Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa
File:                     AS200017.roa (raw, json)
Hash identifier:          KvOt8MZZrYNc0Pexib6XPj0N4wlJ2S6i3Vx1ya8DbpI=
Subject key identifier:   95:AA:39:23:EE:66:C9:A3:0F:FA:82:BE:71:02:56:A6:FB:A5:97:71
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       389B9D13C6C51D873F9813EF82B5881D735E00
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa
Signing time:             Fri 11 Jul 2025 10:54:13 +0000
ROA not before:           Fri 11 Jul 2025 10:49:13 +0000
ROA not after:            Fri 10 Jul 2026 10:54:13 +0000
asID:                     200017
IP address blocks:        193.161.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:9b:9d:13:c6:c5:1d:87:3f:98:13:ef:82:b5:88:1d:73:5e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 11 10:49:13 2025 GMT
            Not After : Jul 10 10:54:13 2026 GMT
        Subject: CN=95AA3923EE66C9A30FFA82BE710256A6FBA59771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2f:78:73:f0:6e:fd:6b:ac:db:00:b1:18:5a:
                    1d:ad:2a:8f:b6:12:ff:34:51:23:d1:be:58:8e:d6:
                    ed:f5:7c:5e:7e:80:5f:db:24:4c:64:28:58:29:f6:
                    25:9c:4e:1d:5e:6e:82:c9:d3:ad:86:b6:38:f5:b5:
                    78:d8:ef:cb:7d:71:bf:f8:c1:79:1e:67:f8:f8:f7:
                    39:33:e0:0c:91:b6:be:44:8a:ca:5f:46:8b:77:ef:
                    62:25:b1:d0:99:4e:36:09:65:6b:aa:10:36:c5:37:
                    e5:64:f3:a0:65:e4:28:d6:0b:ac:ef:8f:6a:3f:6d:
                    23:11:ef:e9:00:88:8e:5d:20:8f:9e:6c:12:37:96:
                    64:e4:67:78:4c:80:26:cf:1f:70:50:3c:98:08:f9:
                    75:b1:6d:48:ac:0f:df:87:d8:7b:0c:0e:67:97:a1:
                    e9:05:71:44:1d:4c:41:22:19:28:1a:05:50:ad:b2:
                    e3:ca:99:53:35:7e:34:45:ac:6f:63:86:60:74:aa:
                    a7:b4:80:d2:5c:53:cb:ba:7e:a8:73:ef:b8:a8:b4:
                    06:a0:9a:29:1c:b7:50:b7:11:6a:7d:e7:29:cd:0e:
                    49:56:30:f1:42:70:ea:17:28:cd:d3:a8:d7:b3:a3:
                    e1:86:5e:15:f8:d3:67:a0:8a:e0:a8:c0:c3:39:81:
                    db:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:AA:39:23:EE:66:C9:A3:0F:FA:82:BE:71:02:56:A6:FB:A5:97:71
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:60:69:c6:fe:b5:1e:39:ba:61:4c:f1:25:1c:d4:e8:e2:17:
         4e:2e:7c:9c:9c:94:d3:cc:41:72:98:5a:45:38:01:36:48:8e:
         33:62:b0:51:d4:28:64:82:b9:04:5a:ad:a0:da:15:86:1f:4c:
