Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200590.roa
File:                     AS200590.roa (raw, json)
Hash identifier:          nnzYFclBZB5wjqstS5q7J7MkVX7yBIpbKhLQ4bVLMq4=
Subject key identifier:   7C:CD:E6:CF:7E:41:EA:F9:A4:EF:18:7E:A0:E0:05:42:D1:D1:F0:AB
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       61DDFC15E48552AEDDDF16CACBC0891A8CCAE91A
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200590.roa
Signing time:             Tue 03 Mar 2026 15:53:01 +0000
ROA not before:           Tue 03 Mar 2026 15:48:01 +0000
ROA not after:            Tue 02 Mar 2027 15:53:01 +0000
asID:                     200590
IP address blocks:        178.95.0.0/24 maxlen: 24
                          178.95.1.0/24 maxlen: 24
                          178.95.2.0/24 maxlen: 24
                          178.95.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:dd:fc:15:e4:85:52:ae:dd:df:16:ca:cb:c0:89:1a:8c:ca:e9:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar  3 15:48:01 2026 GMT
            Not After : Mar  2 15:53:01 2027 GMT
        Subject: CN=7CCDE6CF7E41EAF9A4EF187EA0E00542D1D1F0AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ab:b5:87:71:14:5e:bc:b6:65:3f:b0:f6:19:
                    bb:10:f0:a3:c2:aa:f4:57:52:90:d9:00:bd:52:ec:
                    11:1b:a0:a9:b3:ff:30:1b:79:66:dd:15:a9:74:70:
                    15:0a:7e:85:12:82:0c:fc:68:25:f4:bd:b3:d7:63:
                    49:e5:e8:16:3e:84:e4:37:34:16:d2:7b:e5:41:48:
                    3f:7f:7c:eb:15:37:f5:87:f8:52:2e:f2:7f:04:7b:
                    c6:4c:d1:66:41:c9:99:49:c5:87:69:a3:1f:1b:0e:
                    f0:f0:39:c9:d1:d8:db:51:4f:02:78:e3:cb:cf:b6:
                    2c:45:ed:66:6e:d6:d3:68:4b:22:a3:07:57:21:50:
                    26:75:62:fe:53:bc:2d:e7:42:4c:d5:a0:c7:61:64:
                    d3:0c:bf:b6:ba:bd:c4:64:be:a3:bb:85:62:ec:63:
                    06:8c:39:c3:bf:e1:f4:37:36:da:1f:81:f1:4c:b4:
                    b5:11:b9:17:4a:90:05:fd:56:e8:e2:ed:27:a9:cb:
                    76:2a:88:6b:ee:61:c2:57:99:18:13:b5:ba:0a:f5:
                    5e:56:a8:37:ab:03:1f:36:2d:83:68:d1:3e:fa:5d:
                    d9:e0:a3:09:c4:2e:c1:c7:f4:aa:46:96:01:a9:e0:
                    c1:ba:38:72:43:f9:f7:11:12:a3:ce:b9:ce:26:df:
                    14:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:CD:E6:CF:7E:41:EA:F9:A4:EF:18:7E:A0:E0:05:42:D1:D1:F0:AB
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200590.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:22:6b:e7:b2:c7:e3:24:0d:b9:fe:4f:1b:b9:1c:b0:66:f3:
         d2:1b:d6:0f:23:16:4d:66:01:db:66:28:f9:fa:b2:21:0c:ef:
         2b:11:03:59:02:b1:0a:98:9b:10:56:c1:59:58:b0:63:37:f6:
         b3:d8:f3:95:21:5f:38:1e:a2:e7:bc:af:3e:7f:6c:40:81:e1:
         0c:9c:dc:a2:20:58:18:70:f5:5b:7a:61:94:af:5a:0e:c0:58:
         cc:a5:9f:d7:9f:14:ff:0b:cb:98:8e:e8:28:32:07:0b:77:98:
         c2:d9:97:77:33:74:80:b5:cc:00:5c:1d:7c:fd:a1:3c:7b:20:
         7d:20:da:6d:87:e0:bd:94:19:56:b2:21:2a:95:74:3b:90:6a:
         2e:e5:80:cb:35:f8:7c:f3:49:32:4c:01:84:87:83:74:4b:8a:
         5f:ad:6c:2d:ce:32:4d:79:46:18:d0:cf:3b:74:a9:d7:d7:30:
         76:56:5b:5a:76:78:d9:e7:bd:25:be:25:32:53:cb:56:ba:26:
         95:0c:d2:41:06:04:74:33:18:07:2d:3b:e7:ab:17:69:e0:d6:
         49:9c:6a:ab:13:0f:10:15:23:1b:c8:27:ed:c7:9b:75:ef:81:
         ba:05:98:fe:df:8c:c7:3d:d2:4b:2a:0f:62:c6:72:a2:77:1c:
         f3:74:4f:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYd38FeSFUq7d3xbKy8CJGozK6RowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMDMxNTQ4MDFaFw0yNzAzMDIxNTUzMDFaMDMxMTAvBgNV
BAMTKDdDQ0RFNkNGN0U0MUVBRjlBNEVGMTg3RUEwRTAwNTQyRDFEMUYwQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtq7WHcRRevLZlP7D2GbsQ8KPC
qvRXUpDZAL1S7BEboKmz/zAbeWbdFal0cBUKfoUSggz8aCX0vbPXY0nl6BY+hOQ3
NBbSe+VBSD9/fOsVN/WH+FIu8n8Ee8ZM0WZByZlJxYdpox8bDvDwOcnR2NtRTwJ4
48vPtixF7WZu1tNoSyKjB1chUCZ1Yv5TvC3nQkzVoMdhZNMMv7a6vcRkvqO7hWLs
YwaMOcO/4fQ3NtofgfFMtLURuRdKkAX9Vuji7Sepy3YqiGvuYcJXmRgTtboK9V5W
qDerAx82LYNo0T76XdngownELsHH9KpGlgGp4MG6OHJD+fcREqPOuc4m3xR/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfM3mz35B6vmk7xh+oOAFQtHR8KswHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAwNTkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsl8A
MA0GCSqGSIb3DQEBCwUAA4IBAQBTImvnssfjJA25/k8buRywZvPSG9YPIxZNZgHb
Zij5+rIhDO8rEQNZArEKmJsQVsFZWLBjN/az2POVIV84HqLnvK8+f2xAgeEMnNyi
IFgYcPVbemGUr1oOwFjMpZ/XnxT/C8uYjugoMgcLd5jC2Zd3M3SAtcwAXB18/aE8
eyB9INpth+C9lBlWsiEqlXQ7kGou5YDLNfh880kyTAGEh4N0S4pfrWwtzjJNeUYY
0M87dKnX1zB2VltadnjZ570lviUyU8tWuiaVDNJBBgR0MxgHLTvnqxdp4NZJnGqr
Ew8QFSMbyCftx5t174G6BZj+34zHPdJLKg9ixnKidxzzdE/2
-----END CERTIFICATE-----