Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa
File:                     AS198087.roa (raw, json)
Hash identifier:          EvPtXPANUhyyhlbilyxA2ingFc8fJlIJjM9uOzDI3lI=
Subject key identifier:   C5:0A:B5:D6:8C:32:4F:EB:09:19:23:BB:F9:6D:E0:3B:C4:49:36:6A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       76136D8C56CDE41CB79A07696B381009B3554647
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa
Signing time:             Thu 30 Apr 2026 09:11:21 +0000
ROA not before:           Thu 30 Apr 2026 09:06:21 +0000
ROA not after:            Thu 29 Apr 2027 09:11:21 +0000
asID:                     198087
IP address blocks:        178.83.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:13:6d:8c:56:cd:e4:1c:b7:9a:07:69:6b:38:10:09:b3:55:46:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 30 09:06:21 2026 GMT
            Not After : Apr 29 09:11:21 2027 GMT
        Subject: CN=C50AB5D68C324FEB091923BBF96DE03BC449366A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9a:01:db:fb:38:49:54:20:59:07:8f:c3:bb:
                    1e:97:77:2b:f0:42:0e:59:6a:92:bd:c4:13:ef:64:
                    0f:19:a7:e3:ab:92:0f:1f:c5:15:74:39:7b:6d:58:
                    5a:bc:38:3c:d8:18:e6:d0:33:13:8c:40:f1:10:38:
                    57:fb:b9:db:af:db:06:2c:03:1f:f0:27:31:5c:1d:
                    26:db:41:0c:62:73:75:73:81:6c:92:93:8c:67:0f:
                    69:c6:91:d9:96:0f:8c:a0:7f:ee:fb:e0:de:35:dc:
                    75:42:dc:f0:b5:0e:ba:4b:83:4a:90:32:47:bc:d7:
                    13:e0:c6:42:f6:b5:1d:99:f5:02:0a:36:92:a9:00:
                    2c:af:68:42:51:78:6b:0c:bd:3d:8a:e8:85:c9:a4:
                    bf:38:33:e5:33:71:49:47:3a:17:e0:60:a9:94:0c:
                    8d:2d:82:74:0d:51:61:6f:30:33:75:db:74:8f:fe:
                    b0:2c:4e:f1:84:25:f5:f3:3f:2a:de:df:63:dd:aa:
                    a5:35:ce:14:87:9e:f9:a9:62:2d:b2:28:2d:2c:67:
                    c9:f4:07:f6:00:ca:d3:b9:65:3c:a2:e2:8f:b3:e0:
                    3c:29:b5:48:35:47:91:22:a2:19:f6:78:8d:36:74:
                    6a:d5:82:6d:b5:f4:7e:16:da:e5:ef:ab:43:1d:65:
                    34:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:0A:B5:D6:8C:32:4F:EB:09:19:23:BB:F9:6D:E0:3B:C4:49:36:6A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:66:20:1a:d8:ed:01:00:27:e9:58:0e:8a:79:38:4f:06:93:
         5a:55:3a:4f:d8:b8:90:f5:85:ea:3e:6c:e1:c8:82:e8:82:47:
         3b:b8:d5:96:51:06:7f:f0:ba:80:fc:d8:63:8c:9f:5f:13:bf:
         d0:03:95:f0:ff:2d:7c:d8:d7:b7:b2:c8:97:a5:e0:7b:75:14:
         af:77:48:df:cf:7d:2b:43:d1:03:d4:79:bc:69:2c:f6:9a:03:
         98:d9:eb:be:31:97:1c:fd:54:f7:9b:2a:ff:8c:83:c1:ac:46:
         79:a0:85:ff:0f:17:ab:b5:46:69:7a:64:a5:23:49:f7:2a:5c:
         6d:c4:20:f1:e1:58:2b:f1:55:87:86:c3:d7:ff:d1:37:15:e0:
         cd:96:63:04:c3:16:9a:42:e5:1d:4e:cb:cf:08:d3:0c:0a:1e:
         50:f4:99:a5:d3:41:76:8e:5a:84:57:31:91:44:81:c4:17:02:
         64:20:a5:67:40:e3:bc:01:56:9c:af:69:ab:3e:bb:c4:06:04:
         3a:f6:f2:c2:fd:e2:b2:04:63:eb:a8:67:95:27:ab:11:c6:57:
         0a:88:b0:7f:30:df:00:30:81:0f:d4:03:51:ed:60:5b:eb:73:
         7c:76:9d:e3:e0:33:b2:47:59:ff:2d:d9:91:3c:fc:36:46:67:
         46:ed:e2:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdhNtjFbN5By3mgdpazgQCbNVRkcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MzAwOTA2MjFaFw0yNzA0MjkwOTExMjFaMDMxMTAvBgNV
BAMTKEM1MEFCNUQ2OEMzMjRGRUIwOTE5MjNCQkY5NkRFMDNCQzQ0OTM2NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4mgHb+zhJVCBZB4/Dux6Xdyvw
Qg5ZapK9xBPvZA8Zp+Orkg8fxRV0OXttWFq8ODzYGObQMxOMQPEQOFf7uduv2wYs
Ax/wJzFcHSbbQQxic3VzgWySk4xnD2nGkdmWD4ygf+774N413HVC3PC1DrpLg0qQ
Mke81xPgxkL2tR2Z9QIKNpKpACyvaEJReGsMvT2K6IXJpL84M+UzcUlHOhfgYKmU
DI0tgnQNUWFvMDN123SP/rAsTvGEJfXzPyre32PdqqU1zhSHnvmpYi2yKC0sZ8n0
B/YAytO5ZTyi4o+z4DwptUg1R5Eiohn2eI02dGrVgm219H4W2uXvq0MdZTQhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxQq11owyT+sJGSO7+W3gO8RJNmowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4MDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslO4
MA0GCSqGSIb3DQEBCwUAA4IBAQBIZiAa2O0BACfpWA6KeThPBpNaVTpP2LiQ9YXq
PmzhyILogkc7uNWWUQZ/8LqA/NhjjJ9fE7/QA5Xw/y182Ne3ssiXpeB7dRSvd0jf
z30rQ9ED1Hm8aSz2mgOY2eu+MZcc/VT3myr/jIPBrEZ5oIX/DxertUZpemSlI0n3
KlxtxCDx4Vgr8VWHhsPX/9E3FeDNlmMEwxaaQuUdTsvPCNMMCh5Q9Jml00F2jlqE
VzGRRIHEFwJkIKVnQOO8AVacr2mrPrvEBgQ69vLC/eKyBGPrqGeVJ6sRxlcKiLB/
MN8AMIEP1ANR7WBb63N8dp3j4DOyR1n/LdmRPPw2RmdG7eIm
-----END CERTIFICATE-----