         12:a1:bd:89:d2:6a:a3:4b:bb:6c:3d:5a:11:4d:2a:c3:52:c1:
         c9:65:af:1b:3a:9d:5a:60:fc:5c:5f:85:4e:3f:d6:bd:ea:d3:
         05:c7:a9:4b:0f:74:71:d3:00:46:a4:d1:b8:4c:76:b2:b0:0e:
         4d:cb:03:75:81:11:8c:a4:f4:1f:21:99:c7:79:b2:c6:55:30:
         b9:f8:0f:b7:df:84:9e:b4:51:e0:34:75:a8:13:07:e5:f9:21:
         0b:49:99:0e:60:c3:03:91:90:ee:04:97:3a:cf:cc:26:8c:45:
         81:c8:11:68:27:e6:36:4d:28:6e:be:29:a1:49:91:d0:8c:82:
         47:42:ea:8c:80:66:c6:49:64:e3:74:db:eb:70:40:95:26:70:
         e7:44:70:ae:57:d4:ea:e8:39:77:55:1c:d6:24:78:8a:dc:e7:
         2c:b5:22:6a:21:b5:35:bf:9b:d6:ed:df:98:7a:f2:23:d1:55:
         fb:c7:68:35:9f:5a:26:bc:37:86:01:ae:bf:eb:f5:b8:f2:6c:
         69:fd:12:8e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgITOJudE8bFHYc/mBPvgrWIHXNeADANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEygwM2IxYmEzZmRiOTFkOGQ5ZWE3NmM1Nzc2MzIwZWI3ZWIy
ZDZlZDlkMB4XDTI1MDcxMTEwNDkxM1oXDTI2MDcxMDEwNTQxM1owMzExMC8GA1UE
AxMoOTVBQTM5MjNFRTY2QzlBMzBGRkE4MkJFNzEwMjU2QTZGQkE1OTc3MTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIveHPwbv1rrNsAsRhaHa0qj7YS
/zRRI9G+WI7W7fV8Xn6AX9skTGQoWCn2JZxOHV5ugsnTrYa2OPW1eNjvy31xv/jB
eR5n+Pj3OTPgDJG2vkSKyl9Gi3fvYiWx0JlONglla6oQNsU35WTzoGXkKNYLrO+P
aj9tIxHv6QCIjl0gj55sEjeWZORneEyAJs8fcFA8mAj5dbFtSKwP34fYewwOZ5eh
6QVxRB1MQSIZKBoFUK2y48qZUzV+NEWsb2OGYHSqp7SA0lxTy7p+qHPvuKi0BqCa
KRy3ULcRan3nKc0OSVYw8UJw6hcozdOo17Oj4YZeFfjTZ6CK4KjAwzmB280CAwEA
AaOCAgowggIGMB0GA1UdDgQWBBSVqjkj7mbJow/6gr5xAlam+6WXcTAfBgNVHSME
GDAWgBQDsbo/25HY2ep2xXdjIOt+stbtnTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS83ZmYwZjU1NS1kYmE3LTQxOTItYTAxZC1mNjkxNmQ1YmI4
NGUvMC8wM0IxQkEzRkRCOTFEOEQ5RUE3NkM1Nzc2MzIwRUI3RUIyRDZFRDlELmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvQTdHNlA5dVIyTm5xZHNWM1l5RHJmckxX
N1owLmNlcjB7BggrBgEFBQcBCwRvMG0wawYIKwYBBQUHMAuGX3JzeW5jOi8vcnN5
bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00
MTkyLWEwMWQtZjY5MTZkNWJiODRlLzAvQVMyMDAwMTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBofUw
DQYJKoZIhvcNAQELBQADggEBAAhgacb+tR45umFM8SUc1OjiF04ufJyclNPMQXKY
WkU4ATZIjjNisFHUKGSCuQRaraDaFYYfTBKhvYnSaqNLu2w9WhFNKsNSwcllrxs6
nVpg/FxfhU4/1r3q0wXHqUsPdHHTAEak0bhMdrKwDk3LA3WBEYyk9B8hmcd5ssZV
MLn4D7ffhJ60UeA0dagTB+X5IQtJmQ5gwwORkO4ElzrPzCaMRYHIEWgn5jZNKG6+
KaFJkdCMgkdC6oyAZsZJZON02+twQJUmcOdEcK5X1OroOXdVHNYkeIrc5yy1Imoh
tTW/m9bt35h68iPRVfvHaDWfWia8N4YBrr/r9bjybGn9Eo4=
-----END CERTIFICATE-----