Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS200213.roa
File:                     AS200213.roa (raw, json)
Hash identifier:          jHsWgHO4WsK8UwfX+EGNaRyozPf8mcg2Dl9LXjUSJHU=
Subject key identifier:   88:D1:E8:12:E3:71:18:22:6E:87:6E:9C:2D:A5:D7:CB:8E:A3:3E:C1
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       2C853DB5D4BA01606C923BF6139C6332C47FD623
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS200213.roa
Signing time:             Thu 16 Apr 2026 05:04:24 +0000
ROA not before:           Thu 16 Apr 2026 04:59:24 +0000
ROA not after:            Thu 15 Apr 2027 05:04:24 +0000
asID:                     200213
IP address blocks:        46.236.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:85:3d:b5:d4:ba:01:60:6c:92:3b:f6:13:9c:63:32:c4:7f:d6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Apr 16 04:59:24 2026 GMT
            Not After : Apr 15 05:04:24 2027 GMT
        Subject: CN=88D1E812E37118226E876E9C2DA5D7CB8EA33EC1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e3:e2:a4:dd:57:5b:95:40:af:bf:68:d1:8c:
                    ae:0e:95:46:12:e5:35:47:92:e0:7f:aa:da:30:0c:
                    4a:3c:06:b1:cc:be:49:50:29:c4:3f:2a:c9:e1:9f:
                    c7:f4:44:a5:b7:ca:96:19:25:6e:90:67:22:79:06:
                    ec:50:b3:de:a0:e4:f7:a2:d0:6e:ab:f8:ae:b0:9b:
                    6d:21:28:a0:60:1c:5c:31:7e:13:f3:56:17:ef:9c:
                    e5:e7:59:50:bf:09:bc:ab:49:d8:e7:03:87:f0:60:
                    5b:05:57:b4:ca:43:30:96:f6:ca:f6:76:86:c5:61:
                    36:2f:bc:38:2f:80:5d:cd:32:10:50:a0:41:70:7e:
                    35:1f:35:e3:2b:fa:29:a2:81:80:ed:61:d0:e7:a1:
                    44:a4:f0:41:ef:d7:b8:65:b4:d1:5e:03:d1:db:23:
                    97:48:66:64:4c:1f:5e:a4:9c:54:3a:55:ea:86:a4:
                    b9:a2:09:60:f7:6a:8b:7e:dd:64:f1:3d:ab:0b:a1:
                    9d:d5:d4:e9:f9:e5:ea:b4:9d:c3:bb:09:35:cd:dc:
                    1a:60:36:c9:84:fd:7f:75:41:6d:35:27:63:37:85:
                    8a:3e:f3:15:6d:fd:8f:0e:31:86:40:ea:22:6e:14:
                    61:7b:7f:03:42:ee:76:e9:8b:77:31:e3:c0:cb:dd:
                    02:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D1:E8:12:E3:71:18:22:6E:87:6E:9C:2D:A5:D7:CB:8E:A3:3E:C1
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS200213.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:33:b2:98:38:6f:2d:a6:c0:49:b5:93:b3:ad:0b:86:aa:da:
         52:0b:63:22:33:58:79:66:e7:9d:3b:2c:04:b3:71:2c:ea:ec:
         17:a1:63:de:d8:ba:6c:d2:b4:69:e8:d2:66:17:c6:c7:35:28:
         62:e1:a1:33:e1:7e:e0:4b:78:ef:fa:70:d8:59:57:07:0b:8a:
         c4:69:4d:7b:f7:53:ec:39:19:8d:ed:cc:99:be:59:f0:35:85:
         74:a0:d8:73:b6:59:f4:39:9c:f3:47:42:5c:e7:91:b3:5b:be:
         1e:93:50:6c:3b:c5:db:cd:89:02:2d:81:8c:25:f8:77:df:c7:
         d3:f2:e4:23:09:27:97:09:e0:79:80:d1:9b:aa:d2:4b:36:03:
         56:13:2d:4f:04:78:32:1b:02:8c:7a:79:42:02:b1:8f:9d:a9:
         d5:99:92:e7:04:1b:19:3a:0b:fa:94:85:a1:7f:f1:cd:bf:b7:
         17:80:c1:6f:8a:e8:48:41:cf:42:81:fc:56:77:92:c5:f0:60:
         89:83:c3:46:c7:5b:68:ee:3e:5e:b3:17:ad:ad:0f:c0:64:a2:
         46:3c:0a:a3:1b:90:cf:c2:ce:5b:85:d6:78:ee:bd:cb:05:d4:
         ad:3e:8c:55:60:dc:a4:bf:3c:7a:9e:ed:cb:f1:de:a9:98:48:
         73:87:59:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULIU9tdS6AWBskjv2E5xjMsR/1iMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA0MTYwNDU5MjRaFw0yNzA0MTUwNTA0MjRaMDMxMTAvBgNV
BAMTKDg4RDFFODEyRTM3MTE4MjI2RTg3NkU5QzJEQTVEN0NCOEVBMzNFQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC14+Kk3VdblUCvv2jRjK4OlUYS
5TVHkuB/qtowDEo8BrHMvklQKcQ/Ksnhn8f0RKW3ypYZJW6QZyJ5BuxQs96g5Pei
0G6r+K6wm20hKKBgHFwxfhPzVhfvnOXnWVC/CbyrSdjnA4fwYFsFV7TKQzCW9sr2
dobFYTYvvDgvgF3NMhBQoEFwfjUfNeMr+imigYDtYdDnoUSk8EHv17hltNFeA9Hb
I5dIZmRMH16knFQ6VeqGpLmiCWD3aot+3WTxPasLoZ3V1On55eq0ncO7CTXN3Bpg
NsmE/X91QW01J2M3hYo+8xVt/Y8OMYZA6iJuFGF7fwNC7nbpi3cx48DL3QJVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiNHoEuNxGCJuh26cLaXXy46jPsEwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjAwMjEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzE
MA0GCSqGSIb3DQEBCwUAA4IBAQAPM7KYOG8tpsBJtZOzrQuGqtpSC2MiM1h5Zued
OywEs3Es6uwXoWPe2Lps0rRp6NJmF8bHNShi4aEz4X7gS3jv+nDYWVcHC4rEaU17
91PsORmN7cyZvlnwNYV0oNhztln0OZzzR0Jc55GzW74ek1BsO8XbzYkCLYGMJfh3
38fT8uQjCSeXCeB5gNGbqtJLNgNWEy1PBHgyGwKMenlCArGPnanVmZLnBBsZOgv6
lIWhf/HNv7cXgMFviuhIQc9CgfxWd5LF8GCJg8NGx1to7j5esxetrQ/AZKJGPAqj
G5DPws5bhdZ47r3LBdStPoxVYNykvzx6nu3L8d6pmEhzh1mN
-----END CERTIFICATE-----