Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197284.roa
File:                     AS197284.roa (raw, json)
Hash identifier:          WyBor1BPJN5U9ou2DzEoBMQ+H5ocnzJBA37Cm8ipqME=
Subject key identifier:   CF:60:C4:F0:26:50:FE:E2:EF:44:14:C6:A1:4C:82:D4:07:C8:B2:0E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1028667F88B6428CB99A0152E2CA6A61761F3C19
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197284.roa
Signing time:             Thu 28 May 2026 10:50:05 +0000
ROA not before:           Thu 28 May 2026 10:45:05 +0000
ROA not after:            Thu 27 May 2027 10:50:05 +0000
asID:                     197284
IP address blocks:        2a13:9500:183::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:28:66:7f:88:b6:42:8c:b9:9a:01:52:e2:ca:6a:61:76:1f:3c:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 28 10:45:05 2026 GMT
            Not After : May 27 10:50:05 2027 GMT
        Subject: CN=CF60C4F02650FEE2EF4414C6A14C82D407C8B20E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9b:36:99:68:87:de:92:a4:88:c6:fc:c1:44:
                    1c:b8:22:16:cd:97:a0:40:8c:c3:43:2e:87:7b:33:
                    39:09:ea:b1:61:a5:68:86:76:93:d1:58:53:bb:ec:
                    14:3c:85:a4:de:06:37:ed:f8:36:38:5e:f2:60:ad:
                    ae:a8:4c:43:95:ff:bc:de:8b:09:80:83:2f:46:d3:
                    da:cd:d3:1f:fa:53:b1:19:17:6b:34:8b:46:2a:86:
                    db:eb:cc:1c:b7:24:c5:20:41:a6:53:10:8d:0a:10:
                    4c:35:5b:97:10:74:1d:d8:fc:b8:ba:87:5f:81:df:
                    44:8e:7f:93:61:79:1b:6f:93:f4:9c:7f:56:de:80:
                    53:7a:31:eb:c2:e5:80:99:00:c1:d3:db:97:23:14:
                    3b:f0:44:53:df:47:a2:0f:6f:61:d2:67:41:bd:9c:
                    5c:d6:49:0b:88:77:de:cc:d3:c4:04:00:4c:64:6a:
                    0c:9b:ab:64:48:8e:ac:2e:c9:a9:8f:62:04:e1:36:
                    f7:c3:6d:14:c1:06:94:13:03:a7:7b:f9:5b:42:33:
                    65:48:b7:9e:22:25:10:51:f3:16:e3:43:a3:fe:6e:
                    69:8d:3f:58:df:5f:e5:ac:2c:6c:e4:e3:e5:4b:d1:
                    15:13:0e:7f:d4:cf:a6:78:2d:34:56:95:a6:be:47:
                    6c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:60:C4:F0:26:50:FE:E2:EF:44:14:C6:A1:4C:82:D4:07:C8:B2:0E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197284.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:183::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:8f:1e:32:8f:1c:66:52:1f:50:3b:ee:29:6b:98:9a:56:8d:
         b8:a6:6a:6f:44:15:2e:bc:9f:37:33:e5:2f:08:c7:38:fb:8e:
         b9:01:ca:b0:54:4e:61:b1:9a:27:21:50:bc:ea:8a:2c:1a:fb:
         8c:0c:ba:ff:de:12:d3:c5:81:cf:9d:cb:d6:d1:d2:4f:00:66:
         5a:8b:73:0a:98:f3:2c:62:69:57:e0:b4:d0:c1:3f:d0:5f:43:
         eb:12:bf:a8:5c:dd:47:8d:1e:b7:9a:07:52:2c:a5:67:d2:d6:
         11:06:93:61:85:76:86:aa:c3:c1:41:db:9d:23:da:2b:a3:f1:
         a7:c3:00:6c:b8:31:51:82:4a:09:0b:2c:f9:cd:a1:ed:74:10:
         31:66:f4:35:15:15:bb:8c:b0:41:41:0e:33:48:47:5c:ac:de:
         4d:25:4a:ad:4b:39:53:17:65:0c:e1:7a:90:25:1b:a9:17:14:
         35:8d:17:9c:a5:01:98:b4:0b:32:d9:ae:63:09:de:15:8b:61:
         a2:83:03:26:2d:21:20:17:79:d3:df:18:30:38:25:20:a6:86:
         c3:87:02:08:58:ad:b8:6a:a5:6a:67:84:a8:fa:e2:23:37:50:
         c8:63:e9:9d:5e:5c:16:20:85:4a:e4:b2:0a:7b:e4:b0:ff:c7:
         ec:80:a6:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEChmf4i2Qoy5mgFS4spqYXYfPBkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjgxMDQ1MDVaFw0yNzA1MjcxMDUwMDVaMDMxMTAvBgNV
BAMTKENGNjBDNEYwMjY1MEZFRTJFRjQ0MTRDNkExNEM4MkQ0MDdDOEIyMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkmzaZaIfekqSIxvzBRBy4IhbN
l6BAjMNDLod7MzkJ6rFhpWiGdpPRWFO77BQ8haTeBjft+DY4XvJgra6oTEOV/7ze
iwmAgy9G09rN0x/6U7EZF2s0i0YqhtvrzBy3JMUgQaZTEI0KEEw1W5cQdB3Y/Li6
h1+B30SOf5NheRtvk/Scf1begFN6MevC5YCZAMHT25cjFDvwRFPfR6IPb2HSZ0G9
nFzWSQuId97M08QEAExkagybq2RIjqwuyamPYgThNvfDbRTBBpQTA6d7+VtCM2VI
t54iJRBR8xbjQ6P+bmmNP1jfX+WsLGzk4+VL0RUTDn/Uz6Z4LTRWlaa+R2yPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUz2DE8CZQ/uLvRBTGoUyC1AfIsg4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk3Mjg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAGDMA0GCSqGSIb3DQEBCwUAA4IBAQAWjx4yjxxmUh9QO+4pa5iaVo24pmpvRBUu
vJ83M+UvCMc4+465AcqwVE5hsZonIVC86oosGvuMDLr/3hLTxYHPncvW0dJPAGZa
i3MKmPMsYmlX4LTQwT/QX0PrEr+oXN1HjR63mgdSLKVn0tYRBpNhhXaGqsPBQdud
I9oro/GnwwBsuDFRgkoJCyz5zaHtdBAxZvQ1FRW7jLBBQQ4zSEdcrN5NJUqtSzlT
F2UM4XqQJRupFxQ1jRecpQGYtAsy2a5jCd4Vi2GigwMmLSEgF3nT3xgwOCUgpobD
hwIIWK24aqVqZ4So+uIjN1DIY+mdXlwWIIVK5LIKe+Sw/8fsgKYl
-----END CERTIFICATE-----