Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa
File:                     AS200017.roa (raw, json)
Hash identifier:          88e5eGXYjPNB/PgM9PekyfGYxwwfvf56FJkyvt/NTFM=
Subject key identifier:   80:01:34:A1:28:D4:CC:15:1C:18:70:BA:C0:6C:07:EF:05:C1:46:9F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3D084A1A4C79AC18CF13A8CA63741F1ED64E7A86
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa
Signing time:             Fri 12 Jun 2026 11:47:33 +0000
ROA not before:           Fri 12 Jun 2026 11:42:33 +0000
ROA not after:            Fri 11 Jun 2027 11:47:33 +0000
asID:                     200017
IP address blocks:        193.161.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:08:4a:1a:4c:79:ac:18:cf:13:a8:ca:63:74:1f:1e:d6:4e:7a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 12 11:42:33 2026 GMT
            Not After : Jun 11 11:47:33 2027 GMT
        Subject: CN=800134A128D4CC151C1870BAC06C07EF05C1469F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1e:40:0f:59:ad:b0:94:30:22:c6:ad:9e:de:
                    ae:fa:11:e8:cb:e3:4d:fb:ba:10:9d:ea:b9:f2:29:
                    1c:9a:4b:c8:76:17:9e:92:8d:cc:e8:e6:6f:fc:09:
                    71:f4:a9:09:81:37:0b:32:a6:d8:e6:52:33:2b:25:
                    4f:b8:e8:26:47:ee:67:7e:29:8a:5c:0d:e5:d4:68:
                    18:39:cf:36:63:58:01:94:82:32:87:99:15:ac:41:
                    50:0e:84:e3:48:d5:df:7f:7b:68:02:23:94:20:f6:
                    83:77:e7:94:46:c7:8b:38:98:b8:19:b6:b2:93:a5:
                    38:11:37:a8:95:3a:66:e3:18:97:9a:c0:27:bd:72:
                    84:2f:52:4d:7f:35:86:dc:a8:29:4b:2f:18:51:61:
                    c2:6e:d4:a7:4e:e4:3c:b1:3f:cc:57:f1:cf:0b:e7:
                    0b:e3:71:73:49:d8:bc:46:d8:6f:2f:8d:c5:64:a7:
                    31:7a:74:b2:2a:db:15:36:df:9a:72:00:57:52:0d:
                    72:bb:03:db:e9:de:0c:df:cd:93:f4:3f:8c:fb:04:
                    80:28:b1:f5:04:49:ca:64:4d:87:c2:2a:e3:d0:aa:
                    76:82:fe:a2:c9:b6:7c:8c:85:8a:8e:c7:1b:28:f2:
                    7b:98:82:1b:f2:74:ed:b6:80:d7:e0:eb:ed:43:c5:
                    57:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:01:34:A1:28:D4:CC:15:1C:18:70:BA:C0:6C:07:EF:05:C1:46:9F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS200017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:44:ac:cd:0b:3e:af:0c:9c:17:ec:dc:46:ff:22:d8:f4:f8:
         bd:90:30:39:87:ed:aa:c6:cd:fc:71:9a:8f:e7:9c:d8:4d:6c:
         0f:ce:98:62:cf:d1:6b:bc:b1:4d:b9:aa:56:20:17:4b:02:59:
         39:df:a4:30:2d:57:71:e2:e2:2d:c9:c0:b9:bc:e4:e9:ef:3c:
         47:27:c0:a5:f8:0b:a4:50:df:e0:13:eb:07:8f:02:5f:a4:24:
         96:08:ed:2f:ac:8f:fd:01:2e:b3:35:cf:9b:eb:7a:de:fe:d9:
         09:32:ed:18:38:1b:60:7f:6e:7f:8a:6e:50:77:57:4e:0e:6c:
         0f:53:37:db:f7:ee:55:25:8f:ad:6f:5f:34:b0:98:d0:60:58:
         4f:24:a2:e0:e8:ce:0e:d6:5c:6b:5b:e6:77:7a:dd:c5:03:94:
         54:02:d4:21:00:08:6d:4b:82:28:11:31:23:f2:ac:8f:cb:cb:
         e7:f8:06:01:4c:71:59:72:fe:52:8f:80:6c:10:e1:10:ee:81:
         e1:e5:d2:09:4f:41:4e:41:46:ad:4a:20:94:6e:5c:d0:1e:96:
         35:1c:16:16:60:21:0a:79:70:a5:79:8a:de:28:91:f4:6f:fd:
         5f:ca:69:d4:87:84:99:51:37:b9:be:68:26:6c:26:35:a7:b3:
         45:af:b7:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPQhKGkx5rBjPE6jKY3QfHtZOeoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MTIxMTQyMzNaFw0yNzA2MTExMTQ3MzNaMDMxMTAvBgNV
BAMTKDgwMDEzNEExMjhENENDMTUxQzE4NzBCQUMwNkMwN0VGMDVDMTQ2OUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtHkAPWa2wlDAixq2e3q76EejL
4037uhCd6rnyKRyaS8h2F56Sjczo5m/8CXH0qQmBNwsyptjmUjMrJU+46CZH7md+
KYpcDeXUaBg5zzZjWAGUgjKHmRWsQVAOhONI1d9/e2gCI5Qg9oN355RGx4s4mLgZ
trKTpTgRN6iVOmbjGJeawCe9coQvUk1/NYbcqClLLxhRYcJu1KdO5DyxP8xX8c8L
5wvjcXNJ2LxG2G8vjcVkpzF6dLIq2xU235pyAFdSDXK7A9vp3gzfzZP0P4z7BIAo
sfUEScpkTYfCKuPQqnaC/qLJtnyMhYqOxxso8nuYghvydO22gNfg6+1DxVdtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgAE0oSjUzBUcGHC6wGwH7wXBRp8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAwMDE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaH1
MA0GCSqGSIb3DQEBCwUAA4IBAQBWRKzNCz6vDJwX7NxG/yLY9Pi9kDA5h+2qxs38
cZqP55zYTWwPzphiz9FrvLFNuapWIBdLAlk536QwLVdx4uItycC5vOTp7zxHJ8Cl
+AukUN/gE+sHjwJfpCSWCO0vrI/9AS6zNc+b63re/tkJMu0YOBtgf25/im5Qd1dO
DmwPUzfb9+5VJY+tb180sJjQYFhPJKLg6M4O1lxrW+Z3et3FA5RUAtQhAAhtS4Io
ETEj8qyPy8vn+AYBTHFZcv5Sj4BsEOEQ7oHh5dIJT0FOQUatSiCUblzQHpY1HBYW
YCEKeXCleYreKJH0b/1fymnUh4SZUTe5vmgmbCY1p7NFr7eR
-----END CERTIFICATE-----