Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199186.roa
File:                     AS199186.roa (raw, json)
Hash identifier:          0aaZ38wvPqtPHC0L2ICCOlP+H9aMWMm8rLj+MdjhhU0=
Subject key identifier:   27:B2:8D:E0:BE:00:37:3A:04:D3:22:B5:4C:14:6B:79:81:3C:BA:4E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6E7F6D4D499522A15AA96FAF63276526E4763731
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199186.roa
Signing time:             Thu 18 Jun 2026 16:52:20 +0000
ROA not before:           Thu 18 Jun 2026 16:47:20 +0000
ROA not after:            Thu 17 Jun 2027 16:52:20 +0000
asID:                     199186
IP address blocks:        168.222.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Jun 2026 15:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:7f:6d:4d:49:95:22:a1:5a:a9:6f:af:63:27:65:26:e4:76:37:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 18 16:47:20 2026 GMT
            Not After : Jun 17 16:52:20 2027 GMT
        Subject: CN=27B28DE0BE00373A04D322B54C146B79813CBA4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:66:b2:fe:35:dc:e7:d4:60:5d:bd:59:f2:e9:
                    a2:80:7b:83:02:16:36:2b:93:bf:5a:82:3a:1c:ea:
                    f8:53:bc:74:8d:7a:97:df:7f:30:c8:9f:f4:38:69:
                    f8:6b:fa:88:d7:48:59:3f:af:43:ab:fc:14:aa:3b:
                    67:8d:9d:10:27:4d:23:30:ea:44:0d:ac:80:c1:53:
                    9c:bf:20:d7:8c:60:d0:ae:38:37:ec:ad:d4:07:5a:
                    07:61:47:60:2a:b5:70:15:44:0e:17:33:da:5a:4b:
                    ed:ac:dd:80:45:6f:d6:54:4c:8d:8b:f7:ad:b1:b2:
                    92:35:8b:5e:04:65:4e:76:70:7e:03:50:10:58:11:
                    8a:7b:b1:f7:0e:ce:48:06:2e:48:aa:3a:04:2c:72:
                    6d:d8:02:21:db:a7:7b:74:10:cf:ef:4e:e4:6f:d9:
                    21:4f:89:97:80:f5:d1:51:1b:0f:c5:54:78:1e:57:
                    98:d8:e6:26:b1:9f:50:fe:37:56:e6:49:37:71:4a:
                    95:74:db:5c:1b:f9:7f:ad:f4:00:f6:e8:29:5f:41:
                    5d:7d:82:03:98:63:1a:91:a2:ba:74:9e:5f:50:ad:
                    29:29:aa:5a:99:99:43:53:a4:63:73:83:d9:44:53:
                    12:82:6b:5c:c4:ca:b4:68:0d:d4:01:c2:57:58:32:
                    db:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:B2:8D:E0:BE:00:37:3A:04:D3:22:B5:4C:14:6B:79:81:3C:BA:4E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199186.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:0f:ff:61:fb:7e:88:73:3a:ba:df:bd:83:56:00:8d:92:1f:
         60:85:4f:1c:bd:57:5f:6c:1c:af:8a:4e:5a:0f:bf:6c:38:5e:
         2b:d4:f4:2d:9d:9c:02:8c:7e:b0:af:90:11:72:4e:79:dd:2f:
         22:88:cc:c8:bc:e0:6c:ce:fd:54:5b:bd:34:9f:ee:8a:47:ef:
         67:b5:21:96:e7:ec:0f:bd:2f:c9:e4:c5:d4:37:54:10:c1:0d:
         d7:c6:6d:ba:04:d1:91:a9:a1:3c:d2:00:ff:72:00:38:45:7d:
         a0:4c:93:b7:b2:5a:dc:54:3d:bb:84:8b:06:ab:b4:02:90:20:
         c2:b5:6d:89:01:cf:63:76:f2:65:89:7e:ab:b1:47:84:90:21:
         27:55:1f:4d:89:7d:cb:78:68:60:83:2a:91:a2:70:64:68:e5:
         ef:95:78:e7:15:93:66:a1:ac:02:b3:58:05:0d:19:4f:b2:1a:
         fc:61:5b:6f:17:2a:d2:9c:3b:ef:ce:09:f7:e2:05:17:c3:d5:
         bd:fb:87:29:a7:4e:2f:d6:36:54:ea:3d:4b:8c:d7:5a:b4:58:
         4b:0f:83:9b:89:9e:62:4c:87:ee:01:a6:e4:f1:e9:c7:c6:3b:
         0e:a4:82:64:28:aa:5b:a4:0f:57:33:85:04:a4:01:6e:cc:8d:
         1a:8f:06:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbn9tTUmVIqFaqW+vYydlJuR2NzEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MTgxNjQ3MjBaFw0yNzA2MTcxNjUyMjBaMDMxMTAvBgNV
BAMTKDI3QjI4REUwQkUwMDM3M0EwNEQzMjJCNTRDMTQ2Qjc5ODEzQ0JBNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIZrL+Ndzn1GBdvVny6aKAe4MC
FjYrk79agjoc6vhTvHSNepfffzDIn/Q4afhr+ojXSFk/r0Or/BSqO2eNnRAnTSMw
6kQNrIDBU5y/INeMYNCuODfsrdQHWgdhR2AqtXAVRA4XM9paS+2s3YBFb9ZUTI2L
962xspI1i14EZU52cH4DUBBYEYp7sfcOzkgGLkiqOgQscm3YAiHbp3t0EM/vTuRv
2SFPiZeA9dFRGw/FVHgeV5jY5iaxn1D+N1bmSTdxSpV021wb+X+t9AD26ClfQV19
ggOYYxqRorp0nl9QrSkpqlqZmUNTpGNzg9lEUxKCa1zEyrRoDdQBwldYMts3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJ7KN4L4ANzoE0yK1TBRreYE8uk4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk5MTg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqN4a
MA0GCSqGSIb3DQEBCwUAA4IBAQAhD/9h+36Iczq6372DVgCNkh9ghU8cvVdfbByv
ik5aD79sOF4r1PQtnZwCjH6wr5ARck553S8iiMzIvOBszv1UW700n+6KR+9ntSGW
5+wPvS/J5MXUN1QQwQ3Xxm26BNGRqaE80gD/cgA4RX2gTJO3slrcVD27hIsGq7QC
kCDCtW2JAc9jdvJliX6rsUeEkCEnVR9NiX3LeGhggyqRonBkaOXvlXjnFZNmoawC
s1gFDRlPshr8YVtvFyrSnDvvzgn34gUXw9W9+4cpp04v1jZU6j1LjNdatFhLD4Ob
iZ5iTIfuAabk8enHxjsOpIJkKKpbpA9XM4UEpAFuzI0ajwZw
-----END CERTIFICATE-----