Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197167.roa
File:                     AS197167.roa (raw, json)
Hash identifier:          jP/OLK4MS0PGPqglLZTX6sdae8xuqcMu4EvWYPCtx00=
Subject key identifier:   0C:0C:88:85:A9:EB:27:AE:98:68:AF:88:53:46:38:A0:AA:B4:1B:66
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       24AD8A66EC3EA516EF665EFBE11A09D959889385
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197167.roa
Signing time:             Tue 07 Oct 2025 12:05:43 +0000
ROA not before:           Tue 07 Oct 2025 12:00:43 +0000
ROA not after:            Tue 06 Oct 2026 12:05:43 +0000
asID:                     197167
IP address blocks:        82.22.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:ad:8a:66:ec:3e:a5:16:ef:66:5e:fb:e1:1a:09:d9:59:88:93:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct  7 12:00:43 2025 GMT
            Not After : Oct  6 12:05:43 2026 GMT
        Subject: CN=0C0C8885A9EB27AE9868AF88534638A0AAB41B66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:2f:88:8d:5d:b7:05:e4:f1:4f:08:8b:33:40:
                    30:56:62:1e:39:d0:cd:08:1a:ba:f7:eb:65:54:59:
                    38:9c:c8:cd:b9:98:d3:ff:e5:11:db:62:f4:7b:ae:
                    ca:be:c6:f6:c0:c0:6f:a0:28:36:8f:11:0f:49:21:
                    89:fd:cd:66:36:43:4e:98:4b:92:1f:0b:04:81:88:
                    5c:b6:52:13:47:f7:99:ed:8c:75:74:a6:79:1a:1e:
                    cd:98:1b:0e:c1:56:4c:f9:ac:2c:b9:d1:dd:0a:23:
                    c0:9c:c6:a0:da:ea:cd:55:e8:20:cb:f0:4e:c3:39:
                    a5:21:65:71:b1:0b:f8:0f:97:f7:3f:9c:41:19:d2:
                    e9:4a:43:6a:e6:fb:cd:e2:e6:ec:b2:c0:6d:e9:d8:
                    2e:95:3c:4f:f1:be:ca:86:83:75:78:1a:b0:b9:93:
                    3d:09:25:06:5a:e6:f2:f3:1e:dd:31:19:37:2c:a6:
                    aa:45:a5:0b:21:c0:a1:2b:56:97:1f:1c:51:37:c8:
                    3f:a6:73:55:7c:80:2a:d6:21:1c:ba:d8:c0:bd:37:
                    67:3c:41:48:2c:46:3c:7b:0b:a5:df:17:65:3c:c4:
                    58:7f:a0:30:6c:b3:aa:8c:0b:a0:2e:3b:d5:27:cb:
                    70:b5:2d:e5:bb:f4:57:e8:30:11:47:45:0d:d0:cf:
                    b4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:0C:88:85:A9:EB:27:AE:98:68:AF:88:53:46:38:A0:AA:B4:1B:66
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197167.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:90:03:07:a3:8e:12:5b:5e:8e:d4:f9:d1:64:a3:ab:54:f4:
         8d:f8:3c:3e:d3:c1:a0:ac:a9:6f:1b:cf:34:21:e2:fd:6e:6c:
         70:18:c3:9f:ca:80:cc:42:10:d5:6a:df:36:7e:f9:75:01:f1:
         e0:28:4f:5a:c4:ee:56:c4:83:21:c8:52:55:40:f1:28:fd:18:
         d1:bc:63:6a:fe:b9:16:d4:45:b6:e0:14:2d:36:94:99:8f:ae:
         c8:7a:0b:7a:a0:04:ef:9b:23:68:3c:d6:96:64:7e:79:4d:a3:
         1e:7d:d7:92:91:68:10:69:5c:32:2d:93:3b:0d:f6:67:a7:f8:
         95:49:43:3e:2d:49:5d:80:9b:be:48:23:31:87:98:23:3d:57:
         2e:6b:b9:05:ce:c7:34:8b:27:e3:3d:8d:6e:2f:04:22:bc:b9:
         d1:f4:0b:9f:df:ea:4d:cd:16:db:03:bf:8a:53:39:b0:23:54:
         84:4d:a4:5c:69:81:de:5a:f0:70:79:3a:3d:21:f2:b2:76:96:
         44:20:5e:7a:10:10:13:87:20:72:f6:5a:4c:8e:44:0f:3b:d5:
         d7:55:86:1c:88:90:cd:73:80:fa:7f:9a:95:33:17:72:3f:dc:
         1f:e8:2e:a4:a3:2a:de:7b:71:11:e2:18:4b:a8:5b:68:87:c9:
         90:8b:14:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJK2KZuw+pRbvZl774RoJ2VmIk4UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMDcxMjAwNDNaFw0yNjEwMDYxMjA1NDNaMDMxMTAvBgNV
BAMTKDBDMEM4ODg1QTlFQjI3QUU5ODY4QUY4ODUzNDYzOEEwQUFCNDFCNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkL4iNXbcF5PFPCIszQDBWYh45
0M0IGrr362VUWTicyM25mNP/5RHbYvR7rsq+xvbAwG+gKDaPEQ9JIYn9zWY2Q06Y
S5IfCwSBiFy2UhNH95ntjHV0pnkaHs2YGw7BVkz5rCy50d0KI8CcxqDa6s1V6CDL
8E7DOaUhZXGxC/gPl/c/nEEZ0ulKQ2rm+83i5uyywG3p2C6VPE/xvsqGg3V4GrC5
kz0JJQZa5vLzHt0xGTcspqpFpQshwKErVpcfHFE3yD+mc1V8gCrWIRy62MC9N2c8
QUgsRjx7C6XfF2U8xFh/oDBss6qMC6AuO9Uny3C1LeW79FfoMBFHRQ3Qz7SHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDAyIhanrJ66YaK+IU0Y4oKq0G2YwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk3MTY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUha+
MA0GCSqGSIb3DQEBCwUAA4IBAQCGkAMHo44SW16O1PnRZKOrVPSN+Dw+08GgrKlv
G880IeL9bmxwGMOfyoDMQhDVat82fvl1AfHgKE9axO5WxIMhyFJVQPEo/RjRvGNq
/rkW1EW24BQtNpSZj67Iegt6oATvmyNoPNaWZH55TaMefdeSkWgQaVwyLZM7DfZn
p/iVSUM+LUldgJu+SCMxh5gjPVcua7kFzsc0iyfjPY1uLwQivLnR9Auf3+pNzRbb
A7+KUzmwI1SETaRcaYHeWvBweTo9IfKydpZEIF56EBAThyBy9lpMjkQPO9XXVYYc
iJDNc4D6f5qVMxdyP9wf6C6koyree3ER4hhLqFtoh8mQixSn
-----END CERTIFICATE-----