Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200088.roa
File:                     AS200088.roa (raw, json)
Hash identifier:          aDx5NgY1YrydG0B6iaQfidE8zPo4XBdOOtZGOXykX1E=
Subject key identifier:   12:EE:01:92:28:C9:FB:85:5B:68:F1:FE:77:B9:EC:96:2E:F7:73:CD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3C61C62B28C2A36E99A72B8DEC02E3E67BC662D3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200088.roa
Signing time:             Thu 30 Oct 2025 14:55:11 +0000
ROA not before:           Thu 30 Oct 2025 14:50:11 +0000
ROA not after:            Thu 29 Oct 2026 14:55:11 +0000
asID:                     200088
IP address blocks:        179.61.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:61:c6:2b:28:c2:a3:6e:99:a7:2b:8d:ec:02:e3:e6:7b:c6:62:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 30 14:50:11 2025 GMT
            Not After : Oct 29 14:55:11 2026 GMT
        Subject: CN=12EE019228C9FB855B68F1FE77B9EC962EF773CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4f:c3:b8:34:06:e5:43:fc:a9:ed:a6:61:7b:
                    b1:0b:26:a3:2d:31:af:43:16:bb:60:a4:54:96:60:
                    e6:4e:b3:4c:a3:92:08:0b:5e:d0:71:7d:38:ad:80:
                    71:41:9c:29:86:ed:d2:16:4b:86:9c:89:59:bc:85:
                    b5:04:fd:40:d8:f2:c0:96:24:76:b5:3e:e9:c6:bb:
                    0e:6b:0d:a8:64:11:b8:14:5a:3b:e2:ac:ce:a9:8c:
                    b8:ee:80:5a:9c:b6:29:8e:2b:fe:45:e6:9f:ee:42:
                    ab:0f:bd:23:26:0c:db:fb:19:f8:2a:34:1d:de:e9:
                    08:12:4e:3e:c3:a1:0b:0a:8b:89:ec:2f:66:d4:f3:
                    f4:3d:14:c3:df:01:3a:3b:74:52:9f:7b:eb:44:94:
                    16:f2:2b:87:13:eb:cb:59:81:82:98:52:3f:e3:87:
                    af:b5:eb:fa:37:af:dd:69:83:e9:fb:a4:99:12:ac:
                    cb:18:51:ef:9c:dd:3b:94:fd:36:c4:b1:49:82:b0:
                    b4:80:31:4c:0a:ca:f4:4c:41:95:9d:c2:1e:0c:97:
                    ed:8b:be:b5:bd:da:a5:5f:60:51:c9:b1:fe:32:3a:
                    32:25:f5:40:6f:98:e6:09:56:71:d5:a9:42:6d:1a:
                    95:64:c5:07:1b:a3:d3:4e:82:7e:8f:ed:3b:da:e1:
                    bc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:EE:01:92:28:C9:FB:85:5B:68:F1:FE:77:B9:EC:96:2E:F7:73:CD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS200088.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:95:17:ed:d7:31:82:9f:26:03:ef:6e:df:33:3d:fc:d4:f7:
         8f:81:83:2b:7a:09:a2:ae:fd:1f:8c:df:83:f6:34:e2:76:b8:
         e8:de:21:a5:9d:05:fb:3e:e5:43:87:db:f7:8f:44:a0:75:e9:
         9d:40:2c:de:8f:57:16:36:f9:fe:82:f5:33:21:ed:c6:6e:64:
         29:48:06:ef:18:9a:cd:0d:5d:4e:f3:d0:32:97:70:21:96:a1:
         7e:f0:c6:33:7e:10:57:57:40:6e:22:65:d4:a3:b4:e5:bb:27:
         c6:ab:54:b1:f4:6e:76:26:e8:bf:90:e4:1b:e1:7f:a5:f1:2b:
         92:b2:6e:09:73:28:64:fd:3e:98:e9:1f:0c:ab:ce:c7:93:60:
         16:6e:1c:a7:bc:ad:ba:7e:06:09:1a:b4:01:5e:c1:7c:ce:ac:
         b6:92:ef:71:43:61:9a:9c:46:f0:2f:29:1d:e9:2d:09:67:db:
         e2:1e:89:20:f6:80:6d:84:23:a0:27:10:7f:b1:f6:ab:7e:32:
         1a:d2:bc:b2:43:f6:d3:65:b5:1a:17:cd:3e:e2:00:54:1c:ba:
         0d:98:91:ae:18:a6:5c:1a:a3:7f:0b:c9:af:a3:61:b1:d9:a0:
         12:ff:88:72:c4:90:a1:7f:21:0d:fa:64:a1:87:88:a4:47:c6:
         49:87:bc:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPGHGKyjCo26ZpyuN7ALj5nvGYtMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMzAxNDUwMTFaFw0yNjEwMjkxNDU1MTFaMDMxMTAvBgNV
BAMTKDEyRUUwMTkyMjhDOUZCODU1QjY4RjFGRTc3QjlFQzk2MkVGNzczQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVT8O4NAblQ/yp7aZhe7ELJqMt
Ma9DFrtgpFSWYOZOs0yjkggLXtBxfTitgHFBnCmG7dIWS4aciVm8hbUE/UDY8sCW
JHa1PunGuw5rDahkEbgUWjvirM6pjLjugFqctimOK/5F5p/uQqsPvSMmDNv7Gfgq
NB3e6QgSTj7DoQsKi4nsL2bU8/Q9FMPfATo7dFKfe+tElBbyK4cT68tZgYKYUj/j
h6+16/o3r91pg+n7pJkSrMsYUe+c3TuU/TbEsUmCsLSAMUwKyvRMQZWdwh4Ml+2L
vrW92qVfYFHJsf4yOjIl9UBvmOYJVnHVqUJtGpVkxQcbo9NOgn6P7Tva4byZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEu4BkijJ+4VbaPH+d7nsli73c80wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAwMDg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2Y
MA0GCSqGSIb3DQEBCwUAA4IBAQATlRft1zGCnyYD727fMz381PePgYMregmirv0f
jN+D9jTidrjo3iGlnQX7PuVDh9v3j0SgdemdQCzej1cWNvn+gvUzIe3GbmQpSAbv
GJrNDV1O89Ayl3AhlqF+8MYzfhBXV0BuImXUo7TluyfGq1Sx9G52Jui/kOQb4X+l
8SuSsm4Jcyhk/T6Y6R8Mq87Hk2AWbhynvK26fgYJGrQBXsF8zqy2ku9xQ2GanEbw
Lykd6S0JZ9viHokg9oBthCOgJxB/sfarfjIa0ryyQ/bTZbUaF80+4gBUHLoNmJGu
GKZcGqN/C8mvo2Gx2aAS/4hyxJChfyEN+mShh4ikR8ZJh7wj
-----END CERTIFICATE-----