Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197176.roa
File:                     AS197176.roa (raw, json)
Hash identifier:          VMtVy/clL4tDLroN2DVQoqaIPaQnRm7UoECq+0Yju2w=
Subject key identifier:   FD:3E:B4:6C:D6:2D:CB:38:78:33:4B:E6:CF:37:FC:4D:17:76:28:F8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3E90DE44503D52D27C536C39E4556D61A1A94C89
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197176.roa
Signing time:             Mon 01 Jun 2026 05:31:24 +0000
ROA not before:           Mon 01 Jun 2026 05:26:24 +0000
ROA not after:            Mon 31 May 2027 05:31:24 +0000
asID:                     197176
IP address blocks:        82.47.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:90:de:44:50:3d:52:d2:7c:53:6c:39:e4:55:6d:61:a1:a9:4c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  1 05:26:24 2026 GMT
            Not After : May 31 05:31:24 2027 GMT
        Subject: CN=FD3EB46CD62DCB3878334BE6CF37FC4D177628F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c6:9d:11:94:3a:ef:28:5f:9b:ec:b2:a9:cb:
                    39:36:a8:2a:a5:9b:c4:c2:e4:8b:bc:06:4f:b1:7c:
                    31:03:c8:6c:b9:9e:48:58:26:e8:86:eb:00:99:96:
                    8c:b4:ad:9a:6e:2d:a6:79:75:75:08:21:15:88:fa:
                    3c:fa:07:c8:1d:16:b1:fe:6f:31:c3:26:bf:a5:40:
                    cc:81:a4:12:30:e2:ba:cb:42:03:f6:db:c9:75:ef:
                    0b:64:e9:ce:cd:a1:4e:e4:bc:19:08:fb:d4:1f:bb:
                    7b:21:1a:7f:3a:ab:f7:f3:04:d7:ad:33:f8:3e:86:
                    98:31:f4:eb:e3:2d:f5:dd:f8:70:59:84:69:b7:11:
                    c7:7e:46:d5:05:23:48:1e:0c:e3:31:c2:16:88:43:
                    7a:14:2a:7c:1b:35:f4:1a:66:c8:a7:34:5b:b0:6f:
                    cf:66:b6:9d:c9:5a:9d:54:24:79:f8:7c:ec:ce:ba:
                    bf:89:cd:84:bb:46:20:85:82:c4:2e:8b:21:33:fd:
                    2a:02:df:07:53:8f:b3:eb:8b:d5:92:c7:e0:b7:e6:
                    22:68:d0:91:40:94:03:f1:60:f9:4d:fe:73:70:0e:
                    dd:e5:e4:a4:c0:8c:06:c2:21:f9:a6:44:cc:18:b7:
                    97:18:11:8f:e7:f0:34:a3:98:61:a7:8d:9d:6a:42:
                    d8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:3E:B4:6C:D6:2D:CB:38:78:33:4B:E6:CF:37:FC:4D:17:76:28:F8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197176.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:3f:c1:fd:8b:bd:6d:6e:f6:7e:e5:84:8a:41:25:8f:0a:b2:
         aa:c3:04:27:67:81:b9:c3:a1:30:e4:1c:24:44:c3:c3:7b:7d:
         37:0e:27:81:cd:23:91:f4:d1:9e:bf:c9:0f:8f:b8:4c:26:f1:
         d4:12:2a:c5:ce:33:f0:88:f1:82:79:57:98:a7:97:79:8d:de:
         e2:d2:d0:32:15:d9:74:e5:df:38:81:63:39:e5:30:db:cc:0e:
         98:ea:f9:56:ff:88:3d:8d:b1:c2:2e:66:34:4b:9d:b1:c7:47:
         1b:70:26:a8:37:3b:3f:f8:54:6d:05:55:09:f3:ae:21:e0:d2:
         67:a6:9c:63:a3:cf:39:47:9f:a2:0c:7d:23:fe:a4:21:cf:e2:
         22:d3:c2:ba:3b:11:75:21:0e:33:cb:6a:2c:88:55:6c:6e:1d:
         d0:eb:45:07:08:a4:b3:45:d3:c5:05:5e:31:86:f7:ca:28:51:
         cd:19:62:68:66:af:01:ff:73:8d:64:c8:55:75:75:e4:02:ee:
         a2:ce:05:17:c3:b5:7c:cb:c7:ff:da:58:d6:0e:48:85:9c:7f:
         9a:b1:68:c1:e8:a7:e0:88:36:5c:c1:04:ee:62:a8:97:8c:3b:
         6e:18:37:ca:e7:69:96:89:07:1e:9f:da:73:2f:5f:1e:99:7a:
         37:df:f5:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPpDeRFA9UtJ8U2w55FVtYaGpTIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDEwNTI2MjRaFw0yNzA1MzEwNTMxMjRaMDMxMTAvBgNV
BAMTKEZEM0VCNDZDRDYyRENCMzg3ODMzNEJFNkNGMzdGQzREMTc3NjI4RjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDexp0RlDrvKF+b7LKpyzk2qCql
m8TC5Iu8Bk+xfDEDyGy5nkhYJuiG6wCZloy0rZpuLaZ5dXUIIRWI+jz6B8gdFrH+
bzHDJr+lQMyBpBIw4rrLQgP228l17wtk6c7NoU7kvBkI+9Qfu3shGn86q/fzBNet
M/g+hpgx9OvjLfXd+HBZhGm3Ecd+RtUFI0geDOMxwhaIQ3oUKnwbNfQaZsinNFuw
b89mtp3JWp1UJHn4fOzOur+JzYS7RiCFgsQuiyEz/SoC3wdTj7Pri9WSx+C35iJo
0JFAlAPxYPlN/nNwDt3l5KTAjAbCIfmmRMwYt5cYEY/n8DSjmGGnjZ1qQtjfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/T60bNYtyzh4M0vmzzf8TRd2KPgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk3MTc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUi85
MA0GCSqGSIb3DQEBCwUAA4IBAQBfP8H9i71tbvZ+5YSKQSWPCrKqwwQnZ4G5w6Ew
5BwkRMPDe303DieBzSOR9NGev8kPj7hMJvHUEirFzjPwiPGCeVeYp5d5jd7i0tAy
Fdl05d84gWM55TDbzA6Y6vlW/4g9jbHCLmY0S52xx0cbcCaoNzs/+FRtBVUJ864h
4NJnppxjo885R5+iDH0j/qQhz+Ii08K6OxF1IQ4zy2osiFVsbh3Q60UHCKSzRdPF
BV4xhvfKKFHNGWJoZq8B/3ONZMhVdXXkAu6izgUXw7V8y8f/2ljWDkiFnH+asWjB
6KfgiDZcwQTuYqiXjDtuGDfK52mWiQcen9pzL18emXo33/Ww
-----END CERTIFICATE-----