Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200642.roa
File:                     AS200642.roa (raw, json)
Hash identifier:          U7KmwaQdUMKcHTfXXDaaiViVkChBNTF+0NSSepiyPOc=
Subject key identifier:   F6:8E:E8:72:55:ED:5E:75:BA:63:BE:38:15:F0:31:0F:AB:ED:28:07
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       2650CDDA1B7C1155800F2E1B9988ECB85ED47A4F
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200642.roa
Signing time:             Wed 25 Feb 2026 18:00:11 +0000
ROA not before:           Wed 25 Feb 2026 17:55:11 +0000
ROA not after:            Wed 24 Feb 2027 18:00:11 +0000
asID:                     200642
IP address blocks:        2a14:7581:ff7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:50:cd:da:1b:7c:11:55:80:0f:2e:1b:99:88:ec:b8:5e:d4:7a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb 25 17:55:11 2026 GMT
            Not After : Feb 24 18:00:11 2027 GMT
        Subject: CN=F68EE87255ED5E75BA63BE3815F0310FABED2807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4a:54:26:81:c8:0e:ac:dd:c3:ef:cf:b0:b7:
                    17:3c:5b:b4:7f:2a:53:23:48:94:58:c5:bd:2f:df:
                    4e:a5:9b:18:a9:1f:29:f7:b2:19:ce:1f:f7:a5:37:
                    60:b3:c8:ec:2b:a4:f4:c8:76:72:fa:29:ae:7a:1d:
                    cd:4c:c7:6a:a2:5d:45:2c:79:99:41:e8:ae:7f:82:
                    6d:2c:b2:39:03:3b:bf:80:c0:7d:bb:8f:aa:30:1d:
                    d4:b0:6e:d7:57:43:3c:e2:5b:d3:63:f7:75:f0:53:
                    a8:4d:ba:c9:94:79:cc:42:ba:c0:3e:db:35:95:bb:
                    75:07:77:24:79:88:b7:ad:b7:13:6a:e1:44:5b:d1:
                    62:9d:f1:c2:ef:d4:c5:03:6f:12:5b:8a:19:2a:2d:
                    11:e6:09:78:6e:5e:55:cf:4f:e0:d5:0e:4b:2c:87:
                    79:d6:68:bb:af:74:c3:b8:39:37:fc:c7:a0:68:5a:
                    e7:db:6b:7a:41:ca:75:58:ec:dc:ec:af:d2:c3:c7:
                    61:6a:e8:a7:c0:05:3d:7f:11:a3:88:ae:e5:8b:1b:
                    d0:2b:20:2f:32:0a:05:83:5c:29:56:06:e1:17:79:
                    b7:81:6f:a8:bf:09:dd:7a:f4:d9:f0:0b:d3:fb:1f:
                    cd:cc:23:7c:cf:08:0c:66:e1:f0:be:ec:6d:31:bd:
                    31:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:8E:E8:72:55:ED:5E:75:BA:63:BE:38:15:F0:31:0F:AB:ED:28:07
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS200642.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:ff7::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:be:58:76:18:7c:fd:03:0f:af:84:cc:c4:b3:98:00:56:2c:
         58:e3:b9:e6:66:bd:f6:4d:ef:f4:93:4d:a6:90:ef:49:4c:ba:
         b6:23:f1:80:8c:86:0a:67:a4:d7:f8:68:80:84:07:f0:05:12:
         97:ba:8d:f8:bb:9b:02:77:f2:79:d5:ba:4d:8d:d2:0c:7a:88:
         10:42:e2:7c:ed:4c:fe:f0:03:f8:72:08:ef:ce:7e:29:ff:e3:
         72:f4:28:2a:93:88:07:ef:37:52:e0:0d:e4:28:22:f3:8f:75:
         71:c9:b4:cb:d1:33:91:4f:8f:4c:fc:59:77:0f:a5:c5:25:d9:
         3b:75:31:55:d7:8d:c0:0e:79:22:ed:18:f9:02:7b:94:cc:d2:
         43:1f:da:78:fd:b4:27:55:60:d5:de:54:75:96:97:28:1a:06:
         66:9a:48:d7:1e:d1:c1:24:38:21:db:38:28:e2:21:12:3a:be:
         ac:fe:0e:ea:54:87:87:57:5a:69:0d:73:78:fb:18:3d:ac:41:
         4f:fc:a4:18:43:b2:97:be:67:92:f6:c3:cc:ff:70:d6:5d:dc:
         2b:40:fe:76:7d:05:40:ec:0e:4f:82:76:37:85:3a:97:f0:e2:
         a5:ff:95:1b:ff:a5:c5:c4:95:47:71:02:6b:bf:52:3e:b7:3e:
         a1:a2:24:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJlDN2ht8EVWADy4bmYjsuF7Uek8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAyMjUxNzU1MTFaFw0yNzAyMjQxODAwMTFaMDMxMTAvBgNV
BAMTKEY2OEVFODcyNTVFRDVFNzVCQTYzQkUzODE1RjAzMTBGQUJFRDI4MDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDISlQmgcgOrN3D78+wtxc8W7R/
KlMjSJRYxb0v306lmxipHyn3shnOH/elN2CzyOwrpPTIdnL6Ka56Hc1Mx2qiXUUs
eZlB6K5/gm0ssjkDO7+AwH27j6owHdSwbtdXQzziW9Nj93XwU6hNusmUecxCusA+
2zWVu3UHdyR5iLettxNq4URb0WKd8cLv1MUDbxJbihkqLRHmCXhuXlXPT+DVDkss
h3nWaLuvdMO4OTf8x6BoWufba3pBynVY7Nzsr9LDx2Fq6KfABT1/EaOIruWLG9Ar
IC8yCgWDXClWBuEXebeBb6i/Cd169NnwC9P7H83MI3zPCAxm4fC+7G0xvTEdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU9o7oclXtXnW6Y744FfAxD6vtKAcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjAwNjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gQ/3MA0GCSqGSIb3DQEBCwUAA4IBAQCJvlh2GHz9Aw+vhMzEs5gAVixY47nmZr32
Te/0k02mkO9JTLq2I/GAjIYKZ6TX+GiAhAfwBRKXuo34u5sCd/J51bpNjdIMeogQ
QuJ87Uz+8AP4cgjvzn4p/+Ny9Cgqk4gH7zdS4A3kKCLzj3VxybTL0TORT49M/Fl3
D6XFJdk7dTFV143ADnki7Rj5AnuUzNJDH9p4/bQnVWDV3lR1lpcoGgZmmkjXHtHB
JDgh2zgo4iESOr6s/g7qVIeHV1ppDXN4+xg9rEFP/KQYQ7KXvmeS9sPM/3DWXdwr
QP52fQVA7A5PgnY3hTqX8OKl/5Ub/6XFxJVHcQJrv1I+tz6hoiRY
-----END CERTIFICATE-----