Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197346.roa
File:                     AS197346.roa (raw, json)
Hash identifier:          I2VCGQPuQ3vxGB4FfyuDEO7iAeH4yLUX/AvfFS2LAXA=
Subject key identifier:   3E:F6:02:D3:49:3E:B2:17:0C:73:98:0D:39:3B:96:38:C5:51:15:2C
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       3F791C27F550ECD0D51A85519F732065D1F4C708
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197346.roa
Signing time:             Sat 23 May 2026 07:12:54 +0000
ROA not before:           Sat 23 May 2026 07:07:54 +0000
ROA not after:            Sat 22 May 2027 07:12:54 +0000
asID:                     197346
IP address blocks:        2a14:7583:6000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:79:1c:27:f5:50:ec:d0:d5:1a:85:51:9f:73:20:65:d1:f4:c7:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 23 07:07:54 2026 GMT
            Not After : May 22 07:12:54 2027 GMT
        Subject: CN=3EF602D3493EB2170C73980D393B9638C551152C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:00:78:2a:1d:a9:23:dd:68:eb:93:3a:16:63:
                    5f:bd:37:6a:62:b9:a8:aa:79:85:d8:75:d8:92:29:
                    8b:65:c6:aa:ae:08:25:8d:55:c5:19:a3:96:89:fa:
                    f2:9a:77:22:ea:8a:96:c7:29:a7:62:28:31:a0:9c:
                    53:1d:b2:be:3a:df:f4:89:dc:50:90:00:da:5b:0c:
                    2e:db:de:a6:0d:8f:2a:e9:68:ad:7b:89:8a:be:eb:
                    ea:af:27:e7:37:cd:15:50:fb:de:ac:b7:ae:97:ba:
                    88:d6:e9:d2:d9:58:86:e4:7d:e0:d2:97:5c:9d:fd:
                    58:51:e5:87:cd:0d:41:12:35:a6:aa:68:00:cb:1d:
                    c0:dd:e9:06:f1:90:0c:55:9a:6c:f6:39:f0:2f:38:
                    c6:31:60:fd:dd:14:a4:fd:0d:ca:2f:98:cb:4c:c1:
                    51:a9:62:7b:04:b2:75:ff:77:48:d7:f1:9d:73:d9:
                    aa:81:0b:35:b8:ad:d1:f5:e2:3b:49:b3:ae:6d:25:
                    1c:9e:a5:f9:e3:fb:c1:25:ea:eb:6d:d7:6d:a0:49:
                    ff:7c:7c:7d:5a:c8:38:d9:8d:57:ff:30:07:0c:59:
                    08:f9:68:f0:bf:45:f1:dd:35:dd:5f:6c:cb:1d:a3:
                    f1:7f:20:fc:26:91:c6:b0:01:4e:b0:15:4b:03:a2:
                    b6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F6:02:D3:49:3E:B2:17:0C:73:98:0D:39:3B:96:38:C5:51:15:2C
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197346.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         23:27:de:ff:61:d7:93:86:fa:bf:67:25:9a:fd:c6:c4:23:32:
         d6:8a:48:05:ef:62:15:2c:19:07:8a:64:a1:c8:f7:ff:b9:c1:
         d8:59:bc:e8:8b:b4:33:d3:ad:82:d3:44:d7:c0:de:dd:cb:ef:
         b6:12:30:49:59:32:1d:a8:8f:ce:0a:a9:c5:f2:83:18:51:94:
         6e:03:75:92:19:a7:e2:f6:23:2c:08:36:33:1a:31:53:95:14:
         73:87:06:65:cb:34:5c:6a:55:af:81:a3:6d:1d:03:ef:db:f1:
         7f:cd:8e:e2:70:39:13:7f:f7:fd:d3:9a:45:3f:df:bd:c3:a6:
         bd:36:ab:88:de:84:5e:f3:fb:8d:68:66:b4:16:17:77:e5:2b:
         03:18:f2:89:ee:d5:d4:4d:51:ea:71:37:05:9d:05:56:e8:6c:
         fa:f8:c2:dc:46:74:cb:e3:50:a6:0f:ff:05:e1:b2:a6:10:ff:
         92:7c:4b:53:df:cd:34:d0:94:65:00:e3:ab:77:00:51:0a:9f:
         a6:1e:75:38:04:ab:43:4e:a6:fe:85:f8:8f:cb:a2:97:d1:0f:
         5d:49:cd:5b:c6:3b:32:5a:8b:83:cd:6d:82:11:f4:ce:b2:b5:
         b0:1c:5d:80:4c:6f:d8:ef:a6:ab:15:01:e1:99:1d:a5:43:55:
         fe:0c:8a:cb
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUP3kcJ/VQ7NDVGoVRn3MgZdH0xwgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MjMwNzA3NTRaFw0yNzA1MjIwNzEyNTRaMDMxMTAvBgNV
BAMTKDNFRjYwMkQzNDkzRUIyMTcwQzczOTgwRDM5M0I5NjM4QzU1MTE1MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRAHgqHakj3WjrkzoWY1+9N2pi
uaiqeYXYddiSKYtlxqquCCWNVcUZo5aJ+vKadyLqipbHKadiKDGgnFMdsr463/SJ
3FCQANpbDC7b3qYNjyrpaK17iYq+6+qvJ+c3zRVQ+96st66XuojW6dLZWIbkfeDS
l1yd/VhR5YfNDUESNaaqaADLHcDd6QbxkAxVmmz2OfAvOMYxYP3dFKT9DcovmMtM
wVGpYnsEsnX/d0jX8Z1z2aqBCzW4rdH14jtJs65tJRyepfnj+8El6utt122gSf98
fH1ayDjZjVf/MAcMWQj5aPC/RfHdNd1fbMsdo/F/IPwmkcawAU6wFUsDorYhAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUPvYC00k+shcMc5gNOTuWOMVRFSwwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTk3MzQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
g2AwDQYJKoZIhvcNAQELBQADggEBACMn3v9h15OG+r9nJZr9xsQjMtaKSAXvYhUs
GQeKZKHI9/+5wdhZvOiLtDPTrYLTRNfA3t3L77YSMElZMh2oj84KqcXygxhRlG4D
dZIZp+L2IywINjMaMVOVFHOHBmXLNFxqVa+Bo20dA+/b8X/NjuJwORN/9/3TmkU/
373Dpr02q4jehF7z+41oZrQWF3flKwMY8onu1dRNUepxNwWdBVbobPr4wtxGdMvj
UKYP/wXhsqYQ/5J8S1PfzTTQlGUA46t3AFEKn6YedTgEq0NOpv6F+I/LopfRD11J
zVvGOzJai4PNbYIR9M6ytbAcXYBMb9jvpqsVAeGZHaVDVf4Miss=
-----END CERTIFICATE-----