Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200193.roa
File:                     AS200193.roa (raw, json)
Hash identifier:          gnsdOSV6qKwGY5AiND93+eIY+EvTMc3fSXT6fxmc4+s=
Subject key identifier:   4B:AD:C3:2A:D1:D3:F9:1A:97:00:E4:F3:77:EC:93:5B:14:D4:50:A5
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2D20F07B48CF372BE28AC77FBA09F41E03484686
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200193.roa
Signing time:             Mon 04 Aug 2025 10:19:43 +0000
ROA not before:           Mon 04 Aug 2025 10:14:43 +0000
ROA not after:            Mon 03 Aug 2026 10:19:43 +0000
asID:                     200193
IP address blocks:        167.148.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:20:f0:7b:48:cf:37:2b:e2:8a:c7:7f:ba:09:f4:1e:03:48:46:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  4 10:14:43 2025 GMT
            Not After : Aug  3 10:19:43 2026 GMT
        Subject: CN=4BADC32AD1D3F91A9700E4F377EC935B14D450A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:12:c4:26:3f:ef:27:80:7c:05:1e:76:33:41:
                    20:b3:71:36:76:61:32:54:53:bd:5b:09:66:24:ad:
                    09:7f:41:02:3b:b1:6f:0c:ec:16:7f:f8:08:4c:09:
                    30:ce:14:fe:7d:99:56:9c:09:ec:4d:1b:e8:27:6d:
                    8e:25:c1:e1:45:95:17:12:50:1a:b5:cf:05:6a:dc:
                    3f:aa:35:e8:52:61:38:76:39:37:70:8a:32:0e:37:
                    53:5e:7f:6f:eb:75:ee:b8:58:36:82:54:8d:67:02:
                    6a:aa:7e:49:58:7d:d2:a8:3d:ad:64:4f:8c:ed:45:
                    d6:a7:03:bf:b2:0d:b3:83:65:e6:de:a4:e8:97:c0:
                    a3:fc:bc:fa:19:5b:7b:46:cd:fc:89:d0:e5:11:cf:
                    cf:ed:19:29:85:0f:ab:60:41:b3:77:ed:fc:5b:7b:
                    73:9e:43:25:62:8d:1a:dd:64:5e:79:ff:fe:d9:d9:
                    98:04:1a:1b:92:d5:71:42:a9:0e:00:61:73:1e:bd:
                    df:d0:48:30:fc:7b:72:af:78:76:b2:df:35:38:ee:
                    18:c1:aa:fb:84:7e:c3:ba:f5:6e:4f:2b:9f:f7:bc:
                    80:ff:88:d2:65:60:e5:c9:d7:fe:4e:ab:7a:77:25:
                    dd:ce:de:61:04:91:29:d0:a5:9f:33:45:e0:d9:09:
                    71:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:AD:C3:2A:D1:D3:F9:1A:97:00:E4:F3:77:EC:93:5B:14:D4:50:A5
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200193.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:13:a2:95:90:e3:ab:1f:75:c2:ed:b0:5b:3e:57:b4:42:54:
         f7:49:74:1e:db:f8:6f:f0:65:6e:21:e2:9b:33:ad:87:2d:5f:
         26:a8:e1:ed:da:78:38:72:61:d8:22:35:56:83:d1:b1:36:a6:
         c0:6e:1f:0f:12:15:39:59:f8:84:a1:06:90:7e:66:62:70:86:
         d5:c7:2a:3c:85:b6:87:bf:90:60:1b:ec:ac:32:06:4e:71:b7:
         77:0d:97:95:f3:dc:8d:3b:e7:dc:65:be:00:79:e2:6d:b6:57:
         ac:2c:fb:b3:1c:4c:95:f8:28:05:06:24:77:b3:6c:2c:a8:27:
         c1:a9:d8:ac:63:ca:bc:b7:26:69:3c:dd:bb:85:32:8a:e7:b7:
         b5:ff:9f:01:77:85:b1:80:c3:f5:bc:26:86:e0:ca:4f:d7:de:
         58:c0:01:62:15:2d:4a:34:4a:33:ee:61:2a:be:e5:7c:be:47:
         24:44:7e:4d:ad:89:a6:42:3b:52:eb:46:93:b5:65:ce:90:60:
         2c:1a:b4:b7:d1:bc:0e:6c:b3:34:52:8b:b3:e4:71:87:b5:d4:
         12:a1:4a:4e:74:a3:d0:5c:87:c9:79:65:83:9f:e0:20:14:bc:
         41:a9:d8:f8:f3:55:97:61:f1:fc:40:be:75:a2:47:78:5f:f9:
         41:99:30:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULSDwe0jPNyviisd/ugn0HgNIRoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDQxMDE0NDNaFw0yNjA4MDMxMDE5NDNaMDMxMTAvBgNV
BAMTKDRCQURDMzJBRDFEM0Y5MUE5NzAwRTRGMzc3RUM5MzVCMTRENDUwQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeEsQmP+8ngHwFHnYzQSCzcTZ2
YTJUU71bCWYkrQl/QQI7sW8M7BZ/+AhMCTDOFP59mVacCexNG+gnbY4lweFFlRcS
UBq1zwVq3D+qNehSYTh2OTdwijION1Nef2/rde64WDaCVI1nAmqqfklYfdKoPa1k
T4ztRdanA7+yDbODZebepOiXwKP8vPoZW3tGzfyJ0OURz8/tGSmFD6tgQbN37fxb
e3OeQyVijRrdZF55//7Z2ZgEGhuS1XFCqQ4AYXMevd/QSDD8e3KveHay3zU47hjB
qvuEfsO69W5PK5/3vID/iNJlYOXJ1/5Oq3p3Jd3O3mEEkSnQpZ8zReDZCXENAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUS63DKtHT+RqXAOTzd+yTWxTUUKUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAwMTkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5Rz
MA0GCSqGSIb3DQEBCwUAA4IBAQBvE6KVkOOrH3XC7bBbPle0QlT3SXQe2/hv8GVu
IeKbM62HLV8mqOHt2ng4cmHYIjVWg9GxNqbAbh8PEhU5WfiEoQaQfmZicIbVxyo8
hbaHv5BgG+ysMgZOcbd3DZeV89yNO+fcZb4AeeJttlesLPuzHEyV+CgFBiR3s2ws
qCfBqdisY8q8tyZpPN27hTKK57e1/58Bd4WxgMP1vCaG4MpP195YwAFiFS1KNEoz
7mEqvuV8vkckRH5NrYmmQjtS60aTtWXOkGAsGrS30bwObLM0Uouz5HGHtdQSoUpO
dKPQXIfJeWWDn+AgFLxBqdj481WXYfH8QL51okd4X/lBmTDF
-----END CERTIFICATE-----