Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199186.roa
File:                     AS199186.roa (raw, json)
Hash identifier:          nYA4Xet+dDtjxOdXuYlaQGN4ffmm0QZCjOIZdakkR84=
Subject key identifier:   AA:CB:C6:3D:D8:CB:EE:0E:7F:C8:90:BE:EE:F3:B6:CB:C4:1C:E0:9C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2913E24C3BFAC0AAA2836F2F1E2B5D3AF706761A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199186.roa
Signing time:             Sun 24 May 2026 09:09:45 +0000
ROA not before:           Sun 24 May 2026 09:04:45 +0000
ROA not after:            Sun 23 May 2027 09:09:45 +0000
asID:                     199186
IP address blocks:        191.96.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:13:e2:4c:3b:fa:c0:aa:a2:83:6f:2f:1e:2b:5d:3a:f7:06:76:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 24 09:04:45 2026 GMT
            Not After : May 23 09:09:45 2027 GMT
        Subject: CN=AACBC63DD8CBEE0E7FC890BEEEF3B6CBC41CE09C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:90:4b:77:f9:18:09:c6:f1:bb:29:73:0b:2d:
                    10:8d:cb:ae:05:10:28:9d:69:89:c5:35:7a:4b:ab:
                    6b:4a:cc:78:ce:c7:cc:46:ad:54:1d:c3:f5:a6:9e:
                    51:36:4d:a0:cd:4c:e4:b1:14:bf:4e:86:5d:8d:8a:
                    14:cd:2b:0d:51:f1:71:cb:2b:13:7e:e3:5b:98:08:
                    97:fb:f1:57:7f:a4:12:88:70:64:6c:5b:50:a6:94:
                    b9:5b:c4:83:fd:70:b0:49:26:30:2b:89:bf:fd:36:
                    37:b4:3e:5d:8d:a2:f1:77:4f:98:99:65:36:0b:39:
                    a2:e9:67:6a:18:9e:49:4d:58:f7:89:2e:16:59:4e:
                    14:67:79:ba:1b:0b:ef:c9:93:ce:5b:18:fc:50:f2:
                    a7:89:98:c4:db:67:71:b4:6e:0b:c6:21:0b:04:db:
                    40:62:f0:d2:31:16:cb:c1:a4:5b:c6:f2:e2:99:93:
                    2e:02:0a:63:36:c2:45:64:b1:31:a5:97:46:ea:6d:
                    84:bb:59:77:29:3f:34:ba:23:db:25:15:1d:2a:0d:
                    97:e9:93:ad:32:8a:33:3d:79:27:ce:f9:b8:ef:45:
                    7d:1e:d6:99:8c:7d:84:f4:df:4a:c4:e2:4b:9d:87:
                    eb:5c:26:3b:87:66:1d:e5:11:7e:c5:86:50:4f:d7:
                    ec:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:CB:C6:3D:D8:CB:EE:0E:7F:C8:90:BE:EE:F3:B6:CB:C4:1C:E0:9C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199186.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:61:82:8e:15:be:16:06:f1:14:86:d9:48:a3:5a:51:dd:e5:
         e2:0e:a2:58:fe:a0:0f:ea:59:53:5e:5a:70:2e:a3:b8:ca:e6:
         cf:a0:32:90:aa:c9:08:24:ce:2c:a9:1c:db:2c:8c:7d:1f:0d:
         ec:47:00:57:7c:92:60:80:1b:ad:30:7b:c4:77:66:91:57:8d:
         fd:ce:ab:f7:b6:13:52:8a:01:4c:77:c8:6a:3e:7c:df:4c:5a:
         84:b7:d6:2a:58:aa:40:4e:79:de:c4:91:ae:8c:d6:e0:a1:2e:
         cc:2a:50:61:fe:40:3d:12:a9:dc:50:7d:d5:dc:92:dd:7e:17:
         9c:df:fa:1d:98:07:a8:ce:06:66:24:bf:4c:a5:ef:da:90:6d:
         1e:c8:fa:df:d8:eb:b1:5e:96:64:56:f7:19:e1:19:d6:ca:25:
         97:aa:46:ab:2a:aa:cc:ff:e0:2c:b0:69:67:40:7d:57:d0:f8:
         e0:39:cb:39:53:ac:77:fb:68:33:3e:1d:ca:a1:1b:8e:f7:cd:
         87:0a:08:92:94:9e:e6:0d:62:a5:5b:39:20:b5:f2:a4:3a:4a:
         7b:ea:44:fd:f2:b5:a2:fa:f5:cf:5d:db:d4:f9:63:a8:45:98:
         5b:2f:cb:a8:0a:e6:e7:c2:69:ca:ad:e4:4d:79:25:71:6a:7e:
         f7:15:fc:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKRPiTDv6wKqig28vHitdOvcGdhowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjQwOTA0NDVaFw0yNzA1MjMwOTA5NDVaMDMxMTAvBgNV
BAMTKEFBQ0JDNjNERDhDQkVFMEU3RkM4OTBCRUVFRjNCNkNCQzQxQ0UwOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwkEt3+RgJxvG7KXMLLRCNy64F
ECidaYnFNXpLq2tKzHjOx8xGrVQdw/WmnlE2TaDNTOSxFL9Ohl2NihTNKw1R8XHL
KxN+41uYCJf78Vd/pBKIcGRsW1CmlLlbxIP9cLBJJjArib/9Nje0Pl2NovF3T5iZ
ZTYLOaLpZ2oYnklNWPeJLhZZThRnebobC+/Jk85bGPxQ8qeJmMTbZ3G0bgvGIQsE
20Bi8NIxFsvBpFvG8uKZky4CCmM2wkVksTGll0bqbYS7WXcpPzS6I9slFR0qDZfp
k60yijM9eSfO+bjvRX0e1pmMfYT030rE4kudh+tcJjuHZh3lEX7FhlBP1+zJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqsvGPdjL7g5/yJC+7vO2y8Qc4JwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5MTg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Bj
MA0GCSqGSIb3DQEBCwUAA4IBAQBJYYKOFb4WBvEUhtlIo1pR3eXiDqJY/qAP6llT
XlpwLqO4yubPoDKQqskIJM4sqRzbLIx9Hw3sRwBXfJJggButMHvEd2aRV439zqv3
thNSigFMd8hqPnzfTFqEt9YqWKpATnnexJGujNbgoS7MKlBh/kA9EqncUH3V3JLd
fhec3/odmAeozgZmJL9Mpe/akG0eyPrf2OuxXpZkVvcZ4RnWyiWXqkarKqrM/+As
sGlnQH1X0PjgOcs5U6x3+2gzPh3KoRuO982HCgiSlJ7mDWKlWzkgtfKkOkp76kT9
8rWi+vXPXdvU+WOoRZhbL8uoCubnwmnKreRNeSVxan73Ffws
-----END CERTIFICATE-----