Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200088.roa
File:                     AS200088.roa (raw, json)
Hash identifier:          HlxBRA3L5p/z58oBlEnohcqguSDLiLMxhfbodT8rZiw=
Subject key identifier:   C1:7E:CC:3A:C8:46:77:81:1E:7F:F7:F8:20:24:B1:DB:8C:C5:A2:90
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7C3B93DDA6100825B0B92C2C97CF01C502F2D153
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200088.roa
Signing time:             Sat 01 Nov 2025 02:55:11 +0000
ROA not before:           Sat 01 Nov 2025 02:50:11 +0000
ROA not after:            Sat 31 Oct 2026 02:55:11 +0000
asID:                     200088
IP address blocks:        46.203.97.0/24 maxlen: 24
                          46.203.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Nov 2025 01:29:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:3b:93:dd:a6:10:08:25:b0:b9:2c:2c:97:cf:01:c5:02:f2:d1:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov  1 02:50:11 2025 GMT
            Not After : Oct 31 02:55:11 2026 GMT
        Subject: CN=C17ECC3AC84677811E7FF7F82024B1DB8CC5A290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:8b:81:47:4c:1c:ff:77:70:8e:38:a2:70:20:
                    5d:b1:5e:ba:ff:80:63:2e:67:fd:24:d0:bf:54:92:
                    19:5a:c5:b4:fa:2d:48:9e:0f:59:47:94:38:c7:26:
                    63:e7:0a:03:75:0c:0e:88:c6:e4:40:55:1f:25:e8:
                    6b:fc:4f:fa:d8:cb:11:cc:f3:c9:40:3f:c4:17:6b:
                    fe:4e:35:b0:6a:59:a3:24:10:43:6a:c6:3a:dd:5f:
                    cd:31:da:cf:4e:dd:8b:a7:31:0e:d2:7a:b7:5f:1a:
                    f0:9f:c5:5d:6e:41:18:1b:2b:44:46:67:17:ba:18:
                    db:8a:28:75:21:c1:72:dd:f8:a9:f9:e0:ca:f7:4f:
                    0c:17:33:cb:e2:00:41:62:af:bc:8a:07:07:6d:9e:
                    3d:6b:44:0c:ad:89:93:f7:3e:f4:37:c9:3a:17:aa:
                    23:46:46:07:32:81:71:e5:6d:74:be:82:98:52:3f:
                    8b:39:0e:99:e3:22:d6:a6:05:76:ae:b7:e1:c2:4f:
                    bf:10:e8:5c:d1:0b:69:68:56:90:f3:2b:5d:7c:1d:
                    a2:d4:a9:32:29:28:94:20:36:a0:0f:81:f1:ac:43:
                    3a:2a:76:14:a4:31:81:4b:cf:a1:81:84:6b:e6:a2:
                    8f:99:92:ee:06:6f:91:e8:9e:9a:76:98:42:0c:b6:
                    7c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:7E:CC:3A:C8:46:77:81:1E:7F:F7:F8:20:24:B1:DB:8C:C5:A2:90
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200088.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.97.0/24
                  46.203.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:cc:01:20:52:1d:3c:82:64:6c:66:73:ff:fc:4d:3c:05:de:
         1e:92:b3:96:ca:68:9b:41:7f:f6:6c:cc:59:18:e6:9a:cc:01:
         fa:0e:50:9a:2d:b2:c5:d2:18:79:92:f9:44:14:1d:13:0a:93:
         29:30:49:38:fd:72:56:34:17:12:7d:6a:54:34:fb:56:02:19:
         0e:d8:48:06:b8:28:b9:fc:fe:3f:f3:9e:6c:83:c7:f9:61:58:
         50:a7:6b:03:1d:63:9b:9d:fa:df:56:b2:09:e3:c7:44:01:09:
         aa:15:f1:9a:01:5e:76:cf:ad:18:29:3b:12:67:ac:5b:8c:39:
         11:10:68:22:5a:24:ed:c9:0e:19:03:03:3c:c6:50:48:d4:a6:
         f3:dc:59:61:a7:9f:0f:44:1c:a6:fb:fe:e3:b2:ec:28:10:33:
         77:c5:87:d8:a5:b6:0b:0d:f0:e9:e9:8c:4c:97:88:d1:43:d8:
         b1:cb:48:42:b2:68:9c:03:8a:7a:22:5e:73:b1:3f:a4:25:c9:
         d3:d0:cc:cc:22:8d:2d:51:e7:12:ec:c9:72:bb:89:e0:53:c5:
         58:57:4d:d0:9b:5a:a2:b3:b0:ad:33:a1:cb:f8:1e:2f:42:36:
         0a:e7:e6:a0:92:aa:64:84:e5:91:f9:dd:e8:97:eb:c4:40:c9:
         bc:d7:f9:07
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUfDuT3aYQCCWwuSwsl88BxQLy0VMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTExMDEwMjUwMTFaFw0yNjEwMzEwMjU1MTFaMDMxMTAvBgNV
BAMTKEMxN0VDQzNBQzg0Njc3ODExRTdGRjdGODIwMjRCMURCOENDNUEyOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4i4FHTBz/d3COOKJwIF2xXrr/
gGMuZ/0k0L9UkhlaxbT6LUieD1lHlDjHJmPnCgN1DA6IxuRAVR8l6Gv8T/rYyxHM
88lAP8QXa/5ONbBqWaMkEENqxjrdX80x2s9O3YunMQ7SerdfGvCfxV1uQRgbK0RG
Zxe6GNuKKHUhwXLd+Kn54Mr3TwwXM8viAEFir7yKBwdtnj1rRAytiZP3PvQ3yToX
qiNGRgcygXHlbXS+gphSP4s5DpnjItamBXaut+HCT78Q6FzRC2loVpDzK118HaLU
qTIpKJQgNqAPgfGsQzoqdhSkMYFLz6GBhGvmoo+Zku4Gb5Honpp2mEIMtnwXAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUwX7MOshGd4Eef/f4ICSx24zFopAwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAwMDg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALsth
AwQALstmMA0GCSqGSIb3DQEBCwUAA4IBAQALzAEgUh08gmRsZnP//E08Bd4ekrOW
ymibQX/2bMxZGOaazAH6DlCaLbLF0hh5kvlEFB0TCpMpMEk4/XJWNBcSfWpUNPtW
AhkO2EgGuCi5/P4/855sg8f5YVhQp2sDHWObnfrfVrIJ48dEAQmqFfGaAV52z60Y
KTsSZ6xbjDkREGgiWiTtyQ4ZAwM8xlBI1Kbz3Flhp58PRBym+/7jsuwoEDN3xYfY
pbYLDfDp6YxMl4jRQ9ixy0hCsmicA4p6Il5zsT+kJcnT0MzMIo0tUecS7Mlyu4ng
U8VYV03Qm1qis7CtM6HL+B4vQjYK5+agkqpkhOWR+d3ol+vEQMm81/kH
-----END CERTIFICATE-----