Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200193.roa
File:                     AS200193.roa (raw, json)
Hash identifier:          OKlWNQ+JuclXWCadKhg2Ahzj3gUOJfWU7AEDUrqbZ8M=
Subject key identifier:   A1:38:B1:BD:C8:22:9F:B9:2B:BC:4B:9B:67:92:DA:F7:CE:A5:41:D4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       38109223D33313BACAC9FC2D77BE08E70AFDD875
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200193.roa
Signing time:             Fri 05 Jun 2026 10:02:06 +0000
ROA not before:           Fri 05 Jun 2026 09:57:06 +0000
ROA not after:            Fri 04 Jun 2027 10:02:06 +0000
asID:                     200193
IP address blocks:        155.117.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:10:92:23:d3:33:13:ba:ca:c9:fc:2d:77:be:08:e7:0a:fd:d8:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  5 09:57:06 2026 GMT
            Not After : Jun  4 10:02:06 2027 GMT
        Subject: CN=A138B1BDC8229FB92BBC4B9B6792DAF7CEA541D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e1:3f:ec:b8:7c:d7:09:7e:df:e0:be:86:51:
                    a5:f6:fc:36:61:28:ba:2c:f2:0f:9a:9d:85:df:c5:
                    e8:f7:fb:26:4e:4f:12:e7:00:55:5f:7f:34:b7:17:
                    6d:6b:25:2a:77:cc:ba:02:a5:29:af:25:ff:36:c9:
                    7b:00:8f:40:4b:91:f0:0d:fa:6f:b4:82:57:96:94:
                    fd:b0:09:1d:3d:b6:3c:da:bd:ed:a6:cf:9c:82:c8:
                    d4:70:b0:80:ef:36:2b:69:33:3b:cb:97:a5:cd:e8:
                    84:31:e6:64:2d:b2:4f:c4:24:27:ec:27:6e:17:74:
                    81:a3:4d:c2:c9:7a:23:5d:e9:d3:d9:15:34:43:6f:
                    fc:08:db:18:c9:0d:54:75:4d:ff:8a:f6:51:a8:86:
                    93:62:bc:bd:95:31:27:3f:1a:cb:22:08:3c:43:7d:
                    d9:c4:bf:43:cd:11:51:2b:2b:61:80:77:87:7e:e7:
                    df:e5:ff:28:f1:72:e0:c1:d7:f7:47:65:df:5d:b4:
                    30:01:36:19:c2:56:5b:8a:da:11:33:79:0d:40:1a:
                    4a:a2:f4:34:ec:00:cb:8a:b8:c7:09:99:8c:a7:3f:
                    f7:9f:c9:54:90:a4:51:30:1a:05:81:b2:c3:d2:2b:
                    28:a1:87:0a:50:59:ed:ae:82:09:36:b1:90:e2:dc:
                    6c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:38:B1:BD:C8:22:9F:B9:2B:BC:4B:9B:67:92:DA:F7:CE:A5:41:D4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200193.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d4:9c:f4:34:cd:77:07:b1:a3:f5:29:9b:8d:88:0b:95:03:
         fa:f8:22:a0:b3:73:89:1b:68:3a:bd:79:76:49:3e:02:cb:f6:
         63:a5:06:39:04:2a:93:13:27:30:c4:19:5b:cc:4a:62:1d:7b:
         c0:fd:bb:59:72:b7:9d:7c:b8:79:a4:0a:40:c0:fe:bc:18:ea:
         82:e6:68:f3:a5:da:1e:38:9f:11:84:e6:7e:27:89:a4:09:eb:
         b7:47:52:5f:7b:f0:5c:3f:2d:7a:0c:1e:93:c8:89:09:06:5d:
         42:35:6a:bb:30:a6:14:d5:69:3f:e7:67:ab:69:13:43:d2:54:
         50:ef:c3:e7:d4:dd:4e:80:fa:55:ca:c1:bf:c2:7e:07:a2:ad:
         13:88:d7:c3:4c:db:76:00:6d:0f:20:c2:9d:f6:a2:ec:69:7c:
         37:3b:7f:2c:4b:a8:54:d2:49:9f:d4:f2:22:6c:6b:82:5b:c5:
         cf:75:6b:9d:fd:e4:4f:b3:89:a8:dd:70:ad:71:30:e9:71:f4:
         ac:8d:81:02:ae:7b:8a:7f:46:73:4b:1e:54:65:a2:02:96:bc:
         39:e6:99:d7:99:fa:76:80:0a:7b:7e:cd:16:68:10:a2:1b:9e:
         0b:8c:ee:e7:10:6d:e2:fd:d1:23:76:03:60:8a:9e:ff:f8:37:
         b3:30:52:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOBCSI9MzE7rKyfwtd74I5wr92HUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDUwOTU3MDZaFw0yNzA2MDQxMDAyMDZaMDMxMTAvBgNV
BAMTKEExMzhCMUJEQzgyMjlGQjkyQkJDNEI5QjY3OTJEQUY3Q0VBNTQxRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO4T/suHzXCX7f4L6GUaX2/DZh
KLos8g+anYXfxej3+yZOTxLnAFVffzS3F21rJSp3zLoCpSmvJf82yXsAj0BLkfAN
+m+0gleWlP2wCR09tjzave2mz5yCyNRwsIDvNitpMzvLl6XN6IQx5mQtsk/EJCfs
J24XdIGjTcLJeiNd6dPZFTRDb/wI2xjJDVR1Tf+K9lGohpNivL2VMSc/GssiCDxD
fdnEv0PNEVErK2GAd4d+59/l/yjxcuDB1/dHZd9dtDABNhnCVluK2hEzeQ1AGkqi
9DTsAMuKuMcJmYynP/efyVSQpFEwGgWBssPSKyihhwpQWe2uggk2sZDi3Gz9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoTixvcgin7krvEubZ5La986lQdQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAwMTkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3UR
MA0GCSqGSIb3DQEBCwUAA4IBAQCZ1Jz0NM13B7Gj9SmbjYgLlQP6+CKgs3OJG2g6
vXl2ST4Cy/ZjpQY5BCqTEycwxBlbzEpiHXvA/btZcredfLh5pApAwP68GOqC5mjz
pdoeOJ8RhOZ+J4mkCeu3R1Jfe/BcPy16DB6TyIkJBl1CNWq7MKYU1Wk/52eraRND
0lRQ78Pn1N1OgPpVysG/wn4Hoq0TiNfDTNt2AG0PIMKd9qLsaXw3O38sS6hU0kmf
1PIibGuCW8XPdWud/eRPs4mo3XCtcTDpcfSsjYECrnuKf0ZzSx5UZaIClrw55pnX
mfp2gAp7fs0WaBCiG54LjO7nEG3i/dEjdgNgip7/+DezMFJO
-----END CERTIFICATE-----