Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197291.roa
File:                     AS197291.roa (raw, json)
Hash identifier:          sEcAEyePgniCI24dE0YaHB2SlwuI84UyMm46/IKGu50=
Subject key identifier:   FB:2E:82:88:B7:24:F6:A2:BC:FB:9E:F8:97:26:3F:DA:B8:D7:1C:28
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       59B772467FDCD11F45AA50ACD12D9E543705D50C
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197291.roa
Signing time:             Tue 26 May 2026 12:00:16 +0000
ROA not before:           Tue 26 May 2026 11:55:16 +0000
ROA not after:            Tue 25 May 2027 12:00:16 +0000
asID:                     197291
IP address blocks:        2a14:7583:eff9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:b7:72:46:7f:dc:d1:1f:45:aa:50:ac:d1:2d:9e:54:37:05:d5:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 26 11:55:16 2026 GMT
            Not After : May 25 12:00:16 2027 GMT
        Subject: CN=FB2E8288B724F6A2BCFB9EF897263FDAB8D71C28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:47:8d:f6:95:11:30:86:b1:dd:09:61:a5:6e:
                    a9:ff:2d:88:48:b9:35:42:a8:f7:d8:37:e0:14:31:
                    e2:a5:6b:ea:5c:d8:ec:1b:92:63:95:a6:ca:0c:d9:
                    43:ec:00:14:f8:45:08:e5:91:50:31:d5:19:d7:34:
                    86:2f:d1:ea:1f:e5:07:1b:94:f4:93:d0:33:e1:91:
                    ff:6b:d9:db:b1:f6:65:81:fa:04:f2:50:ef:58:da:
                    50:bc:aa:fc:01:24:f5:2d:98:00:be:66:0d:6b:f6:
                    bc:b9:35:ca:4e:df:8f:cd:dc:1e:c5:00:14:47:83:
                    a4:70:a7:1c:07:1b:6f:ff:df:af:9e:f0:62:8f:7e:
                    54:78:76:65:43:2b:64:5a:40:61:a2:0c:4b:b9:75:
                    c1:55:76:af:d5:c1:18:df:4f:d8:f5:53:e5:48:d4:
                    b4:6a:b8:5a:b1:ac:69:bf:b7:88:6b:b6:ce:f0:b4:
                    8e:92:db:a0:77:3b:7c:17:3b:e6:e1:56:d3:df:60:
                    76:38:7b:cd:54:5c:43:4a:46:64:a9:2f:6a:3b:41:
                    d0:9d:2c:22:3c:0b:9d:72:00:3b:e7:94:f6:87:a6:
                    6b:9d:4e:f9:cd:d9:5a:8e:de:35:f3:ec:14:d0:8f:
                    0d:47:5c:8c:64:b6:cb:f0:fa:42:ec:e5:3f:af:9d:
                    2b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2E:82:88:B7:24:F6:A2:BC:FB:9E:F8:97:26:3F:DA:B8:D7:1C:28
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197291.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:eff9::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:4e:c1:0c:0f:de:42:e8:60:4a:f7:5d:82:33:4d:2f:2b:10:
         e6:ff:64:37:1b:ba:28:38:c1:61:c9:17:1d:3d:c1:d3:88:71:
         4d:d7:86:23:f6:bb:c8:70:36:1a:e4:00:b4:1b:4e:39:5d:c5:
         e3:a0:e3:0d:ca:da:99:c1:de:26:0b:a2:cc:58:75:e5:0a:a4:
         ed:ce:6b:5f:f4:0f:43:cc:17:39:15:4b:23:58:19:78:e6:01:
         7d:00:01:1d:c7:45:9d:90:98:ea:be:7b:ae:72:86:05:9b:5f:
         cb:f8:9c:fe:71:c2:e7:58:5f:aa:b2:aa:a4:6e:32:ce:ff:41:
         7d:74:4f:45:fd:8b:f1:af:26:24:0f:c6:4f:8d:14:4b:1d:b7:
         1f:a7:09:d8:b5:d3:55:16:56:f9:d9:08:39:6c:18:c4:74:00:
         47:65:60:75:e2:c9:92:d1:21:2b:c2:10:c6:ba:67:e7:7b:dd:
         a7:f9:9f:fc:d4:7b:e1:eb:f2:f9:a2:6e:a1:8d:70:a4:2a:be:
         c7:28:70:23:cc:9d:0d:0f:6b:2c:d6:a0:67:5a:d8:db:3a:2f:
         8f:08:33:95:68:e6:92:67:10:59:f5:0d:8f:10:f4:cd:2b:f2:
         66:46:32:cd:9e:f9:d2:5f:7a:79:a1:ed:64:96:65:57:ef:1e:
         63:71:92:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWbdyRn/c0R9FqlCs0S2eVDcF1QwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MjYxMTU1MTZaFw0yNzA1MjUxMjAwMTZaMDMxMTAvBgNV
BAMTKEZCMkU4Mjg4QjcyNEY2QTJCQ0ZCOUVGODk3MjYzRkRBQjhENzFDMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLR432lREwhrHdCWGlbqn/LYhI
uTVCqPfYN+AUMeKla+pc2OwbkmOVpsoM2UPsABT4RQjlkVAx1RnXNIYv0eof5Qcb
lPST0DPhkf9r2dux9mWB+gTyUO9Y2lC8qvwBJPUtmAC+Zg1r9ry5NcpO34/N3B7F
ABRHg6RwpxwHG2//36+e8GKPflR4dmVDK2RaQGGiDEu5dcFVdq/VwRjfT9j1U+VI
1LRquFqxrGm/t4hrts7wtI6S26B3O3wXO+bhVtPfYHY4e81UXENKRmSpL2o7QdCd
LCI8C51yADvnlPaHpmudTvnN2VqO3jXz7BTQjw1HXIxktsvw+kLs5T+vnSuFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU+y6CiLck9qK8+574lyY/2rjXHCgwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTk3MjkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
g+/5MA0GCSqGSIb3DQEBCwUAA4IBAQBqTsEMD95C6GBK912CM00vKxDm/2Q3G7oo
OMFhyRcdPcHTiHFN14Yj9rvIcDYa5AC0G045XcXjoOMNytqZwd4mC6LMWHXlCqTt
zmtf9A9DzBc5FUsjWBl45gF9AAEdx0WdkJjqvnuucoYFm1/L+Jz+ccLnWF+qsqqk
bjLO/0F9dE9F/YvxryYkD8ZPjRRLHbcfpwnYtdNVFlb52Qg5bBjEdABHZWB14smS
0SErwhDGumfne92n+Z/81Hvh6/L5om6hjXCkKr7HKHAjzJ0ND2ss1qBnWtjbOi+P
CDOVaOaSZxBZ9Q2PEPTNK/JmRjLNnvnSX3p5oe1klmVX7x5jcZLE
-----END CERTIFICATE-----