Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200882.roa
File:                     AS200882.roa (raw, json)
Hash identifier:          dJHOEWQW4X/92QGbv0m8qDwp0wjAU7nrWBTPkXXsSH0=
Subject key identifier:   F9:95:B1:D9:7B:51:E8:D0:D6:38:50:74:B3:1B:B0:81:21:91:B2:80
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       439387C2CEE65C7B27F3A21C1B85F7A6462469E6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200882.roa
Signing time:             Tue 24 Feb 2026 09:28:23 +0000
ROA not before:           Tue 24 Feb 2026 09:23:23 +0000
ROA not after:            Tue 23 Feb 2027 09:28:23 +0000
asID:                     200882
IP address blocks:        143.14.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:93:87:c2:ce:e6:5c:7b:27:f3:a2:1c:1b:85:f7:a6:46:24:69:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 24 09:23:23 2026 GMT
            Not After : Feb 23 09:28:23 2027 GMT
        Subject: CN=F995B1D97B51E8D0D6385074B31BB0812191B280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:90:9b:dc:68:6a:36:09:32:ec:1a:14:98:62:
                    72:59:cd:bc:07:cc:2c:7e:1d:3a:18:29:96:01:4f:
                    c6:32:49:2b:6c:d2:66:a6:c7:1e:6b:23:05:4b:c4:
                    9d:43:38:79:4d:26:33:da:5e:d4:c1:b3:94:17:b3:
                    a4:d2:fe:82:7d:dd:9c:b3:6e:50:87:18:16:f8:fb:
                    7e:bb:44:a3:0e:f1:a2:61:19:1d:e5:1a:ff:06:98:
                    3a:7c:2d:82:b2:d3:b0:c1:ef:c0:a5:61:a7:4f:3b:
                    f9:fd:dc:8f:b2:db:89:5b:fc:a8:31:74:a0:18:ea:
                    0c:f2:7e:84:97:c6:5e:7e:77:7b:89:f1:2e:2b:0b:
                    47:b6:56:ef:e3:0f:a1:eb:fd:5b:62:01:7d:03:10:
                    19:6d:74:28:3b:f2:c3:ea:c7:df:45:a1:f8:e5:e0:
                    3a:70:36:5e:fe:23:f9:a1:a9:47:ed:00:45:2c:6d:
                    d5:3f:52:5a:8c:b0:89:e5:f1:9f:90:f2:97:c1:78:
                    1d:22:43:e9:09:60:37:e7:c7:26:49:3d:fd:f4:df:
                    56:8c:f5:dc:d8:3b:25:24:42:b8:44:12:29:39:1b:
                    1a:3d:0e:83:38:20:21:89:d2:9b:5e:17:7e:8c:80:
                    53:8d:1d:fe:52:80:47:bf:7e:fa:fc:01:d1:9f:53:
                    bc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:95:B1:D9:7B:51:E8:D0:D6:38:50:74:B3:1B:B0:81:21:91:B2:80
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS200882.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:ba:d2:d2:a1:d2:c3:3e:bd:fb:48:c8:2b:91:4a:17:e7:65:
         3b:79:22:b0:47:3b:34:8f:f2:17:37:45:f5:69:98:a7:94:be:
         c7:96:d9:84:ae:50:d3:57:0c:da:81:e7:42:50:13:24:ae:e7:
         a1:ac:df:28:25:b5:e0:46:ae:d7:37:00:92:b8:0d:d3:71:1f:
         f2:81:f2:a4:39:38:fe:1e:9a:ca:92:ca:cb:be:f7:ec:af:95:
         99:48:f7:0f:25:7d:a7:db:09:26:e0:67:eb:83:2c:9f:db:15:
         74:85:f7:2f:d9:47:f5:d6:b2:43:6e:7f:3f:7b:b9:0e:64:a2:
         04:97:16:f7:c0:c1:5c:81:22:1c:3e:49:99:7a:4a:e9:d9:d2:
         68:a8:63:c1:53:91:fe:b9:79:8b:d3:99:8c:1f:b0:49:4d:5b:
         36:59:72:34:13:c4:bc:43:03:4f:a8:64:e1:50:ce:e1:e5:59:
         cc:a0:37:4d:91:c2:f4:e4:76:8b:ee:37:1a:af:e8:8e:0e:f2:
         7b:64:51:d2:82:c3:aa:e2:65:7e:6a:88:6d:3b:80:0b:35:fd:
         0f:24:60:bc:bd:ce:18:12:52:60:36:8d:0f:d7:7a:ae:cd:52:
         a0:e6:71:a0:1d:c3:83:84:a3:07:a5:20:71:90:43:1a:06:26:
         76:93:90:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQ5OHws7mXHsn86IcG4X3pkYkaeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMjQwOTIzMjNaFw0yNzAyMjMwOTI4MjNaMDMxMTAvBgNV
BAMTKEY5OTVCMUQ5N0I1MUU4RDBENjM4NTA3NEIzMUJCMDgxMjE5MUIyODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmkJvcaGo2CTLsGhSYYnJZzbwH
zCx+HToYKZYBT8YySSts0mamxx5rIwVLxJ1DOHlNJjPaXtTBs5QXs6TS/oJ93Zyz
blCHGBb4+367RKMO8aJhGR3lGv8GmDp8LYKy07DB78ClYadPO/n93I+y24lb/Kgx
dKAY6gzyfoSXxl5+d3uJ8S4rC0e2Vu/jD6Hr/VtiAX0DEBltdCg78sPqx99Fofjl
4DpwNl7+I/mhqUftAEUsbdU/UlqMsInl8Z+Q8pfBeB0iQ+kJYDfnxyZJPf3031aM
9dzYOyUkQrhEEik5Gxo9DoM4ICGJ0pteF36MgFONHf5SgEe/fvr8AdGfU7zFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+ZWx2XtR6NDWOFB0sxuwgSGRsoAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAwODgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjw5S
MA0GCSqGSIb3DQEBCwUAA4IBAQARutLSodLDPr37SMgrkUoX52U7eSKwRzs0j/IX
N0X1aZinlL7HltmErlDTVwzagedCUBMkruehrN8oJbXgRq7XNwCSuA3TcR/ygfKk
OTj+HprKksrLvvfsr5WZSPcPJX2n2wkm4Gfrgyyf2xV0hfcv2Uf11rJDbn8/e7kO
ZKIElxb3wMFcgSIcPkmZekrp2dJoqGPBU5H+uXmL05mMH7BJTVs2WXI0E8S8QwNP
qGThUM7h5VnMoDdNkcL05HaL7jcar+iODvJ7ZFHSgsOq4mV+aohtO4ALNf0PJGC8
vc4YElJgNo0P13quzVKg5nGgHcODhKMHpSBxkEMaBiZ2k5Dm
-----END CERTIFICATE-----