Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200019.roa
File:                     AS200019.roa (raw, json)
Hash identifier:          3hwIWFDplahTcLTludX90q1gRXl7MGA0owjrXxaWjJs=
Subject key identifier:   87:81:2A:08:A2:79:41:D1:EB:62:AD:C1:11:19:5C:C0:0A:73:5A:46
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2ED0B76B0573961C6177F7FEE83967EE64D7C554
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200019.roa
Signing time:             Fri 20 Mar 2026 01:46:49 +0000
ROA not before:           Fri 20 Mar 2026 01:41:49 +0000
ROA not after:            Fri 19 Mar 2027 01:46:49 +0000
asID:                     200019
IP address blocks:        181.215.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:d0:b7:6b:05:73:96:1c:61:77:f7:fe:e8:39:67:ee:64:d7:c5:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 20 01:41:49 2026 GMT
            Not After : Mar 19 01:46:49 2027 GMT
        Subject: CN=87812A08A27941D1EB62ADC111195CC00A735A46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:75:57:80:b9:77:f2:d7:1b:a5:16:ee:75:fd:
                    b4:ea:9e:b6:4d:d9:38:24:8f:bf:5f:36:9d:72:ad:
                    4e:0f:bf:83:7c:83:12:2e:81:fc:56:52:d0:64:a4:
                    2c:db:c9:fb:e1:1d:c2:f9:eb:a7:4e:b8:48:c9:3a:
                    af:11:60:34:3f:da:7d:2c:5b:bc:fc:c3:99:f6:0b:
                    a0:a3:b9:54:2c:cd:84:16:e8:66:22:61:52:78:0b:
                    66:e0:ea:67:b9:c3:50:67:3a:f2:68:fb:4e:0d:f8:
                    ec:84:83:7e:c4:fe:ba:4f:03:6d:5e:69:f0:3c:87:
                    47:25:be:51:03:c3:1b:46:0f:59:bf:1d:a1:bc:db:
                    93:4f:bd:ab:9f:2d:b0:d1:3d:5a:34:2a:aa:00:2e:
                    39:6c:d0:36:36:4d:b8:c2:06:48:1b:16:e9:69:90:
                    30:61:46:5a:7a:e1:7a:f8:97:23:9d:2f:51:62:17:
                    bc:07:e6:59:f5:83:ad:fc:71:0e:df:89:97:1a:a1:
                    c6:29:e4:4e:ea:6f:aa:2d:0d:88:b3:00:b4:69:7b:
                    3b:ec:87:2d:5b:63:d7:05:39:6f:48:7e:d7:09:d1:
                    1e:bf:a6:6d:d0:d5:25:2e:70:61:17:13:80:bb:47:
                    a3:d2:c0:63:c0:2c:31:99:b5:4b:87:45:bf:8d:82:
                    a4:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:81:2A:08:A2:79:41:D1:EB:62:AD:C1:11:19:5C:C0:0A:73:5A:46
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200019.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:35:8e:5f:79:9e:48:f3:1f:40:6b:c5:4c:64:43:63:fe:15:
         22:22:34:60:1c:37:61:9a:9a:11:40:2d:5b:6f:03:68:29:68:
         b2:4b:74:fe:76:41:19:50:27:c5:67:fe:1f:bc:73:39:2a:1c:
         dc:6f:f0:c5:70:a9:9d:dc:9f:44:2b:b3:6f:8b:3b:84:61:77:
         d0:c8:ab:ae:72:e0:79:5b:9d:12:7b:c1:4f:eb:d1:97:b8:03:
         bb:0e:e5:e9:15:9f:72:40:c0:19:25:b6:38:7d:b9:5f:5a:80:
         ac:9c:ed:1a:3d:d2:d5:a5:76:6e:ee:f4:7d:e2:8b:96:2c:a2:
         a9:c4:90:c8:1b:23:68:03:ab:9a:e9:8e:94:a5:a7:a0:2f:03:
         be:e8:56:3c:c5:8f:24:6a:00:05:bd:90:0b:58:e7:a8:79:ac:
         9c:11:dc:ed:81:4e:22:cf:5a:b7:f1:98:18:20:cb:b2:77:7f:
         5a:21:d0:81:c5:ea:4a:9d:20:05:37:e1:48:76:b8:d0:fe:c5:
         34:de:6d:c9:33:60:5f:74:8b:02:eb:e0:0d:cd:af:8f:7d:61:
         09:1b:85:0d:61:33:9a:1e:e2:5b:20:bb:be:39:1e:17:0e:98:
         42:26:84:50:c8:f0:f4:85:dc:e7:c6:32:14:37:66:53:14:23:
         1e:ad:4a:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULtC3awVzlhxhd/f+6Dln7mTXxVQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjAwMTQxNDlaFw0yNzAzMTkwMTQ2NDlaMDMxMTAvBgNV
BAMTKDg3ODEyQTA4QTI3OTQxRDFFQjYyQURDMTExMTk1Q0MwMEE3MzVBNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTdVeAuXfy1xulFu51/bTqnrZN
2Tgkj79fNp1yrU4Pv4N8gxIugfxWUtBkpCzbyfvhHcL566dOuEjJOq8RYDQ/2n0s
W7z8w5n2C6CjuVQszYQW6GYiYVJ4C2bg6me5w1BnOvJo+04N+OyEg37E/rpPA21e
afA8h0clvlEDwxtGD1m/HaG825NPvaufLbDRPVo0KqoALjls0DY2TbjCBkgbFulp
kDBhRlp64Xr4lyOdL1FiF7wH5ln1g638cQ7fiZcaocYp5E7qb6otDYizALRpezvs
hy1bY9cFOW9IftcJ0R6/pm3Q1SUucGEXE4C7R6PSwGPALDGZtUuHRb+NgqTpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUh4EqCKJ5QdHrYq3BERlcwApzWkYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMDE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdeq
MA0GCSqGSIb3DQEBCwUAA4IBAQB6NY5feZ5I8x9Aa8VMZENj/hUiIjRgHDdhmpoR
QC1bbwNoKWiyS3T+dkEZUCfFZ/4fvHM5Khzcb/DFcKmd3J9EK7NvizuEYXfQyKuu
cuB5W50Se8FP69GXuAO7DuXpFZ9yQMAZJbY4fblfWoCsnO0aPdLVpXZu7vR94ouW
LKKpxJDIGyNoA6ua6Y6UpaegLwO+6FY8xY8kagAFvZALWOeoeaycEdztgU4iz1q3
8ZgYIMuyd39aIdCBxepKnSAFN+FIdrjQ/sU03m3JM2BfdIsC6+ANza+PfWEJG4UN
YTOaHuJbILu+OR4XDphCJoRQyPD0hdznxjIUN2ZTFCMerUpb
-----END CERTIFICATE-----