Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199176.roa
File:                     AS199176.roa (raw, json)
Hash identifier:          xqjiZi2a+1lbW/jnE8kHWpJzBWU5IO+lB9MaPcVcZPk=
Subject key identifier:   FF:36:94:82:F1:1D:37:A2:1D:48:46:2B:4F:70:D8:1B:8A:B3:33:6D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       222F5C50E815995A433ED63419068210A24B8834
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199176.roa
Signing time:             Tue 05 May 2026 14:19:12 +0000
ROA not before:           Tue 05 May 2026 14:14:12 +0000
ROA not after:            Tue 04 May 2027 14:19:12 +0000
asID:                     199176
IP address blocks:        2.57.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 May 2026 02:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:2f:5c:50:e8:15:99:5a:43:3e:d6:34:19:06:82:10:a2:4b:88:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  5 14:14:12 2026 GMT
            Not After : May  4 14:19:12 2027 GMT
        Subject: CN=FF369482F11D37A21D48462B4F70D81B8AB3336D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6f:5c:c4:43:0f:a9:eb:b6:c5:46:a7:a1:da:
                    99:11:1f:7d:c3:b7:34:0a:09:5a:78:c7:cf:2e:13:
                    ed:9d:d8:fb:38:e0:ec:1c:fd:04:94:5f:35:fa:09:
                    a2:29:d0:7f:aa:77:87:30:9f:49:4a:0d:6e:81:97:
                    61:40:16:98:31:04:59:73:85:dc:37:46:e9:be:10:
                    11:21:7b:d2:6e:7f:5f:d1:b2:4b:15:05:8c:40:bb:
                    05:35:24:9a:14:90:6c:2c:8b:17:a4:9a:ae:60:6b:
                    cb:7a:ed:20:8a:c3:e4:82:23:ce:b3:aa:c3:9d:7b:
                    16:12:d7:4f:1b:fe:b1:9e:03:e5:96:54:10:6a:d4:
                    e4:9e:54:03:2b:58:7a:0c:1c:91:49:40:fc:19:46:
                    34:6a:98:4b:1a:0e:7f:d4:80:1d:35:76:51:49:a4:
                    8a:47:f0:a7:79:fb:ee:1d:11:e2:78:bf:b4:87:06:
                    58:69:81:d2:bd:99:c3:cd:3f:27:8e:ef:ff:56:83:
                    fa:17:be:af:fe:7b:de:fd:a6:d1:1d:a8:09:81:e4:
                    7e:d7:ef:aa:05:a1:47:ca:a3:76:8c:1b:13:1e:2d:
                    0e:f4:6b:8d:04:b3:28:54:cc:43:8d:6a:c9:2b:e2:
                    66:89:54:9e:10:bb:d1:b3:7a:78:1a:a1:9c:ed:64:
                    bc:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:36:94:82:F1:1D:37:A2:1D:48:46:2B:4F:70:D8:1B:8A:B3:33:6D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199176.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:06:73:8e:8a:b8:fe:6c:f7:77:bf:4f:6e:6a:c9:42:d8:6c:
         56:97:8a:dd:7a:c8:fc:d1:68:ea:3e:a1:2f:8d:ab:a2:eb:5a:
         e6:b9:f8:50:4c:e8:0d:9b:c0:ef:52:af:d3:66:da:a2:fe:83:
         86:a6:ab:25:f8:96:db:ad:5a:7d:5a:ca:23:f7:70:f5:72:59:
         a4:de:60:ac:65:a6:ec:32:ad:38:37:cb:00:17:e4:d2:ad:a9:
         68:71:72:69:da:0c:0c:2d:e0:e8:ea:09:dd:ac:26:a1:9a:4e:
         e4:0e:cc:3c:83:37:bf:95:8a:46:49:24:b2:4a:f6:2e:89:84:
         be:ba:ce:4e:42:5a:cd:da:37:51:a3:76:bb:a8:9b:6d:f2:c2:
         83:7c:70:be:a2:13:bb:3c:42:de:20:42:55:7b:06:1b:33:c0:
         2c:3f:53:1e:9d:67:46:05:ab:0f:1c:2a:ed:ae:a5:73:a9:69:
         26:3d:0e:a1:96:63:54:b9:ec:fd:e8:17:38:77:15:21:65:36:
         13:f5:1f:3a:21:eb:14:e8:1a:f8:2e:57:98:7d:66:65:15:d5:
         be:66:1a:4d:45:26:98:23:d1:79:ae:50:02:bb:9d:79:88:a0:
         79:79:ea:97:40:e2:ae:74:ef:98:4a:23:6a:3f:2a:56:f3:d8:
         1b:ca:a5:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIi9cUOgVmVpDPtY0GQaCEKJLiDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDUxNDE0MTJaFw0yNzA1MDQxNDE5MTJaMDMxMTAvBgNV
BAMTKEZGMzY5NDgyRjExRDM3QTIxRDQ4NDYyQjRGNzBEODFCOEFCMzMzNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCb1zEQw+p67bFRqeh2pkRH33D
tzQKCVp4x88uE+2d2Ps44Owc/QSUXzX6CaIp0H+qd4cwn0lKDW6Bl2FAFpgxBFlz
hdw3Rum+EBEhe9Juf1/RsksVBYxAuwU1JJoUkGwsixekmq5ga8t67SCKw+SCI86z
qsOdexYS108b/rGeA+WWVBBq1OSeVAMrWHoMHJFJQPwZRjRqmEsaDn/UgB01dlFJ
pIpH8Kd5++4dEeJ4v7SHBlhpgdK9mcPNPyeO7/9Wg/oXvq/+e979ptEdqAmB5H7X
76oFoUfKo3aMGxMeLQ70a40EsyhUzEONaskr4maJVJ4Qu9GzengaoZztZLylAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/zaUgvEdN6IdSEYrT3DYG4qzM20wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5MTc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkS
MA0GCSqGSIb3DQEBCwUAA4IBAQCTBnOOirj+bPd3v09uaslC2GxWl4rdesj80Wjq
PqEvjaui61rmufhQTOgNm8DvUq/TZtqi/oOGpqsl+JbbrVp9Wsoj93D1clmk3mCs
ZabsMq04N8sAF+TSralocXJp2gwMLeDo6gndrCahmk7kDsw8gze/lYpGSSSySvYu
iYS+us5OQlrN2jdRo3a7qJtt8sKDfHC+ohO7PELeIEJVewYbM8AsP1MenWdGBasP
HCrtrqVzqWkmPQ6hlmNUuez96Bc4dxUhZTYT9R86IesU6Br4LleYfWZlFdW+ZhpN
RSaYI9F5rlACu515iKB5eeqXQOKudO+YSiNqPypW89gbyqVS
-----END CERTIFICATE-----