Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199186.roa
File:                     AS199186.roa (raw, json)
Hash identifier:          /kE5VfwMyikq9LcMajhjRA0CG1Hle1ND5hwsShMxm4E=
Subject key identifier:   F5:76:8D:3F:11:CC:6B:CF:1B:06:5C:EA:43:1B:44:16:05:ED:6F:94
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       180FCE46054DD88376D54DA204EF5993956B2A72
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199186.roa
Signing time:             Wed 22 Apr 2026 07:50:25 +0000
ROA not before:           Wed 22 Apr 2026 07:45:25 +0000
ROA not after:            Wed 21 Apr 2027 07:50:25 +0000
asID:                     199186
IP address blocks:        143.14.59.0/24 maxlen: 24
                          162.141.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:0f:ce:46:05:4d:d8:83:76:d5:4d:a2:04:ef:59:93:95:6b:2a:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 22 07:45:25 2026 GMT
            Not After : Apr 21 07:50:25 2027 GMT
        Subject: CN=F5768D3F11CC6BCF1B065CEA431B441605ED6F94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:5b:57:38:ea:47:a6:a4:a2:03:b6:0c:dc:7d:
                    80:23:e9:76:0d:19:a1:cb:de:69:92:45:d5:f8:bc:
                    09:80:62:ab:11:e1:82:a9:57:d3:34:38:eb:f3:2e:
                    46:d1:c0:2d:5e:51:5f:16:c5:06:18:61:70:6d:fa:
                    b7:10:4f:e9:26:b0:7e:30:ed:75:8b:0b:34:48:a7:
                    6f:30:20:d3:1a:ec:21:13:51:7b:b5:6f:e6:21:a1:
                    bc:04:b4:3a:0b:4f:55:fe:02:e5:20:61:bb:a5:db:
                    9f:98:d7:57:41:39:d0:11:31:2c:74:5d:34:0e:03:
                    a6:7d:94:9e:c8:c0:62:da:0f:f2:d2:9b:56:95:f7:
                    f5:87:2e:32:c3:ca:92:76:7a:29:f5:02:6c:71:3d:
                    25:39:2c:af:90:4b:90:69:25:08:41:4b:63:04:cd:
                    fb:2f:ea:98:32:89:14:49:22:7d:7b:52:8a:fa:cc:
                    69:72:fc:e9:c4:2f:04:fc:73:f3:c3:64:8e:93:88:
                    9a:fb:14:df:57:cd:36:c3:4d:f7:b0:e8:c4:75:73:
                    6c:0b:21:02:fb:0c:c6:06:5a:80:91:37:d1:a6:7a:
                    4f:bb:f2:fb:5f:cf:51:59:34:8c:6a:33:be:91:a1:
                    e8:7f:e8:c4:ad:00:e9:6b:73:63:b9:fd:05:37:1d:
                    cf:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:76:8D:3F:11:CC:6B:CF:1B:06:5C:EA:43:1B:44:16:05:ED:6F:94
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199186.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.59.0/24
                  162.141.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:b6:2a:2d:a0:de:81:45:48:f4:58:23:9c:2f:f6:ac:7b:58:
         f4:0f:90:41:b2:7e:87:92:83:d0:cb:85:26:61:95:d0:c8:4b:
         fc:b6:24:e9:5e:bb:bb:f7:75:e5:46:c5:84:5c:3f:2f:db:3f:
         d8:e2:23:ec:cd:f5:8f:a5:99:e0:64:87:27:68:0b:be:1f:bb:
         bb:15:ea:b8:f3:94:4a:bc:6e:81:ca:0f:cf:74:37:41:9c:1c:
         c1:39:b4:09:ea:bd:4f:1c:35:ba:38:7e:4b:35:1b:9e:bd:3d:
         82:9d:25:f1:d4:56:aa:7f:03:fe:ce:3b:79:08:5a:29:f5:4e:
         9e:98:d8:90:64:3a:28:46:fa:19:b9:c1:b1:90:7c:c8:9c:29:
         cd:4d:b9:3c:e6:c2:9d:d8:7a:1a:3a:da:cd:fc:26:90:2f:41:
         93:e7:e8:29:b4:5d:29:88:6e:c9:16:dc:3d:4b:9c:fa:dc:0f:
         27:1d:47:9f:64:01:51:4d:eb:e8:de:54:b6:9b:4d:4d:af:2a:
         e8:fb:9e:53:72:a3:f8:9f:dd:a7:b9:d3:63:5c:ca:d4:49:87:
         3f:c1:c3:9e:3b:7a:96:94:82:aa:88:1e:3a:f0:54:0d:9f:01:
         c4:11:dd:09:e1:87:f7:bb:6d:c7:b8:4c:16:97:08:25:33:78:
         e3:ff:63:5f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGA/ORgVN2IN21U2iBO9Zk5VrKnIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjIwNzQ1MjVaFw0yNzA0MjEwNzUwMjVaMDMxMTAvBgNV
BAMTKEY1NzY4RDNGMTFDQzZCQ0YxQjA2NUNFQTQzMUI0NDE2MDVFRDZGOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYW1c46kempKIDtgzcfYAj6XYN
GaHL3mmSRdX4vAmAYqsR4YKpV9M0OOvzLkbRwC1eUV8WxQYYYXBt+rcQT+kmsH4w
7XWLCzRIp28wINMa7CETUXu1b+YhobwEtDoLT1X+AuUgYbul25+Y11dBOdARMSx0
XTQOA6Z9lJ7IwGLaD/LSm1aV9/WHLjLDypJ2ein1AmxxPSU5LK+QS5BpJQhBS2ME
zfsv6pgyiRRJIn17Uor6zGly/OnELwT8c/PDZI6TiJr7FN9XzTbDTfew6MR1c2wL
IQL7DMYGWoCRN9Gmek+78vtfz1FZNIxqM76Roeh/6MStAOlrc2O5/QU3Hc/RAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU9XaNPxHMa88bBlzqQxtEFgXtb5QwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk5MTg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw47
AwQAoo2hMA0GCSqGSIb3DQEBCwUAA4IBAQALtiotoN6BRUj0WCOcL/ase1j0D5BB
sn6HkoPQy4UmYZXQyEv8tiTpXru793XlRsWEXD8v2z/Y4iPszfWPpZngZIcnaAu+
H7u7Feq485RKvG6Byg/PdDdBnBzBObQJ6r1PHDW6OH5LNRuevT2CnSXx1FaqfwP+
zjt5CFop9U6emNiQZDooRvoZucGxkHzInCnNTbk85sKd2HoaOtrN/CaQL0GT5+gp
tF0piG7JFtw9S5z63A8nHUefZAFRTevo3lS2m01Nryro+55TcqP4n92nudNjXMrU
SYc/wcOeO3qWlIKqiB468FQNnwHEEd0J4Yf3u23HuEwWlwglM3jj/2Nf
-----END CERTIFICATE-----