Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198805.roa
File:                     AS198805.roa (raw, json)
Hash identifier:          dszoP0AiMwQGHtgZ8/0kmE0eY0ttWshxT9/8Y8rauv8=
Subject key identifier:   53:51:7E:22:57:F8:D8:DD:04:22:DD:16:AC:8D:2F:EA:CC:78:79:2E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1869156C5CCD9F61C1B53CBA50B1974F38A66ABC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198805.roa
Signing time:             Thu 28 May 2026 03:25:00 +0000
ROA not before:           Thu 28 May 2026 03:20:00 +0000
ROA not after:            Thu 27 May 2027 03:25:00 +0000
asID:                     198805
IP address blocks:        143.14.170.0/24 maxlen: 24
                          162.141.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:69:15:6c:5c:cd:9f:61:c1:b5:3c:ba:50:b1:97:4f:38:a6:6a:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 28 03:20:00 2026 GMT
            Not After : May 27 03:25:00 2027 GMT
        Subject: CN=53517E2257F8D8DD0422DD16AC8D2FEACC78792E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7e:7f:e3:45:ed:64:9b:e8:80:42:12:ac:05:
                    6d:da:db:1a:bd:dc:65:97:96:7d:12:d9:bf:ff:78:
                    b2:74:0b:9a:ac:a5:d8:77:e5:0a:4b:87:aa:a9:95:
                    c4:a4:73:18:d2:50:de:b6:84:43:cb:4e:a5:cb:4d:
                    e7:96:7d:a9:20:fe:d5:83:c9:2a:30:c8:17:29:89:
                    3b:07:fa:45:26:8c:bc:9c:21:5a:80:94:36:44:b3:
                    a2:7a:08:84:f6:af:0e:b4:16:22:3c:f0:5e:49:1c:
                    03:b0:84:f0:b9:7f:dd:d5:94:06:84:68:09:aa:9a:
                    b1:2f:88:d8:f3:26:13:24:d0:e7:5c:f8:40:1f:ee:
                    fd:c7:8a:8b:ff:1a:0f:2d:52:07:77:d4:ff:76:1c:
                    95:97:6c:fa:db:9d:91:2e:06:6f:9a:90:68:b4:94:
                    4e:c6:64:bc:ac:ae:0d:a7:64:37:d7:b4:3e:b4:d8:
                    31:be:8d:53:ef:29:7b:c0:55:7f:ac:21:3b:a8:d7:
                    7e:ce:de:37:62:d8:82:c0:02:73:31:d0:31:ef:4d:
                    31:59:0b:4c:00:ee:04:fa:84:04:cf:18:53:d6:05:
                    ba:47:75:56:2e:05:73:05:dd:13:dd:a6:85:ce:c9:
                    5b:f4:4f:78:ce:f9:86:cb:67:a1:f1:7c:96:c1:fc:
                    0e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:51:7E:22:57:F8:D8:DD:04:22:DD:16:AC:8D:2F:EA:CC:78:79:2E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198805.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.170.0/24
                  162.141.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:e1:8e:c9:57:cb:08:7f:38:dc:0e:8b:eb:45:2f:a1:e1:69:
         7e:d1:c9:f6:2a:54:22:cd:7a:d3:3f:8a:4c:07:18:05:ef:a2:
         bf:48:ed:0d:a8:41:82:97:e2:00:a0:ca:7f:f6:09:02:0b:0b:
         59:8c:ab:ff:29:03:37:27:5f:be:b1:b0:71:bb:4f:e2:32:ef:
         f8:ca:92:b1:dd:01:45:6c:91:44:91:a6:0f:d0:0d:13:5d:c2:
         73:fc:3c:41:5d:4a:52:15:44:18:29:d9:c4:0f:c9:d1:80:2f:
         af:24:d4:5f:24:15:b9:37:25:06:fe:37:ae:19:e7:c5:14:fe:
         0f:e7:63:0d:7b:2b:ef:05:2b:da:bf:aa:b8:8f:47:3f:4f:25:
         08:b0:37:64:98:65:30:30:09:8d:04:bb:07:2c:c2:b0:2d:6f:
         9b:92:00:96:bf:96:7d:95:e3:b4:f9:b0:e1:8d:80:2f:0c:69:
         d1:a0:f7:2a:25:4a:9a:ae:6c:72:63:31:75:27:7f:0e:94:29:
         c4:c0:e4:e8:2a:11:b9:c2:c4:08:e3:0f:46:78:ec:21:12:fe:
         15:bb:4b:6e:72:66:cb:fa:31:4e:00:83:1e:92:cc:8a:d9:13:
         84:99:d6:c0:ef:7f:9f:55:9d:4b:7a:33:f5:f0:e6:2c:4e:19:
         e4:87:8e:c0
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGGkVbFzNn2HBtTy6ULGXTzimarwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjgwMzIwMDBaFw0yNzA1MjcwMzI1MDBaMDMxMTAvBgNV
BAMTKDUzNTE3RTIyNTdGOEQ4REQwNDIyREQxNkFDOEQyRkVBQ0M3ODc5MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDefn/jRe1km+iAQhKsBW3a2xq9
3GWXln0S2b//eLJ0C5qspdh35QpLh6qplcSkcxjSUN62hEPLTqXLTeeWfakg/tWD
ySowyBcpiTsH+kUmjLycIVqAlDZEs6J6CIT2rw60FiI88F5JHAOwhPC5f93VlAaE
aAmqmrEviNjzJhMk0Odc+EAf7v3Hiov/Gg8tUgd31P92HJWXbPrbnZEuBm+akGi0
lE7GZLysrg2nZDfXtD602DG+jVPvKXvAVX+sITuo137O3jdi2ILAAnMx0DHvTTFZ
C0wA7gT6hATPGFPWBbpHdVYuBXMF3RPdpoXOyVv0T3jO+YbLZ6HxfJbB/A47AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUU1F+Ilf42N0EIt0WrI0v6sx4eS4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk4ODA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw6q
AwQAoo1QMA0GCSqGSIb3DQEBCwUAA4IBAQAy4Y7JV8sIfzjcDovrRS+h4Wl+0cn2
KlQizXrTP4pMBxgF76K/SO0NqEGCl+IAoMp/9gkCCwtZjKv/KQM3J1++sbBxu0/i
Mu/4ypKx3QFFbJFEkaYP0A0TXcJz/DxBXUpSFUQYKdnED8nRgC+vJNRfJBW5NyUG
/jeuGefFFP4P52MNeyvvBSvav6q4j0c/TyUIsDdkmGUwMAmNBLsHLMKwLW+bkgCW
v5Z9leO0+bDhjYAvDGnRoPcqJUqarmxyYzF1J38OlCnEwOToKhG5wsQI4w9GeOwh
Ev4Vu0tucmbL+jFOAIMeksyK2ROEmdbA73+fVZ1LejP18OYsThnkh47A
-----END CERTIFICATE-----