Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa
File:                     AS198087.roa (raw, json)
Hash identifier:          uVtCW2Y3Ug1pe253qQ7l3MlYZovQR/7oBBJ3nVm+9Do=
Subject key identifier:   71:CC:8A:0D:76:A5:DD:39:0B:C3:98:7A:15:24:24:54:6F:1F:B9:5C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       57DFE5F49C913C0C598E29226B406402A2D3DBA7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa
Signing time:             Mon 16 Mar 2026 08:42:41 +0000
ROA not before:           Mon 16 Mar 2026 08:37:41 +0000
ROA not after:            Mon 15 Mar 2027 08:42:41 +0000
asID:                     198087
IP address blocks:        82.39.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 12:10:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:df:e5:f4:9c:91:3c:0c:59:8e:29:22:6b:40:64:02:a2:d3:db:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 16 08:37:41 2026 GMT
            Not After : Mar 15 08:42:41 2027 GMT
        Subject: CN=71CC8A0D76A5DD390BC3987A152424546F1FB95C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:26:f3:11:3a:de:36:b1:b2:ad:5e:63:44:77:
                    0c:be:e3:52:6c:69:e6:66:6e:3a:c7:b7:41:f3:de:
                    07:e6:32:ee:36:90:50:a9:d8:e1:cd:7d:08:83:e8:
                    e2:02:af:06:3b:b3:e1:95:12:4c:ee:8e:ec:6e:e5:
                    c1:f0:7c:a6:e2:a5:9d:59:e4:71:f3:2e:99:db:f8:
                    1a:61:05:54:2e:b8:b1:00:ee:3d:fa:71:e7:6e:99:
                    5d:bb:16:03:08:de:28:80:cb:8b:db:c7:f9:c2:58:
                    48:cc:2c:eb:8d:4c:53:2e:61:55:e4:30:d5:91:3e:
                    17:0f:52:4a:75:df:80:a0:64:35:50:19:e1:b8:55:
                    38:ca:0e:ed:ac:98:66:c4:e3:22:e9:f8:82:fd:c5:
                    bc:f8:bf:83:9f:f6:5b:68:ab:a3:d1:24:20:fc:48:
                    b4:5c:95:26:5f:92:97:d1:c0:6c:b5:7b:2e:c4:7e:
                    5b:19:a3:e1:de:53:eb:da:ae:f4:e9:b9:86:ec:39:
                    5c:8a:07:ed:d6:f0:16:af:e6:79:a0:cd:2c:2b:6a:
                    c2:b5:e8:d3:b0:d4:1f:22:4c:4b:2b:a4:6b:b6:7a:
                    e1:71:70:03:ed:39:c0:e4:99:ba:28:bb:b2:38:83:
                    87:a3:8e:06:54:fe:dd:a1:74:2f:f6:c3:4d:99:77:
                    32:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:CC:8A:0D:76:A5:DD:39:0B:C3:98:7A:15:24:24:54:6F:1F:B9:5C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:e1:3e:2d:50:c4:df:4a:71:f0:2e:fb:42:86:bf:eb:3d:8e:
         a8:76:91:79:bc:05:e6:79:a5:48:90:cb:55:09:78:67:a8:2e:
         20:d2:37:9b:d8:dc:ed:b8:31:a3:5f:fe:73:cb:c1:ac:5e:d8:
         9e:9a:66:8d:06:57:e3:ea:38:dd:8f:e4:11:2c:4e:ac:06:d1:
         64:66:6a:4d:db:84:9b:80:3b:59:10:e7:18:7d:ec:0d:2c:f0:
         8f:78:cf:62:61:de:cf:9f:81:1c:94:d5:42:4c:61:16:cf:23:
         40:c5:06:77:4a:02:a1:c4:88:ee:58:d8:02:84:e5:8f:17:3f:
         15:11:06:5b:ba:00:0c:f7:97:36:41:8c:71:22:3a:77:17:a7:
         67:a6:ac:3a:7c:19:e5:a5:eb:82:8a:c9:1e:e0:2b:4d:ed:87:
         0a:2c:6d:2b:4c:82:27:ca:ac:1e:33:9a:cd:8e:d8:e9:88:46:
         f0:38:22:b2:32:13:3c:41:51:62:9b:75:68:5b:dd:ff:c5:9d:
         1c:58:c4:a3:cb:31:a3:f9:20:1e:13:70:59:34:ca:b5:3d:a6:
         0b:13:14:85:75:af:50:ad:c7:d6:cb:49:41:71:99:d3:ae:d2:
         5a:66:bd:53:a3:e8:66:f2:f1:27:db:13:43:41:4c:93:1f:2d:
         34:55:b2:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUV9/l9JyRPAxZjikia0BkAqLT26cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTYwODM3NDFaFw0yNzAzMTUwODQyNDFaMDMxMTAvBgNV
BAMTKDcxQ0M4QTBENzZBNUREMzkwQkMzOTg3QTE1MjQyNDU0NkYxRkI5NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMJvMROt42sbKtXmNEdwy+41Js
aeZmbjrHt0Hz3gfmMu42kFCp2OHNfQiD6OICrwY7s+GVEkzujuxu5cHwfKbipZ1Z
5HHzLpnb+BphBVQuuLEA7j36cedumV27FgMI3iiAy4vbx/nCWEjMLOuNTFMuYVXk
MNWRPhcPUkp134CgZDVQGeG4VTjKDu2smGbE4yLp+IL9xbz4v4Of9ltoq6PRJCD8
SLRclSZfkpfRwGy1ey7EflsZo+HeU+varvTpuYbsOVyKB+3W8Bav5nmgzSwrasK1
6NOw1B8iTEsrpGu2euFxcAPtOcDkmboou7I4g4ejjgZU/t2hdC/2w02ZdzKRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUccyKDXal3TkLw5h6FSQkVG8fuVwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4MDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUidn
MA0GCSqGSIb3DQEBCwUAA4IBAQCP4T4tUMTfSnHwLvtChr/rPY6odpF5vAXmeaVI
kMtVCXhnqC4g0jeb2NztuDGjX/5zy8GsXtiemmaNBlfj6jjdj+QRLE6sBtFkZmpN
24SbgDtZEOcYfewNLPCPeM9iYd7Pn4EclNVCTGEWzyNAxQZ3SgKhxIjuWNgChOWP
Fz8VEQZbugAM95c2QYxxIjp3F6dnpqw6fBnlpeuCiske4CtN7YcKLG0rTIInyqwe
M5rNjtjpiEbwOCKyMhM8QVFim3VoW93/xZ0cWMSjyzGj+SAeE3BZNMq1PaYLExSF
da9QrcfWy0lBcZnTrtJaZr1To+hm8vEn2xNDQUyTHy00VbKl
-----END CERTIFICATE-----