Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS197213.roa
File:                     AS197213.roa (raw, json)
Hash identifier:          iL160cQWNKHUy0vcqvlXB/T1DNAiTLZPMxsviVmWBAM=
Subject key identifier:   0B:0A:8D:28:BF:52:1A:A8:D7:93:9E:9D:09:8A:4D:AE:8D:48:AA:79
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       38231DBA5E9233364835C61D95F94996A37A9F4F
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS197213.roa
Signing time:             Fri 29 May 2026 17:16:04 +0000
ROA not before:           Fri 29 May 2026 17:11:04 +0000
ROA not after:            Fri 28 May 2027 17:16:04 +0000
asID:                     197213
IP address blocks:        82.139.194.0/24 maxlen: 24
                          82.139.204.0/24 maxlen: 24
                          82.139.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:23:1d:ba:5e:92:33:36:48:35:c6:1d:95:f9:49:96:a3:7a:9f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 29 17:11:04 2026 GMT
            Not After : May 28 17:16:04 2027 GMT
        Subject: CN=0B0A8D28BF521AA8D7939E9D098A4DAE8D48AA79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:47:2a:7e:b6:4c:48:0d:17:54:ec:89:c8:96:
                    8e:91:85:73:77:d4:ea:70:99:82:fd:26:4c:77:2f:
                    b9:f9:72:ec:00:71:b9:58:c4:94:66:e3:e4:d8:81:
                    c9:12:e0:f3:24:9b:9c:ab:ed:7b:d5:a1:b9:c4:aa:
                    77:9b:3a:12:e0:82:ce:ec:38:f4:d8:af:0c:e3:b2:
                    da:d5:7c:17:30:7a:c8:15:99:08:61:94:88:22:49:
                    3b:05:17:3f:c7:6d:ce:f8:3c:7f:86:2e:b1:d5:72:
                    3c:47:3d:7b:5d:90:9f:57:50:4d:66:35:cd:de:10:
                    c1:94:40:ff:a4:50:26:cf:a9:33:c2:6f:83:b6:f4:
                    db:68:4d:d9:79:b4:ef:b5:0f:e7:1b:f4:94:49:cc:
                    2d:9b:0f:75:04:28:6d:77:6a:94:ad:d2:fd:89:9f:
                    8a:05:0f:6e:85:64:26:d9:45:04:95:b3:33:89:2e:
                    d0:19:32:2c:8c:4d:2a:68:b2:ea:eb:6b:14:1a:4a:
                    ef:0d:dd:a3:bd:35:27:67:6f:23:ec:f4:79:52:87:
                    bd:7f:f0:f2:6e:9b:76:c8:f1:34:c7:95:e3:91:bd:
                    82:d6:78:86:27:fc:ce:6a:2f:2c:db:b4:bf:3e:f9:
                    64:60:af:e6:a5:c3:65:69:49:7c:02:d1:20:8e:13:
                    a3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:0A:8D:28:BF:52:1A:A8:D7:93:9E:9D:09:8A:4D:AE:8D:48:AA:79
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS197213.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.194.0/24
                  82.139.204.0/24
                  82.139.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:93:cc:3d:bd:5b:7e:1a:37:cb:f5:6c:34:2e:0b:25:7f:f0:
         a2:84:6e:41:f0:33:67:25:c9:6e:1a:0c:0c:c9:a9:5e:c0:c7:
         1e:05:ff:97:f7:a4:65:1f:af:51:e0:93:88:53:9c:f8:28:97:
         ff:a6:22:f3:b1:60:38:6e:1e:f3:79:eb:99:04:a3:bb:6f:dc:
         4b:8c:d6:09:5c:83:a6:13:1c:78:e8:b9:bd:c8:7b:7f:c6:84:
         3c:10:23:c5:be:ea:e9:93:69:64:59:b6:69:e2:07:03:6d:f8:
         4e:7e:01:ed:62:03:67:d3:61:7c:70:c3:4f:3a:7b:11:ed:61:
         7f:20:1b:ba:df:21:d0:b5:c2:ea:08:6f:f7:c6:0b:43:a9:a2:
         0c:a6:dd:59:6d:89:1a:aa:8c:8f:ab:2a:b0:06:86:28:98:31:
         0f:69:15:80:b0:40:56:86:2e:28:de:82:a4:4d:86:22:d8:bb:
         56:c6:ee:96:68:b7:c2:d8:07:49:eb:9d:be:37:30:99:39:92:
         37:06:8a:99:43:9d:e4:52:5c:4a:7c:5d:5e:d7:7a:01:23:e7:
         0d:76:04:21:86:f7:3f:61:ae:61:42:da:e3:8c:1f:d4:87:38:
         d5:47:c4:d9:c1:34:04:fd:a2:6e:48:79:10:b2:1a:a7:f9:b2:
         4b:ff:09:ae
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUOCMdul6SMzZINcYdlflJlqN6n08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MjkxNzExMDRaFw0yNzA1MjgxNzE2MDRaMDMxMTAvBgNV
BAMTKDBCMEE4RDI4QkY1MjFBQThENzkzOUU5RDA5OEE0REFFOEQ0OEFBNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdRyp+tkxIDRdU7InIlo6RhXN3
1OpwmYL9Jkx3L7n5cuwAcblYxJRm4+TYgckS4PMkm5yr7XvVobnEqnebOhLggs7s
OPTYrwzjstrVfBcwesgVmQhhlIgiSTsFFz/Hbc74PH+GLrHVcjxHPXtdkJ9XUE1m
Nc3eEMGUQP+kUCbPqTPCb4O29NtoTdl5tO+1D+cb9JRJzC2bD3UEKG13apSt0v2J
n4oFD26FZCbZRQSVszOJLtAZMiyMTSposurraxQaSu8N3aO9NSdnbyPs9HlSh71/
8PJum3bI8TTHleORvYLWeIYn/M5qLyzbtL8++WRgr+alw2VpSXwC0SCOE6ORAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUCwqNKL9SGqjXk56dCYpNro1IqnkwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTk3MjEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUovC
AwQAUovMAwQAUovbMA0GCSqGSIb3DQEBCwUAA4IBAQCWk8w9vVt+GjfL9Ww0Lgsl
f/CihG5B8DNnJcluGgwMyalewMceBf+X96RlH69R4JOIU5z4KJf/piLzsWA4bh7z
eeuZBKO7b9xLjNYJXIOmExx46Lm9yHt/xoQ8ECPFvurpk2lkWbZp4gcDbfhOfgHt
YgNn02F8cMNPOnsR7WF/IBu63yHQtcLqCG/3xgtDqaIMpt1ZbYkaqoyPqyqwBoYo
mDEPaRWAsEBWhi4o3oKkTYYi2LtWxu6WaLfC2AdJ652+NzCZOZI3BoqZQ53kUlxK
fF1e13oBI+cNdgQhhvc/Ya5hQtrjjB/UhzjVR8TZwTQE/aJuSHkQshqn+bJL/wmu
-----END CERTIFICATE-----