Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          v4W1SLuN1mTtS6rsVwvOAXhgnBYF8fkf8ee6zs3Dz3c=
Subject key identifier:   6A:67:B7:5F:26:51:56:1B:D6:C1:75:0C:D1:16:BE:20:5D:D9:3B:A6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       153FD157279CB3B4CAE548B85CE925A3B6D52BC1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
Signing time:             Wed 27 May 2026 16:17:17 +0000
ROA not before:           Wed 27 May 2026 16:12:17 +0000
ROA not after:            Wed 26 May 2027 16:17:17 +0000
asID:                     25198
IP address blocks:        178.83.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:3f:d1:57:27:9c:b3:b4:ca:e5:48:b8:5c:e9:25:a3:b6:d5:2b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 27 16:12:17 2026 GMT
            Not After : May 26 16:17:17 2027 GMT
        Subject: CN=6A67B75F2651561BD6C1750CD116BE205DD93BA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d1:63:e7:c0:0d:74:f7:a3:6e:fb:0f:44:58:
                    ba:b3:b5:68:d4:70:36:08:63:68:fc:4f:f7:52:d4:
                    68:9a:35:dc:f7:9b:91:6e:65:4c:be:5f:97:5e:a4:
                    60:c4:0f:a3:25:fe:57:0b:5e:5e:d1:7d:23:3e:38:
                    1c:6f:6a:a2:2a:8a:c4:3e:28:08:32:f1:ec:b5:68:
                    67:83:e4:2b:ec:86:f3:45:38:3c:7d:cf:31:17:76:
                    10:29:6b:0f:7b:06:a8:37:5e:8d:75:12:74:65:7f:
                    20:c6:b1:62:cf:23:dc:f3:4d:ef:f2:68:55:76:7d:
                    31:04:db:ce:50:fc:5c:03:1e:33:75:ac:6f:c5:71:
                    4c:0e:61:3b:e1:9c:7d:e6:23:92:93:6f:03:fd:01:
                    65:4d:96:22:03:4d:fc:1a:d9:90:6b:00:ff:91:e1:
                    38:28:9e:ed:ce:a6:23:18:9e:7a:9b:4d:9b:d0:73:
                    94:d5:d2:9e:30:32:c1:8d:4b:3e:61:2b:f2:d9:2d:
                    08:91:ed:d3:0d:ca:20:6f:f7:24:b7:ee:05:be:41:
                    b8:f4:eb:20:69:e5:af:9a:45:e1:a0:d8:21:09:12:
                    72:9c:0b:ef:71:a8:6c:99:d1:fc:88:f0:70:42:0d:
                    59:13:3e:cd:2a:02:8f:1e:0f:9f:c0:02:98:67:6d:
                    f2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:67:B7:5F:26:51:56:1B:D6:C1:75:0C:D1:16:BE:20:5D:D9:3B:A6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:e2:ed:e3:25:4e:79:9e:f3:2b:e5:dd:13:61:d5:ef:67:94:
         cf:4b:04:07:bf:2e:90:b2:52:0e:ef:71:47:64:8b:fd:21:29:
         19:cf:c2:f4:17:4d:a4:c4:ba:9c:9d:65:15:5d:b0:6d:2c:ae:
         d4:33:39:7e:15:bc:a9:b4:ab:11:fe:fa:02:6e:97:5d:8e:13:
         6c:29:06:21:f4:89:56:eb:38:7a:43:13:89:33:f3:e0:7d:f8:
         fb:71:e9:46:a1:de:de:72:bd:b6:50:53:2d:45:5a:92:dd:27:
         82:2a:95:72:4b:69:c0:1d:ed:68:a4:37:d2:54:ba:32:58:b8:
         e7:cc:d3:77:72:c0:f3:bc:86:ea:a3:94:24:6e:8a:ad:72:f9:
         7c:0e:8a:91:a1:61:8d:91:e6:fc:48:e3:96:d6:01:98:19:17:
         53:88:3a:e3:72:3c:53:25:a9:8e:83:0f:b0:9a:1e:63:69:9d:
         68:73:21:24:cd:be:01:65:25:22:63:d9:86:ca:2d:56:b2:59:
         ee:5d:dc:f2:3c:24:91:81:53:ad:1d:8b:92:b3:a8:14:f3:b2:
         7e:79:9e:48:35:ba:5a:5d:22:06:51:86:ab:93:9e:d3:71:78:
         47:4b:be:1b:ff:51:97:d0:cc:87:07:90:32:f9:6d:d6:c5:7a:
         b5:07:15:8c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFT/RVyecs7TK5Ui4XOklo7bVK8EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjcxNjEyMTdaFw0yNzA1MjYxNjE3MTdaMDMxMTAvBgNV
BAMTKDZBNjdCNzVGMjY1MTU2MUJENkMxNzUwQ0QxMTZCRTIwNUREOTNCQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa0WPnwA1096Nu+w9EWLqztWjU
cDYIY2j8T/dS1GiaNdz3m5FuZUy+X5depGDED6Ml/lcLXl7RfSM+OBxvaqIqisQ+
KAgy8ey1aGeD5CvshvNFODx9zzEXdhApaw97Bqg3Xo11EnRlfyDGsWLPI9zzTe/y
aFV2fTEE285Q/FwDHjN1rG/FcUwOYTvhnH3mI5KTbwP9AWVNliIDTfwa2ZBrAP+R
4Tgonu3OpiMYnnqbTZvQc5TV0p4wMsGNSz5hK/LZLQiR7dMNyiBv9yS37gW+Qbj0
6yBp5a+aReGg2CEJEnKcC+9xqGyZ0fyI8HBCDVkTPs0qAo8eD5/AAphnbfIlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUame3XyZRVhvWwXUM0Ra+IF3ZO6YwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACyU50w
DQYJKoZIhvcNAQELBQADggEBACXi7eMlTnme8yvl3RNh1e9nlM9LBAe/LpCyUg7v
cUdki/0hKRnPwvQXTaTEupydZRVdsG0srtQzOX4VvKm0qxH++gJul12OE2wpBiH0
iVbrOHpDE4kz8+B9+Ptx6Uah3t5yvbZQUy1FWpLdJ4IqlXJLacAd7WikN9JUujJY
uOfM03dywPO8huqjlCRuiq1y+XwOipGhYY2R5vxI45bWAZgZF1OIOuNyPFMlqY6D
D7CaHmNpnWhzISTNvgFlJSJj2YbKLVayWe5d3PI8JJGBU60di5KzqBTzsn55nkg1
ulpdIgZRhquTntNxeEdLvhv/UZfQzIcHkDL5bdbFerUHFYw=
-----END CERTIFICATE-----