Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199218.roa
File:                     AS199218.roa (raw, json)
Hash identifier:          GocxctEO3W7qM8ZHRsXt0zcD7+SpDPZycM/q02uSjg4=
Subject key identifier:   9F:26:C0:97:D0:6D:06:B2:B5:2E:7A:84:6B:00:58:CE:7B:4D:6E:68
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0C499476648F2ABAF5FFD411A0428DB0AB008552
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199218.roa
Signing time:             Wed 28 May 2025 08:55:45 +0000
ROA not before:           Wed 28 May 2025 08:50:45 +0000
ROA not after:            Wed 27 May 2026 08:55:45 +0000
asID:                     199218
IP address blocks:        155.117.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:49:94:76:64:8f:2a:ba:f5:ff:d4:11:a0:42:8d:b0:ab:00:85:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 28 08:50:45 2025 GMT
            Not After : May 27 08:55:45 2026 GMT
        Subject: CN=9F26C097D06D06B2B52E7A846B0058CE7B4D6E68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:61:c1:c7:86:41:18:77:a5:a9:f4:c5:4a:70:
                    cd:c6:22:9c:f5:a5:3b:59:06:30:16:43:ba:89:81:
                    c9:8e:82:e9:7a:6b:fa:59:ca:1b:60:66:80:0f:83:
                    c5:03:5c:ec:ca:7b:7f:6d:22:49:09:ee:38:5b:d1:
                    31:87:00:03:0c:47:30:2b:7a:74:7c:56:d2:df:b8:
                    3f:7a:7b:82:a4:c4:80:ed:c7:2a:e2:77:e1:b5:a3:
                    1a:93:68:d0:dd:da:ef:5a:37:ea:b6:27:53:42:fc:
                    06:8d:9c:29:10:44:c4:82:dd:22:8a:14:63:71:14:
                    05:3c:35:4e:d2:12:61:26:3f:78:46:e5:10:7d:55:
                    cd:0b:18:f1:ff:ad:81:5e:50:ca:84:c2:60:ef:28:
                    74:f1:a6:a9:66:4b:1a:4c:dd:17:5a:fd:d9:f4:7e:
                    5c:ce:98:5c:b0:1b:80:64:00:ae:95:d5:e2:d5:99:
                    5b:c0:c8:8e:c6:40:48:f0:d4:ee:c5:14:f3:65:fa:
                    28:a3:33:8f:46:b3:b1:ba:ae:e3:12:9c:3b:bf:e5:
                    30:ab:da:c9:40:d9:ae:19:d8:e7:db:a2:2b:2b:be:
                    b9:fb:de:37:1f:63:f6:68:af:2b:b5:16:5d:14:90:
                    b9:4b:81:e0:72:c4:49:6f:a8:cc:ef:a8:1e:11:ed:
                    8e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:26:C0:97:D0:6D:06:B2:B5:2E:7A:84:6B:00:58:CE:7B:4D:6E:68
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:8d:19:13:e5:02:4e:0e:39:1f:fe:a2:6d:f3:ae:69:d0:00:
         68:75:9c:d8:c5:5a:64:19:5d:c4:8a:af:17:40:24:dd:d0:f2:
         2c:d0:aa:f9:c0:f4:5f:a9:39:b7:44:16:ec:5f:86:44:30:1d:
         df:89:25:60:81:4b:3e:9d:17:27:9a:31:fe:f9:a8:30:1a:49:
         31:8f:61:97:00:d2:46:bf:ea:aa:dc:64:68:35:d8:e2:24:34:
         16:06:79:af:92:c8:02:c6:37:08:b6:6b:fd:80:58:74:d6:42:
         a1:e7:32:a7:30:cc:7b:cb:74:88:1f:55:77:5e:ec:63:01:c4:
         02:d2:b9:50:ac:90:2c:b7:07:f0:1d:16:02:1e:df:08:a5:c0:
         2e:8e:80:e2:cc:2b:d6:1b:62:54:7e:ff:cc:3b:7c:ca:98:f6:
         35:73:c9:8a:af:48:de:61:8b:2d:0d:eb:bd:54:c1:3a:ac:0e:
         f7:ee:e4:30:4e:32:d9:b4:8d:2d:2f:e9:d6:b2:ed:13:0a:a1:
         19:32:55:3b:66:35:53:72:d2:85:e6:90:69:a4:16:a1:d5:4b:
         87:68:13:9c:fb:94:76:a4:79:41:39:1f:d5:db:42:3e:58:80:
         a6:e6:ef:b0:f7:37:ab:35:ed:de:f1:4d:7e:ea:72:8e:33:8c:
         aa:77:87:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDEmUdmSPKrr1/9QRoEKNsKsAhVIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjgwODUwNDVaFw0yNjA1MjcwODU1NDVaMDMxMTAvBgNV
BAMTKDlGMjZDMDk3RDA2RDA2QjJCNTJFN0E4NDZCMDA1OENFN0I0RDZFNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHYcHHhkEYd6Wp9MVKcM3GIpz1
pTtZBjAWQ7qJgcmOgul6a/pZyhtgZoAPg8UDXOzKe39tIkkJ7jhb0TGHAAMMRzAr
enR8VtLfuD96e4KkxIDtxyrid+G1oxqTaNDd2u9aN+q2J1NC/AaNnCkQRMSC3SKK
FGNxFAU8NU7SEmEmP3hG5RB9Vc0LGPH/rYFeUMqEwmDvKHTxpqlmSxpM3Rda/dn0
flzOmFywG4BkAK6V1eLVmVvAyI7GQEjw1O7FFPNl+iijM49Gs7G6ruMSnDu/5TCr
2slA2a4Z2Ofboisrvrn73jcfY/Zoryu1Fl0UkLlLgeByxElvqMzvqB4R7Y5fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnybAl9BtBrK1LnqEawBYzntNbmgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk5MjE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3W9
MA0GCSqGSIb3DQEBCwUAA4IBAQBOjRkT5QJODjkf/qJt865p0ABodZzYxVpkGV3E
iq8XQCTd0PIs0Kr5wPRfqTm3RBbsX4ZEMB3fiSVggUs+nRcnmjH++agwGkkxj2GX
ANJGv+qq3GRoNdjiJDQWBnmvksgCxjcItmv9gFh01kKh5zKnMMx7y3SIH1V3Xuxj
AcQC0rlQrJAstwfwHRYCHt8IpcAujoDizCvWG2JUfv/MO3zKmPY1c8mKr0jeYYst
Deu9VME6rA737uQwTjLZtI0tL+nWsu0TCqEZMlU7ZjVTctKF5pBppBah1UuHaBOc
+5R2pHlBOR/V20I+WICm5u+w9zerNe3e8U1+6nKOM4yqd4eM
-----END CERTIFICATE-----