYSZtXIPKAsdADrOlZLugx
Yydo6uPHrNStYtEc7GByojIY5dQ47ekJnP6cIZIJ0KMSSjOawS12VdmZPkn+GOK4
U99BEsIr0sDJicStpV2O/YAWM6QXLs9v8PD9fSBGgntjqVReSaXFo5sQr5Gsi0Ez
qObdPptv5WjTHHw4QiWaU0nSAegXpZ3t2UpZG/yWeDav1nBy7IHLBbDXJnLeovtb
H3Z/4qg2nRdY74gQS5gkr5KJxXekx8ZcmV4SIhjQ6Y/asU8ctRmOButDsl3YrbN9
GloLdZUXreCq1PfdgCZdBUMpcRUApdTx/Zfqs8gnp0sqGwAb77dv5jmicx9/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWqVoA1GIWbdjcSP3XrowVvehNIIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjAwNDY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQva
MA0GCSqGSIb3DQEBCwUAA4IBAQBVqnpVPAi1K6aoeRKvn8meo4HR7UCvMGub0A7g
yykcsaOK/JblRbJXRdWdms3tJhF7+i0wvFY5uDB21XnkqmrWp1X8qAlPK/ehjgzA
9/gBOH8+jH664Q+i9wPp7v1xeuirRVF0dWN/WL92k7XOdAeVl7RsVXqr+36CH0Y7
Qaz6xS1GyVrUSAbd0UWLjr4kFg9zu89VXaKBlSOoP8EmTUHT8qEYqaTccye5veoW
n1eLaoIswpF7HG6U27AZqlwXct5GT7YmwMfvbgSG5K4CNNkcywUdbzdQXrLZK4W2
tC0BtkDzXOINvvmimEZpXyHb54Urx5MLc5eVNuyY4DZQu2LR
-----END CERTIFICATE-----