Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          psJtxdUoSlFZW06Ov5FJK5vdnxoM5cNIrCrHqSM3hLQ=
Subject key identifier:   E9:B7:DE:9F:69:E8:17:C0:2F:F8:AD:F7:55:DB:9A:06:44:44:86:82
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       371B06587230636A892BDC82DF09199640E08DDD
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
Signing time:             Fri 10 Jul 2026 06:07:29 +0000
ROA not before:           Fri 10 Jul 2026 06:02:29 +0000
ROA not after:            Fri 09 Jul 2027 06:07:29 +0000
asID:                     25198
IP address blocks:        82.25.4.0/24 maxlen: 24
                          178.83.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:1b:06:58:72:30:63:6a:89:2b:dc:82:df:09:19:96:40:e0:8d:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 10 06:02:29 2026 GMT
            Not After : Jul  9 06:07:29 2027 GMT
        Subject: CN=E9B7DE9F69E817C02FF8ADF755DB9A0644448682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ba:11:bf:fc:47:34:ff:36:01:b0:5c:34:a0:
                    12:62:22:e9:4d:e1:2b:13:fa:ea:23:b8:d1:41:90:
                    3c:e0:a0:80:d8:a1:5a:fa:85:35:d5:28:b6:22:8c:
                    fb:5d:04:20:61:82:93:b2:95:a1:b2:05:ee:68:76:
                    02:57:38:6a:6e:c3:8f:97:9a:b0:a8:32:10:83:fa:
                    30:ee:a4:dc:1f:6e:48:bb:7f:3b:33:46:86:7a:ba:
                    d0:84:2f:b5:38:ad:22:a8:93:23:c6:96:f5:11:10:
                    f9:ca:78:43:bd:9b:a1:89:d2:9b:23:e9:9e:1d:18:
                    27:76:48:4c:fd:0e:e8:8a:70:1d:e1:71:98:36:ca:
                    8e:6e:33:f0:4a:79:74:08:cb:70:a2:38:82:c8:a8:
                    ae:cc:3f:74:56:7c:c0:05:90:84:5f:1a:68:a9:a7:
                    6b:44:25:4d:b2:76:52:5c:a9:ca:46:74:78:39:05:
                    2b:1d:f1:40:22:38:86:99:f9:f8:e7:a8:5c:cc:8f:
                    cb:3d:1d:2d:c1:4a:76:cb:20:15:89:d2:0a:ae:02:
                    9a:a6:30:e6:64:38:c5:1a:83:ee:3f:c4:b5:f6:58:
                    07:79:c3:97:00:72:d4:62:75:e7:39:d2:52:ab:e7:
                    e1:d8:82:84:13:d5:ab:e1:31:72:be:56:de:ae:c6:
                    8e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B7:DE:9F:69:E8:17:C0:2F:F8:AD:F7:55:DB:9A:06:44:44:86:82
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.4.0/24
                  178.83.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:09:44:29:39:b4:bc:9f:23:ed:ef:ed:38:ee:e0:88:ac:e2:
         00:8a:96:25:07:43:f2:75:7d:e9:97:4e:04:c2:dd:b7:1c:19:
         aa:ce:d4:42:db:0c:45:d6:af:8a:d7:16:ec:9a:e1:17:91:21:
         5c:d9:9b:2d:37:53:a0:df:86:aa:a9:4d:32:53:7a:d7:88:6e:
         e1:49:fd:04:13:34:67:e7:7b:c5:7b:95:c9:1f:16:e6:a3:6c:
         39:d6:44:c2:c8:99:f6:73:41:11:58:3d:cd:a6:26:b0:6c:60:
         ec:b3:a0:8b:41:a9:92:c4:91:c3:51:e6:03:6b:da:2d:9b:a2:
         92:dd:4a:08:98:5e:8c:1c:6e:d9:55:34:51:c6:ce:c1:74:c8:
         69:ef:02:0d:52:be:61:8c:7f:76:9a:6e:d1:91:fe:5a:fd:2f:
         69:80:37:f7:1b:d5:85:c4:ee:ed:1e:cf:d8:0b:4f:5a:eb:2a:
         93:1d:8d:36:39:0b:b4:44:bf:10:e4:aa:a8:39:18:60:5c:88:
         b4:84:d9:49:a3:d8:8e:eb:67:08:7b:9b:8a:f7:e3:87:c2:f3:
         d6:3e:f3:c2:78:58:d6:1a:d0:40:50:72:fa:65:64:90:f0:26:
         19:3d:97:0e:b2:cb:94:28:dd:6f:4c:e8:00:5c:21:e2:68:a8:
         a7:22:64:43
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUNxsGWHIwY2qJK9yC3wkZlkDgjd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA3MTAwNjAyMjlaFw0yNzA3MDkwNjA3MjlaMDMxMTAvBgNV
BAMTKEU5QjdERTlGNjlFODE3QzAyRkY4QURGNzU1REI5QTA2NDQ0NDg2ODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1uhG//Ec0/zYBsFw0oBJiIulN
4SsT+uojuNFBkDzgoIDYoVr6hTXVKLYijPtdBCBhgpOylaGyBe5odgJXOGpuw4+X
mrCoMhCD+jDupNwfbki7fzszRoZ6utCEL7U4rSKokyPGlvUREPnKeEO9m6GJ0psj
6Z4dGCd2SEz9DuiKcB3hcZg2yo5uM/BKeXQIy3CiOILIqK7MP3RWfMAFkIRfGmip
p2tEJU2ydlJcqcpGdHg5BSsd8UAiOIaZ+fjnqFzMj8s9HS3BSnbLIBWJ0gquApqm
MOZkOMUag+4/xLX2WAd5w5cActRidec50lKr5+HYgoQT1avhMXK+Vt6uxo7rAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU6bfen2noF8Av+K33VduaBkREhoIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSGQQD
BACyU50wDQYJKoZIhvcNAQELBQADggEBAG0JRCk5tLyfI+3v7Tju4Iis4gCKliUH
Q/J1femXTgTC3bccGarO1ELbDEXWr4rXFuya4ReRIVzZmy03U6DfhqqpTTJTeteI
buFJ/QQTNGfne8V7lckfFuajbDnWRMLImfZzQRFYPc2mJrBsYOyzoItBqZLEkcNR
5gNr2i2bopLdSgiYXowcbtlVNFHGzsF0yGnvAg1SvmGMf3aabtGR/lr9L2mAN/cb
1YXE7u0ez9gLT1rrKpMdjTY5C7REvxDkqqg5GGBciLSE2Umj2I7rZwh7m4r344fC
89Y+88J4WNYa0EBQcvplZJDwJhk9lw6yy5Qo3W9M6ABcIeJoqKciZEM=
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:08:16 2026 by rpki-client