Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198810.roa
File:                     AS198810.roa (raw, json)
Hash identifier:          kpKJAbFrgej+arnAF4rt07KCW7cwtSfZ0prguWc2YzE=
Subject key identifier:   21:F7:1E:3C:65:E4:2F:C6:3E:F6:12:43:FB:33:7F:57:AF:24:E8:EB
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4926EC54E60C741590761787AFD9F069DC6218F9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198810.roa
Signing time:             Wed 20 May 2026 08:40:10 +0000
ROA not before:           Wed 20 May 2026 08:35:10 +0000
ROA not after:            Wed 19 May 2027 08:40:10 +0000
asID:                     198810
IP address blocks:        162.141.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:26:ec:54:e6:0c:74:15:90:76:17:87:af:d9:f0:69:dc:62:18:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 20 08:35:10 2026 GMT
            Not After : May 19 08:40:10 2027 GMT
        Subject: CN=21F71E3C65E42FC63EF61243FB337F57AF24E8EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c7:06:54:20:29:53:d2:6c:b8:ea:ba:e2:c3:
                    da:51:c6:b7:77:ee:ce:63:06:26:2a:58:bd:48:73:
                    3d:05:5f:ec:d9:9f:3e:1c:16:27:80:5b:c8:02:66:
                    48:d5:69:e5:2f:6f:b3:29:13:6f:d9:3d:0a:26:a8:
                    f5:5e:0d:92:d3:d5:98:f6:26:7e:f0:d9:2b:30:ba:
                    92:d2:f9:30:c4:a0:0d:18:e7:09:7b:2c:61:9e:14:
                    66:cb:4b:3d:3b:cd:0f:9c:9c:5c:9e:68:2c:40:96:
                    b2:9e:38:60:84:07:d2:1c:3b:29:15:c2:d1:43:01:
                    51:fa:2a:11:88:a6:06:6e:51:b0:9a:e3:95:c5:cd:
                    34:89:4b:55:d1:94:a0:33:5d:2c:43:64:69:a5:7b:
                    11:29:b8:77:3d:cd:c0:6a:31:48:2f:20:45:25:a4:
                    9a:44:cd:ac:66:1f:de:45:d6:7a:04:b6:16:78:b9:
                    dd:83:67:84:b4:0c:ca:88:bc:84:ee:d6:67:cf:38:
                    53:48:9b:fc:f1:2c:6d:1b:cc:46:38:b8:2a:81:08:
                    88:ac:01:dc:c6:b3:90:5e:12:ad:7c:25:d3:c5:43:
                    3b:75:7d:bf:f7:bc:11:93:f2:38:fc:2f:bc:1d:3d:
                    80:57:f6:d0:ce:90:bc:25:2b:c0:7c:a3:5e:d9:84:
                    c7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F7:1E:3C:65:E4:2F:C6:3E:F6:12:43:FB:33:7F:57:AF:24:E8:EB
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:c0:5a:a1:90:fb:7d:86:e4:8e:b6:bc:25:be:a4:7a:75:c5:
         b1:22:c5:ba:3e:c7:2a:31:3e:62:d4:4a:54:56:df:d2:05:a9:
         17:45:f6:3a:5b:5f:8f:47:4d:de:2b:44:5c:ce:ce:9c:d9:10:
         d6:cd:af:3f:b1:c7:d5:68:2b:9d:08:59:89:5a:e9:3f:0e:6d:
         3f:f6:4c:c8:b8:d0:ed:c3:f9:86:0a:66:4e:c3:dd:8e:b7:09:
         79:63:54:8e:21:85:71:eb:8a:77:5d:66:22:b9:f5:6d:b6:9b:
         70:22:ba:02:70:b4:41:ba:ea:cf:20:48:c1:ff:8f:17:41:79:
         40:33:51:cd:b8:79:d3:8b:1f:62:5e:6f:59:96:1b:39:bb:aa:
         8e:de:7c:6d:e5:a0:20:a9:82:d8:dd:19:86:e4:2a:a4:06:c9:
         bc:1b:f8:3e:3f:e7:34:2f:81:b1:e6:a9:62:f3:da:19:be:28:
         f4:ef:96:37:f4:cc:ab:5e:2c:1b:84:f9:03:49:52:18:e7:27:
         dd:8e:04:c3:8e:b0:18:47:6a:e8:88:dc:50:ee:cb:10:b3:29:
         7b:d5:04:e9:5c:d8:83:53:40:3a:3f:29:5f:63:d6:75:45:68:
         b0:c8:5f:0b:d2:30:cc:d3:22:be:b3:75:39:5b:d5:02:91:2b:
         dc:51:61:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSSbsVOYMdBWQdheHr9nwadxiGPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjAwODM1MTBaFw0yNzA1MTkwODQwMTBaMDMxMTAvBgNV
BAMTKDIxRjcxRTNDNjVFNDJGQzYzRUY2MTI0M0ZCMzM3RjU3QUYyNEU4RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1xwZUIClT0my46rriw9pRxrd3
7s5jBiYqWL1Icz0FX+zZnz4cFieAW8gCZkjVaeUvb7MpE2/ZPQomqPVeDZLT1Zj2
Jn7w2SswupLS+TDEoA0Y5wl7LGGeFGbLSz07zQ+cnFyeaCxAlrKeOGCEB9IcOykV
wtFDAVH6KhGIpgZuUbCa45XFzTSJS1XRlKAzXSxDZGmlexEpuHc9zcBqMUgvIEUl
pJpEzaxmH95F1noEthZ4ud2DZ4S0DMqIvITu1mfPOFNIm/zxLG0bzEY4uCqBCIis
AdzGs5BeEq18JdPFQzt1fb/3vBGT8jj8L7wdPYBX9tDOkLwlK8B8o17ZhMcnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUIfcePGXkL8Y+9hJD+zN/V68k6OswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk4ODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo1p
MA0GCSqGSIb3DQEBCwUAA4IBAQADwFqhkPt9huSOtrwlvqR6dcWxIsW6PscqMT5i
1EpUVt/SBakXRfY6W1+PR03eK0Rczs6c2RDWza8/scfVaCudCFmJWuk/Dm0/9kzI
uNDtw/mGCmZOw92Otwl5Y1SOIYVx64p3XWYiufVttptwIroCcLRBuurPIEjB/48X
QXlAM1HNuHnTix9iXm9Zlhs5u6qO3nxt5aAgqYLY3RmG5CqkBsm8G/g+P+c0L4Gx
5qli89oZvij075Y39MyrXiwbhPkDSVIY5yfdjgTDjrAYR2roiNxQ7ssQsyl71QTp
XNiDU0A6PylfY9Z1RWiwyF8L0jDM0yK+s3U5W9UCkSvcUWGo
-----END CERTIFICATE-----