Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200236.roa
File:                     AS200236.roa (raw, json)
Hash identifier:          sexdEtE1y7zI1jGgh81zLyZ5/2wVtBL3BBrCUzDbSwA=
Subject key identifier:   18:BA:F4:C7:D7:42:E5:2F:FD:54:82:C1:CB:1E:24:32:FD:B6:35:5E
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       2B3E8197C72DBC14E07FFDD758A71815AF84774F
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200236.roa
Signing time:             Mon 16 Mar 2026 07:43:15 +0000
ROA not before:           Mon 16 Mar 2026 07:38:15 +0000
ROA not after:            Mon 15 Mar 2027 07:43:15 +0000
asID:                     200236
IP address blocks:        2a14:7580:ffed::/48 maxlen: 48
                          2a14:7582::/32 maxlen: 32
                          2a14:7584:c000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:3e:81:97:c7:2d:bc:14:e0:7f:fd:d7:58:a7:18:15:af:84:77:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Mar 16 07:38:15 2026 GMT
            Not After : Mar 15 07:43:15 2027 GMT
        Subject: CN=18BAF4C7D742E52FFD5482C1CB1E2432FDB6355E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a9:16:82:d6:94:89:c8:a5:ce:60:5a:5c:8c:
                    48:50:23:aa:eb:70:47:e4:c4:cb:a6:d9:54:05:42:
                    2e:a9:87:8a:ce:2f:9c:3d:5e:8d:ae:03:b9:08:1a:
                    b9:c0:83:03:08:4a:39:19:bf:84:0e:51:7a:f8:a1:
                    a9:62:86:aa:f7:90:39:2f:7a:22:cf:bb:5a:ca:e9:
                    c3:e7:b1:7d:ec:f6:34:92:22:30:33:63:4c:6a:15:
                    e2:03:b0:82:af:2d:3e:5e:dc:b7:46:db:7d:01:ed:
                    d7:cb:7d:19:14:9e:85:04:92:b6:12:44:43:c8:30:
                    27:93:6e:e4:28:e7:5d:d0:24:14:13:c7:be:6c:22:
                    2b:89:66:37:a7:ab:2b:38:37:ce:05:ec:00:0c:87:
                    b4:55:37:6e:bc:41:67:83:86:eb:81:88:28:97:26:
                    b9:70:38:2c:91:4a:b6:f3:26:81:94:a0:66:97:43:
                    3a:b1:a2:0b:55:41:bf:38:13:1b:14:64:e4:56:64:
                    24:1c:38:44:c1:8c:fa:40:d3:07:87:f2:b8:81:61:
                    5a:fa:18:b2:c9:e2:b5:ca:c0:7f:52:ab:45:f5:3a:
                    19:ed:23:c0:8b:ce:dc:a1:8c:da:8c:10:d1:dd:ff:
                    1b:74:98:6b:79:9d:ae:3a:6d:ef:71:e5:a0:93:e4:
                    b1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BA:F4:C7:D7:42:E5:2F:FD:54:82:C1:CB:1E:24:32:FD:B6:35:5E
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ffed::/48
                  2a14:7582::/32
                  2a14:7584:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         5d:42:3b:89:89:70:3e:32:0f:b2:9c:c4:37:85:08:5a:e3:a8:
         66:65:54:68:04:0c:56:f1:14:f5:7e:07:1a:d2:43:f5:b6:13:
         61:73:ba:50:01:b1:21:bf:fa:df:9a:e0:0b:f2:7d:1a:e5:50:
         1c:bc:91:df:ea:21:74:c7:aa:76:c6:11:44:5a:1b:76:ab:df:
         55:e1:ae:a3:ea:bb:58:32:52:c6:e7:67:95:68:d0:9c:89:24:
         bb:f6:1c:c6:e8:79:8a:59:01:cf:d7:3e:2b:0b:b6:b0:a5:96:
         b5:d6:34:77:27:d9:13:fa:76:85:93:aa:be:a5:34:69:00:3a:
         f7:ec:82:a9:ea:ce:cf:09:f9:e9:d3:a0:24:d3:f2:cd:35:98:
         1e:2d:6d:19:40:23:42:e3:08:46:5c:f8:81:81:9d:a5:bc:91:
         07:7f:c9:61:03:ea:d5:0a:27:be:3d:16:f1:d4:22:a5:c7:5a:
         16:03:f7:17:09:a8:c6:13:91:93:a2:2d:dd:e3:a7:c5:72:cd:
         81:7a:d0:6f:1e:9e:be:c8:cb:3d:ab:21:c5:e6:e6:12:b8:3b:
         e0:47:05:58:62:b4:93:a1:60:6d:f9:c7:ba:cc:fd:3d:51:fa:
         c9:13:f9:18:cf:83:a3:3f:85:7f:96:c3:87:bf:fc:64:97:24:
         8f:64:66:8a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIUKz6Bl8ctvBTgf/3XWKcYFa+Ed08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAzMTYwNzM4MTVaFw0yNzAzMTUwNzQzMTVaMDMxMTAvBgNV
BAMTKDE4QkFGNEM3RDc0MkU1MkZGRDU0ODJDMUNCMUUyNDMyRkRCNjM1NUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrqRaC1pSJyKXOYFpcjEhQI6rr
cEfkxMum2VQFQi6ph4rOL5w9Xo2uA7kIGrnAgwMISjkZv4QOUXr4oalihqr3kDkv
eiLPu1rK6cPnsX3s9jSSIjAzY0xqFeIDsIKvLT5e3LdG230B7dfLfRkUnoUEkrYS
REPIMCeTbuQo513QJBQTx75sIiuJZjenqys4N84F7AAMh7RVN268QWeDhuuBiCiX
JrlwOCyRSrbzJoGUoGaXQzqxogtVQb84ExsUZORWZCQcOETBjPpA0weH8riBYVr6
GLLJ4rXKwH9Sq0X1OhntI8CLztyhjNqMENHd/xt0mGt5na46be9x5aCT5LHVAgMB
AAGjggIcMIICGDAdBgNVHQ4EFgQUGLr0x9dC5S/9VILByx4kMv22NV4wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjAwMjM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAAjAYAwcAKhR1
gP/tAwUAKhR1ggMGBCoUdYTAMA0GCSqGSIb3DQEBCwUAA4IBAQBdQjuJiXA+Mg+y
nMQ3hQha46hmZVRoBAxW8RT1fgca0kP1thNhc7pQAbEhv/rfmuAL8n0a5VAcvJHf
6iF0x6p2xhFEWht2q99V4a6j6rtYMlLG52eVaNCciSS79hzG6HmKWQHP1z4rC7aw
pZa11jR3J9kT+naFk6q+pTRpADr37IKp6s7PCfnp06Ak0/LNNZgeLW0ZQCNC4whG
XPiBgZ2lvJEHf8lhA+rVCie+PRbx1CKlx1oWA/cXCajGE5GToi3d46fFcs2BetBv
Hp6+yMs9qyHF5uYSuDvgRwVYYrSToWBt+ce6zP09UfrJE/kYz4OjP4V/lsOHv/xk
lySPZGaK
-----END CERTIFICATE-----