Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198584.roa
File:                     AS198584.roa (raw, json)
Hash identifier:          AVppztb9zA5jgfkJC2uaq1OD945DhjkL1ksc99kqoVg=
Subject key identifier:   50:E7:E5:CA:97:05:A9:E7:C9:5A:D7:C5:80:B1:A9:75:C4:4D:B0:A7
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5FC0D310471E215E29E225BCA3E238F5A1E10E7D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198584.roa
Signing time:             Thu 17 Jul 2025 00:00:22 +0000
ROA not before:           Wed 16 Jul 2025 23:55:22 +0000
ROA not after:            Thu 16 Jul 2026 00:00:22 +0000
asID:                     198584
IP address blocks:        143.14.15.0/24 maxlen: 24
                          147.79.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:c0:d3:10:47:1e:21:5e:29:e2:25:bc:a3:e2:38:f5:a1:e1:0e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 16 23:55:22 2025 GMT
            Not After : Jul 16 00:00:22 2026 GMT
        Subject: CN=50E7E5CA9705A9E7C95AD7C580B1A975C44DB0A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:20:ae:80:00:e4:1a:15:96:aa:22:5e:63:3d:
                    0c:af:5a:ca:29:4c:3d:7a:41:ce:81:2c:db:ac:7c:
                    1c:3d:26:d3:bc:cb:23:9f:4a:4d:aa:f8:1b:6f:5d:
                    ae:5d:84:3a:cc:b3:43:00:bf:ef:09:68:4c:75:34:
                    53:83:e3:08:30:02:11:13:f6:9d:00:be:66:ff:3e:
                    1c:7d:57:6f:c5:cd:87:b8:70:73:e2:98:8a:6d:20:
                    66:81:7b:7d:1a:ae:fd:57:73:84:c2:b1:e6:5f:f8:
                    cf:56:6b:50:39:2c:b6:14:da:99:ec:e0:96:76:b9:
                    5c:fe:52:c0:5a:1d:be:50:dd:19:0e:7d:14:cb:1c:
                    e4:ea:de:b7:46:fd:76:69:75:d8:ac:65:a1:0b:f2:
                    68:59:fd:0a:79:a3:32:4f:bd:5d:ea:bc:64:62:75:
                    a0:fb:be:44:15:52:62:20:f2:28:14:f1:e5:06:9f:
                    70:58:30:2e:6b:85:47:2f:2a:b7:2a:41:a0:d3:6c:
                    b7:da:bb:dd:ed:72:05:3f:55:c6:25:d1:54:b6:0f:
                    2d:16:8b:9d:86:b2:01:17:29:bf:d1:4a:77:87:a1:
                    c6:47:53:cf:8e:79:e0:06:32:cf:63:74:9d:b0:3b:
                    d2:9f:70:63:b2:b9:27:15:0a:09:82:e2:37:ef:67:
                    ed:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E7:E5:CA:97:05:A9:E7:C9:5A:D7:C5:80:B1:A9:75:C4:4D:B0:A7
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198584.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.15.0/24
                  147.79.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:57:db:a0:7c:0a:cb:71:98:3d:09:b4:64:a7:23:26:2b:00:
         44:d1:2a:2a:c6:96:f5:80:8c:f2:0b:09:34:ed:fd:6d:a4:5f:
         e4:79:7a:6e:e0:f9:a6:48:29:be:cb:26:f5:a3:54:4c:f5:d3:
         20:7f:b0:66:a6:27:c0:bd:3f:e7:3d:33:89:aa:f5:04:b2:00:
         b7:88:87:5b:2a:e5:88:b1:80:88:12:9f:68:7d:bb:f5:10:9b:
         d0:c4:b1:10:af:2e:1b:8a:8a:06:ef:70:a3:31:9f:62:57:95:
         42:49:00:2e:aa:e6:70:b8:b0:54:e1:31:4c:53:94:73:d8:60:
         65:46:18:ba:c9:db:ff:90:1e:ba:f6:d3:16:a5:15:c0:30:84:
         85:17:4d:48:14:e5:ac:9a:ac:9f:41:15:00:af:c2:28:07:8a:
         25:29:9b:ad:4b:34:75:c1:40:75:01:50:2d:67:87:e9:de:fe:
         b1:61:c1:9e:36:6a:bf:e1:a5:c7:54:67:4f:00:0e:e4:8f:a5:
         a4:2c:76:d0:f6:26:2c:b5:4e:54:d5:9e:2e:5f:53:e0:10:8a:
         e6:26:b4:f9:dd:07:d0:b1:87:a3:d8:2e:a5:b8:12:1a:d9:4d:
         49:fe:13:c1:5f:2f:e6:5a:c0:81:81:aa:2e:a7:7e:cf:f9:51:
         92:83:17:55
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUX8DTEEceIV4p4iW8o+I49aHhDn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTYyMzU1MjJaFw0yNjA3MTYwMDAwMjJaMDMxMTAvBgNV
BAMTKDUwRTdFNUNBOTcwNUE5RTdDOTVBRDdDNTgwQjFBOTc1QzQ0REIwQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnIK6AAOQaFZaqIl5jPQyvWsop
TD16Qc6BLNusfBw9JtO8yyOfSk2q+BtvXa5dhDrMs0MAv+8JaEx1NFOD4wgwAhET
9p0Avmb/Phx9V2/FzYe4cHPimIptIGaBe30arv1Xc4TCseZf+M9Wa1A5LLYU2pns
4JZ2uVz+UsBaHb5Q3RkOfRTLHOTq3rdG/XZpddisZaEL8mhZ/Qp5ozJPvV3qvGRi
daD7vkQVUmIg8igU8eUGn3BYMC5rhUcvKrcqQaDTbLfau93tcgU/VcYl0VS2Dy0W
i52GsgEXKb/RSneHocZHU8+OeeAGMs9jdJ2wO9KfcGOyuScVCgmC4jfvZ+1VAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUUOflypcFqefJWtfFgLGpdcRNsKcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk4NTg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw4P
AwQAk08AMA0GCSqGSIb3DQEBCwUAA4IBAQAIV9ugfArLcZg9CbRkpyMmKwBE0Soq
xpb1gIzyCwk07f1tpF/keXpu4PmmSCm+yyb1o1RM9dMgf7BmpifAvT/nPTOJqvUE
sgC3iIdbKuWIsYCIEp9ofbv1EJvQxLEQry4biooG73CjMZ9iV5VCSQAuquZwuLBU
4TFMU5Rz2GBlRhi6ydv/kB669tMWpRXAMISFF01IFOWsmqyfQRUAr8IoB4olKZut
SzR1wUB1AVAtZ4fp3v6xYcGeNmq/4aXHVGdPAA7kj6WkLHbQ9iYstU5U1Z4uX1Pg
EIrmJrT53QfQsYej2C6luBIa2U1J/hPBXy/mWsCBgaoup37P+VGSgxdV
-----END CERTIFICATE-----