Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS219390.roa
File:                     AS219390.roa (raw, json)
Hash identifier:          HCx7ICrmsUD0x6b6a65jzjY6bgf2NbOJVg2LMzsGocw=
Subject key identifier:   19:A1:41:0E:EF:D6:E0:5B:E6:B5:86:CF:F9:9E:2D:E6:F8:0A:F4:96
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       6CD9C5037A80747972DEC5BB0E2258A1CE1C81E0
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS219390.roa
Signing time:             Mon 22 Jun 2026 08:00:06 +0000
ROA not before:           Mon 22 Jun 2026 07:55:06 +0000
ROA not after:            Mon 21 Jun 2027 08:00:06 +0000
asID:                     219390
IP address blocks:        185.231.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 07:25:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:d9:c5:03:7a:80:74:79:72:de:c5:bb:0e:22:58:a1:ce:1c:81:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Jun 22 07:55:06 2026 GMT
            Not After : Jun 21 08:00:06 2027 GMT
        Subject: CN=19A1410EEFD6E05BE6B586CFF99E2DE6F80AF496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6a:55:0a:1c:5e:42:70:54:20:01:e4:c4:99:
                    92:ab:f6:ee:61:77:c3:5a:9c:91:3f:61:53:3f:01:
                    a0:1b:b9:46:56:e2:b7:47:4a:90:34:08:c2:92:68:
                    e7:92:6f:23:0d:9b:c3:15:37:93:b4:85:0f:c9:bb:
                    fd:7a:45:75:dd:bc:0c:f7:52:b7:3f:d2:56:f9:18:
                    82:7b:d9:60:d2:73:d0:b2:03:3c:20:f8:1d:81:2d:
                    42:e5:f9:bd:3c:51:7c:40:65:8c:90:e8:8a:8a:79:
                    64:49:32:49:b2:e2:41:38:83:de:2e:68:0a:20:47:
                    2e:65:7e:8b:38:fe:93:c9:93:0c:02:e0:1d:a3:4d:
                    dd:09:1e:36:44:12:95:0f:5c:40:64:3e:46:7c:62:
                    e2:6c:f9:f7:86:34:27:50:21:6b:99:d6:f8:2f:98:
                    84:8a:9e:31:fd:ca:d6:01:28:f0:f7:79:92:88:02:
                    18:81:cf:94:70:ca:78:f5:89:b2:61:4a:0e:e1:9d:
                    7b:c7:70:7f:0b:68:f8:b8:a9:d5:0b:e1:ac:15:62:
                    db:62:cc:f4:bd:09:63:8f:04:2f:d8:4c:b6:06:14:
                    9c:f4:60:5d:bf:91:70:bf:69:a0:e3:9f:bf:be:00:
                    bd:ea:02:67:ff:35:91:9d:90:20:0b:b1:ef:f9:ad:
                    8c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A1:41:0E:EF:D6:E0:5B:E6:B5:86:CF:F9:9E:2D:E6:F8:0A:F4:96
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS219390.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:a9:b5:17:c7:d0:51:f2:86:23:66:4f:56:e7:5f:e7:85:44:
         e3:30:fa:d4:6b:6e:be:c0:ad:2c:7a:e2:07:5e:6c:70:9f:29:
         2f:76:8a:29:f0:dc:da:61:d7:65:6c:22:67:78:b2:aa:87:67:
         dd:f3:17:78:55:b7:56:0a:3f:7d:b0:7d:a0:cb:32:f1:9e:3d:
         3b:3e:3d:0f:7a:3d:de:ac:1e:09:2c:5d:bd:28:bb:90:5f:cb:
         0d:24:f2:ce:91:86:4f:26:0e:ed:2d:b8:56:0e:f4:da:d4:bf:
         35:60:29:5b:16:d8:c5:b4:c8:34:8d:cf:6f:35:c0:c7:5f:95:
         61:66:98:25:4d:93:62:04:b3:31:e8:37:6e:23:01:a4:26:7f:
         04:90:4d:dd:55:d6:34:5b:f0:96:9c:f1:a1:ab:07:d7:17:cd:
         be:39:1a:5c:0a:cf:2e:c1:a6:11:d9:9b:d6:03:70:e9:cb:43:
         ff:bb:fe:14:49:8a:ef:33:2e:93:a9:7c:74:7f:ef:d9:e5:cc:
         dc:89:61:31:d2:9a:5d:8f:c3:86:98:d8:d6:2d:cf:b3:15:f9:
         93:43:ee:c2:d1:f9:4f:f2:66:24:82:d8:36:de:33:cf:08:0c:
         3e:eb:ec:83:e2:85:67:45:1e:50:6c:b6:32:1f:5c:f1:d3:0b:
         d4:39:5c:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbNnFA3qAdHly3sW7DiJYoc4cgeAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA2MjIwNzU1MDZaFw0yNzA2MjEwODAwMDZaMDMxMTAvBgNV
BAMTKDE5QTE0MTBFRUZENkUwNUJFNkI1ODZDRkY5OUUyREU2RjgwQUY0OTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgalUKHF5CcFQgAeTEmZKr9u5h
d8NanJE/YVM/AaAbuUZW4rdHSpA0CMKSaOeSbyMNm8MVN5O0hQ/Ju/16RXXdvAz3
Urc/0lb5GIJ72WDSc9CyAzwg+B2BLULl+b08UXxAZYyQ6IqKeWRJMkmy4kE4g94u
aAogRy5lfos4/pPJkwwC4B2jTd0JHjZEEpUPXEBkPkZ8YuJs+feGNCdQIWuZ1vgv
mISKnjH9ytYBKPD3eZKIAhiBz5Rwynj1ibJhSg7hnXvHcH8LaPi4qdUL4awVYtti
zPS9CWOPBC/YTLYGFJz0YF2/kXC/aaDjn7++AL3qAmf/NZGdkCALse/5rYylAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGaFBDu/W4FvmtYbP+Z4t5vgK9JYwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjE5MzkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuefh
MA0GCSqGSIb3DQEBCwUAA4IBAQBHqbUXx9BR8oYjZk9W51/nhUTjMPrUa26+wK0s
euIHXmxwnykvdoop8NzaYddlbCJneLKqh2fd8xd4VbdWCj99sH2gyzLxnj07Pj0P
ej3erB4JLF29KLuQX8sNJPLOkYZPJg7tLbhWDvTa1L81YClbFtjFtMg0jc9vNcDH
X5VhZpglTZNiBLMx6DduIwGkJn8EkE3dVdY0W/CWnPGhqwfXF82+ORpcCs8uwaYR
2ZvWA3Dpy0P/u/4USYrvMy6TqXx0f+/Z5czciWEx0ppdj8OGmNjWLc+zFfmTQ+7C
0flP8mYkgtg23jPPCAw+6+yD4oVnRR5QbLYyH1zx0wvUOVzx
-----END CERTIFICATE-----