Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198963.roa
File:                     AS198963.roa (raw, json)
Hash identifier:          oebtCsOy6aQBH/lV2/96N5IbS3RyaSLq2R/0LVsYQiY=
Subject key identifier:   DC:51:93:AE:CB:27:90:54:55:6B:17:B1:C8:97:E0:7C:69:68:DB:4D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       353853A192EE758FCD3B8CCFC75A93F7AA7A3182
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198963.roa
Signing time:             Wed 16 Jul 2025 05:50:50 +0000
ROA not before:           Wed 16 Jul 2025 05:45:50 +0000
ROA not after:            Wed 15 Jul 2026 05:50:50 +0000
asID:                     198963
IP address blocks:        82.21.50.0/24 maxlen: 24
                          2a13:9500:8b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:38:53:a1:92:ee:75:8f:cd:3b:8c:cf:c7:5a:93:f7:aa:7a:31:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 16 05:45:50 2025 GMT
            Not After : Jul 15 05:50:50 2026 GMT
        Subject: CN=DC5193AECB279054556B17B1C897E07C6968DB4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:3f:23:2d:c8:e8:25:42:a1:c9:ce:56:d2:19:
                    a9:d3:cb:fd:2a:c4:9f:a9:62:69:95:d2:95:28:26:
                    38:07:32:db:86:04:17:9a:94:0a:fa:4f:09:e8:b6:
                    09:05:bb:37:a4:09:cc:59:79:25:02:f8:8c:0f:e9:
                    d4:28:b0:34:c6:89:22:42:e6:10:13:58:c1:47:ee:
                    5f:f7:0d:44:f4:b3:e2:3d:92:6f:a1:72:28:52:1a:
                    da:0e:91:5b:82:ed:b3:e2:52:82:6d:d2:fc:2e:58:
                    fc:e1:f5:e6:7d:74:ed:e2:2d:ab:8d:77:b1:27:ac:
                    c7:32:ca:77:2c:c3:ce:1f:9b:7e:50:e8:d4:14:14:
                    fe:2c:72:24:d0:dd:d1:37:48:86:68:ac:93:16:b0:
                    a8:a2:50:76:92:cb:fd:00:a2:e8:7f:c6:c4:ab:b5:
                    da:cf:5b:2a:f4:55:0e:1c:c3:d9:7a:68:1e:a7:f6:
                    a0:0e:d0:0d:2c:be:eb:92:fa:74:7c:93:d9:b1:d0:
                    76:1d:43:f7:bc:32:5e:95:81:05:2d:05:9f:e3:a7:
                    95:c1:3e:b6:8d:62:56:02:7f:3f:94:51:57:94:16:
                    cf:57:bb:cc:31:31:d9:c0:da:88:65:e9:0b:9c:26:
                    d3:0a:5e:5a:b9:26:4d:15:c6:06:bb:f1:50:88:9d:
                    59:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:51:93:AE:CB:27:90:54:55:6B:17:B1:C8:97:E0:7C:69:68:DB:4D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198963.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.50.0/24
                IPv6:
                  2a13:9500:8b::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:ab:cf:5e:02:ac:5f:24:7b:fa:6e:de:ba:a2:39:d0:2e:a3:
         a5:ea:94:18:6e:09:8b:65:b2:b2:01:6a:3f:eb:47:a3:73:1c:
         2b:28:12:a8:b7:b4:65:ab:59:dc:37:c9:e3:c6:45:f5:8d:df:
         fd:ab:a2:c8:38:a6:95:84:48:cb:85:4e:c9:84:a6:e5:3d:08:
         69:4e:3b:d3:b9:20:91:1a:d0:8f:d8:61:1a:39:ee:45:2c:62:
         1e:bd:b3:a2:0a:35:90:2e:51:37:3d:ef:0f:f8:0d:d8:3d:fa:
         2d:ab:3c:72:bd:48:39:eb:97:8d:dd:f5:3a:7b:63:a2:df:22:
         fe:2d:00:10:6b:5d:af:51:b1:ae:c9:c6:2a:22:61:65:e5:2c:
         f7:e8:00:cc:26:a5:dc:29:a2:6a:71:9e:51:ee:2b:a8:3d:f6:
         70:43:c9:56:d4:4a:58:ff:ba:b4:c9:bb:48:72:d3:dd:e0:43:
         36:0d:97:50:0a:2f:49:e6:ff:7a:7f:3a:c9:19:51:8d:90:9a:
         43:99:75:44:e6:d5:ce:90:ad:bb:c7:e2:c9:60:67:02:cb:23:
         ae:8c:19:56:1b:d3:94:ab:98:78:89:7b:14:78:58:88:22:54:
         6b:31:7d:17:ba:8c:93:6d:19:69:81:1a:60:47:3f:32:10:7c:
         d1:10:b7:3a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUNThToZLudY/NO4zPx1qT96p6MYIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTYwNTQ1NTBaFw0yNjA3MTUwNTUwNTBaMDMxMTAvBgNV
BAMTKERDNTE5M0FFQ0IyNzkwNTQ1NTZCMTdCMUM4OTdFMDdDNjk2OERCNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFPyMtyOglQqHJzlbSGanTy/0q
xJ+pYmmV0pUoJjgHMtuGBBealAr6TwnotgkFuzekCcxZeSUC+IwP6dQosDTGiSJC
5hATWMFH7l/3DUT0s+I9km+hcihSGtoOkVuC7bPiUoJt0vwuWPzh9eZ9dO3iLauN
d7EnrMcyyncsw84fm35Q6NQUFP4sciTQ3dE3SIZorJMWsKiiUHaSy/0Aouh/xsSr
tdrPWyr0VQ4cw9l6aB6n9qAO0A0svuuS+nR8k9mx0HYdQ/e8Ml6VgQUtBZ/jp5XB
PraNYlYCfz+UUVeUFs9Xu8wxMdnA2ohl6QucJtMKXlq5Jk0Vxga78VCInVlhAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQU3FGTrssnkFRVaxexyJfgfGlo200wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4OTYzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhUy
MA8EAgACMAkDBwAqE5UAAIswDQYJKoZIhvcNAQELBQADggEBAAerz14CrF8ke/pu
3rqiOdAuo6XqlBhuCYtlsrIBaj/rR6NzHCsoEqi3tGWrWdw3yePGRfWN3/2rosg4
ppWESMuFTsmEpuU9CGlOO9O5IJEa0I/YYRo57kUsYh69s6IKNZAuUTc97w/4Ddg9
+i2rPHK9SDnrl43d9Tp7Y6LfIv4tABBrXa9Rsa7JxioiYWXlLPfoAMwmpdwpompx
nlHuK6g99nBDyVbUSlj/urTJu0hy093gQzYNl1AKL0nm/3p/OskZUY2QmkOZdUTm
1c6QrbvH4slgZwLLI66MGVYb05SrmHiJexR4WIgiVGsxfRe6jJNtGWmBGmBHPzIQ
fNEQtzo=
-----END CERTIFICATE-----