Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS199929.roa
File:                     AS199929.roa (raw, json)
Hash identifier:          Qj6/MViBPAOxSNW6gi96cKBCTbPaVVcRMXEzbXmfq3M=
Subject key identifier:   DC:BF:1D:40:2D:26:CC:D3:BD:53:42:BA:5F:3F:87:C6:9F:C8:8E:44
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       7F4AB613BD056080D77B7347CA4213B2B58B12A3
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS199929.roa
Signing time:             Fri 24 Apr 2026 06:44:43 +0000
ROA not before:           Fri 24 Apr 2026 06:39:43 +0000
ROA not after:            Fri 23 Apr 2027 06:44:43 +0000
asID:                     199929
IP address blocks:        31.40.197.0/24 maxlen: 24
                          31.40.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:4a:b6:13:bd:05:60:80:d7:7b:73:47:ca:42:13:b2:b5:8b:12:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr 24 06:39:43 2026 GMT
            Not After : Apr 23 06:44:43 2027 GMT
        Subject: CN=DCBF1D402D26CCD3BD5342BA5F3F87C69FC88E44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:73:47:9f:7d:ab:04:aa:2f:02:ba:28:38:09:
                    e8:e4:53:7a:76:b6:d0:5c:42:0b:9c:a9:c8:53:67:
                    8a:8a:f6:26:44:3b:61:c0:6d:bd:ad:0b:da:42:f8:
                    4e:1b:9f:3c:9b:ea:70:a0:76:96:cb:52:66:ef:c8:
                    9d:ab:6e:c3:1d:d9:c9:55:d2:bc:8b:0c:6d:29:7b:
                    84:1a:71:b0:c1:d6:26:8d:51:2e:72:35:1a:a8:52:
                    72:e1:f1:bb:d9:b2:c9:dd:e1:49:59:45:5c:b6:c8:
                    11:98:d0:30:81:9c:a4:36:70:80:03:4d:6a:86:e4:
                    2c:38:c7:63:3a:d3:24:89:88:a3:3b:a0:8d:55:10:
                    de:2b:bb:1d:f5:47:37:d3:8f:84:f4:4d:68:bf:92:
                    c0:49:59:09:97:39:a3:4b:3d:84:11:3e:2a:3a:28:
                    e7:88:55:6d:90:2b:04:80:4e:91:2a:cd:14:e3:10:
                    ae:55:62:b4:58:e6:4a:17:fb:8d:5e:82:68:c3:c8:
                    ab:c4:72:95:0a:0f:41:d8:cd:7d:a0:ed:88:f2:0f:
                    af:47:91:ab:95:ba:25:1f:f5:0c:53:2e:1c:08:fc:
                    4d:99:30:f1:a9:85:45:fa:e3:d2:a9:62:a6:6c:ec:
                    1c:6b:87:23:72:58:62:35:cf:ae:30:e7:28:8e:cc:
                    34:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BF:1D:40:2D:26:CC:D3:BD:53:42:BA:5F:3F:87:C6:9F:C8:8E:44
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS199929.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.197.0/24
                  31.40.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:c0:e7:e2:06:80:78:98:56:64:a3:b6:c3:a4:00:36:01:6b:
         ab:40:12:12:d0:88:c4:56:8c:b3:54:83:1f:94:30:39:d7:09:
         ac:b6:26:39:56:6b:1e:70:17:17:4d:56:24:8d:30:2f:32:9d:
         a2:b0:9a:80:9c:0b:d6:b7:4c:ce:e0:29:79:27:bf:78:e2:81:
         3c:49:1d:fb:84:00:18:a1:da:62:21:33:4c:13:22:ac:a5:d5:
         2f:50:82:fc:e1:58:67:5b:75:26:9b:ef:04:93:1a:52:17:ce:
         72:d7:67:26:f0:9c:7d:90:74:5f:9e:de:ab:89:9f:43:06:88:
         f5:a1:03:46:c2:5e:8d:42:d2:2d:45:09:28:3e:8e:3b:84:ba:
         27:13:36:9e:7b:54:87:7a:d1:64:86:79:09:d4:c6:cb:0a:c0:
         11:1e:64:ab:e8:1b:ec:d6:4a:2c:44:24:f7:02:70:64:45:a0:
         ad:7d:db:4c:49:da:bc:b5:52:19:3f:88:53:38:75:9d:07:07:
         7f:81:24:0d:16:43:18:44:18:47:3b:a4:79:b8:79:13:63:98:
         22:87:f1:7a:0b:02:8c:c7:22:4b:0e:e8:be:81:76:e0:19:e4:
         23:fd:b3:29:92:20:33:80:17:88:a1:16:86:59:c6:64:10:ec:
         96:15:ea:40
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUf0q2E70FYIDXe3NHykITsrWLEqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MjQwNjM5NDNaFw0yNzA0MjMwNjQ0NDNaMDMxMTAvBgNV
BAMTKERDQkYxRDQwMkQyNkNDRDNCRDUzNDJCQTVGM0Y4N0M2OUZDODhFNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwc0effasEqi8Cuig4CejkU3p2
ttBcQgucqchTZ4qK9iZEO2HAbb2tC9pC+E4bnzyb6nCgdpbLUmbvyJ2rbsMd2clV
0ryLDG0pe4QacbDB1iaNUS5yNRqoUnLh8bvZssnd4UlZRVy2yBGY0DCBnKQ2cIAD
TWqG5Cw4x2M60ySJiKM7oI1VEN4rux31RzfTj4T0TWi/ksBJWQmXOaNLPYQRPio6
KOeIVW2QKwSATpEqzRTjEK5VYrRY5koX+41egmjDyKvEcpUKD0HYzX2g7YjyD69H
kauVuiUf9QxTLhwI/E2ZMPGphUX649KpYqZs7BxrhyNyWGI1z64w5yiOzDRLAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU3L8dQC0mzNO9U0K6Xz+Hxp/IjkQwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMTk5OTI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyjF
AwQAHyjPMA0GCSqGSIb3DQEBCwUAA4IBAQAxwOfiBoB4mFZko7bDpAA2AWurQBIS
0IjEVoyzVIMflDA51wmstiY5VmsecBcXTVYkjTAvMp2isJqAnAvWt0zO4Cl5J794
4oE8SR37hAAYodpiITNMEyKspdUvUIL84VhnW3Umm+8EkxpSF85y12cm8Jx9kHRf
nt6riZ9DBoj1oQNGwl6NQtItRQkoPo47hLonEzaee1SHetFkhnkJ1MbLCsARHmSr
6Bvs1kosRCT3AnBkRaCtfdtMSdq8tVIZP4hTOHWdBwd/gSQNFkMYRBhHO6R5uHkT
Y5gih/F6CwKMxyJLDui+gXbgGeQj/bMpkiAzgBeIoRaGWcZkEOyWFepA
-----END CERTIFICATE-----