Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200239.roa
File:                     AS200239.roa (raw, json)
Hash identifier:          prLbdw9dZY0Yws0GYsoXnIFt0wmYHot21SYlimvD+Mc=
Subject key identifier:   4A:02:72:F3:8E:EB:F1:AB:03:B5:F0:8F:31:70:07:48:8C:AD:D9:21
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       705C018AD98B983AC0C85ADB3C37E45DECB5A7AE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200239.roa
Signing time:             Wed 23 Jul 2025 13:34:59 +0000
ROA not before:           Wed 23 Jul 2025 13:29:59 +0000
ROA not after:            Wed 22 Jul 2026 13:34:59 +0000
asID:                     200239
IP address blocks:        148.135.175.0/24 maxlen: 24
                          162.141.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:5c:01:8a:d9:8b:98:3a:c0:c8:5a:db:3c:37:e4:5d:ec:b5:a7:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 23 13:29:59 2025 GMT
            Not After : Jul 22 13:34:59 2026 GMT
        Subject: CN=4A0272F38EEBF1AB03B5F08F317007488CADD921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:60:bb:0b:5f:5f:73:0f:28:f1:37:ab:37:98:
                    74:08:8c:3a:94:20:7d:0e:6a:6b:8f:f4:56:f5:3c:
                    e2:49:99:a1:e5:6e:c7:05:b7:11:1a:48:dc:01:45:
                    7c:37:44:92:7f:29:4e:ad:c4:37:cd:db:53:0b:4b:
                    5f:44:f7:2a:d0:6f:86:48:81:de:79:d0:74:71:ec:
                    d8:e3:a4:0b:23:39:8c:be:32:e3:68:5a:99:85:7f:
                    c5:50:f9:4f:2c:94:eb:5b:45:c2:e8:78:b8:3d:bd:
                    97:72:c1:47:e3:c6:74:d5:93:bf:25:ae:d3:df:aa:
                    93:8c:7f:03:63:c0:17:5c:f2:86:f0:72:37:ae:73:
                    b2:25:9e:4d:1b:64:dc:42:cb:b4:fd:03:52:c7:9e:
                    d6:1e:73:39:af:36:4d:b5:68:1b:e0:98:f5:ba:84:
                    f3:a8:5b:65:4b:b6:4e:b4:05:dc:e3:c6:97:8c:c1:
                    99:3f:62:29:69:b5:f5:c1:8e:f1:c8:7b:84:b4:80:
                    ab:b7:24:56:9f:85:8f:71:1a:51:1f:9b:e1:70:d4:
                    d3:4d:1c:9e:f6:63:db:54:ea:6b:e0:2c:28:2b:d1:
                    29:18:09:29:4c:58:99:83:7c:8b:fa:51:75:ed:66:
                    ef:5b:53:fb:7f:8b:09:82:0c:55:35:b3:b9:01:42:
                    41:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:02:72:F3:8E:EB:F1:AB:03:B5:F0:8F:31:70:07:48:8C:AD:D9:21
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.175.0/24
                  162.141.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:37:99:ab:0b:88:60:c5:12:dc:bd:de:32:bb:c1:1b:a2:6d:
         76:9f:88:ca:d5:fb:5d:53:90:c7:89:02:90:e5:35:36:94:cb:
         cb:7b:c9:64:9c:8f:31:3d:e4:75:38:af:b9:a0:a8:ed:55:7b:
         84:cc:c1:3b:0c:56:f4:5b:3a:a5:63:4b:f5:0c:4d:07:73:bb:
         79:62:82:cd:f8:fe:3b:bf:c6:17:c6:bd:13:16:8e:8d:63:69:
         e4:47:ce:bc:06:8b:24:0c:b2:8b:da:60:cb:bf:b2:3e:77:34:
         0b:23:5f:4f:b7:cc:2f:2f:63:24:11:fb:66:6b:1f:d5:f9:e2:
         29:b1:cb:1d:be:ab:88:f3:1e:39:da:97:61:de:64:63:e7:06:
         29:02:b8:b4:44:ff:b3:d2:39:70:e8:94:dd:60:24:a6:e5:d3:
         77:1d:e9:1e:1b:ee:dc:ed:8c:1c:9d:01:d0:1c:d7:9b:a5:59:
         de:e5:60:84:61:c4:9b:11:41:3d:31:26:1d:61:2d:e5:87:48:
         f0:6e:f7:88:c4:f6:bf:6b:08:7e:96:c3:da:42:d0:13:cb:36:
         4f:f9:54:73:03:60:44:50:c3:65:d8:7e:6d:27:16:e0:10:ab:
         d0:7a:54:5c:66:22:ed:a0:de:43:f1:f1:6a:45:06:1c:fe:6a:
         fd:7d:d2:a6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUcFwBitmLmDrAyFrbPDfkXey1p64wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MjMxMzI5NTlaFw0yNjA3MjIxMzM0NTlaMDMxMTAvBgNV
BAMTKDRBMDI3MkYzOEVFQkYxQUIwM0I1RjA4RjMxNzAwNzQ4OENBREQ5MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4YLsLX19zDyjxN6s3mHQIjDqU
IH0OamuP9Fb1POJJmaHlbscFtxEaSNwBRXw3RJJ/KU6txDfN21MLS19E9yrQb4ZI
gd550HRx7NjjpAsjOYy+MuNoWpmFf8VQ+U8slOtbRcLoeLg9vZdywUfjxnTVk78l
rtPfqpOMfwNjwBdc8obwcjeuc7Ilnk0bZNxCy7T9A1LHntYeczmvNk21aBvgmPW6
hPOoW2VLtk60BdzjxpeMwZk/YilptfXBjvHIe4S0gKu3JFafhY9xGlEfm+Fw1NNN
HJ72Y9tU6mvgLCgr0SkYCSlMWJmDfIv6UXXtZu9bU/t/iwmCDFU1s7kBQkFHAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUSgJy847r8asDtfCPMXAHSIyt2SEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAwMjM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAlIev
AwQAoo0JMA0GCSqGSIb3DQEBCwUAA4IBAQC4N5mrC4hgxRLcvd4yu8Ebom12n4jK
1ftdU5DHiQKQ5TU2lMvLe8lknI8xPeR1OK+5oKjtVXuEzME7DFb0WzqlY0v1DE0H
c7t5YoLN+P47v8YXxr0TFo6NY2nkR868BoskDLKL2mDLv7I+dzQLI19Pt8wvL2Mk
Eftmax/V+eIpscsdvquI8x452pdh3mRj5wYpAri0RP+z0jlw6JTdYCSm5dN3Heke
G+7c7YwcnQHQHNebpVne5WCEYcSbEUE9MSYdYS3lh0jwbveIxPa/awh+lsPaQtAT
yzZP+VRzA2BEUMNl2H5tJxbgEKvQelRcZiLtoN5D8fFqRQYc/mr9fdKm
-----END CERTIFICATE-----