Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197737.roa
File:                     AS197737.roa (raw, json)
Hash identifier:          Lga1Ew5qkG132Nz8est7vYD8bZUNCIcJuUca/V+3iSM=
Subject key identifier:   41:BE:A0:14:6A:4C:82:62:8E:1B:CC:8A:14:90:39:F1:11:A8:3F:A8
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       5D29786B682AD350316312D71B2BE0F1917B3F19
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197737.roa
Signing time:             Tue 06 Jan 2026 01:00:45 +0000
ROA not before:           Tue 06 Jan 2026 00:55:45 +0000
ROA not after:            Tue 05 Jan 2027 01:00:45 +0000
asID:                     197737
IP address blocks:        2a14:7581:5000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:29:78:6b:68:2a:d3:50:31:63:12:d7:1b:2b:e0:f1:91:7b:3f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jan  6 00:55:45 2026 GMT
            Not After : Jan  5 01:00:45 2027 GMT
        Subject: CN=41BEA0146A4C82628E1BCC8A149039F111A83FA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f2:d6:c9:a4:28:fa:89:7c:01:13:96:5f:87:
                    f3:c9:a6:61:99:02:01:7b:80:51:8d:08:44:06:df:
                    2e:3d:2e:b4:ef:33:89:72:e4:f6:57:4b:89:25:cd:
                    74:5c:f2:d2:e2:dc:5d:f2:db:bc:21:c9:26:df:f5:
                    63:2b:a1:82:7a:a3:c9:f6:82:66:dd:fa:ae:c0:d5:
                    bd:40:c8:d0:db:c1:8d:a1:64:9a:40:80:8a:41:18:
                    dd:16:cd:8e:93:aa:dc:ac:47:05:ed:51:35:ec:98:
                    6e:67:ed:f1:8f:c5:0f:76:a1:cb:b7:3e:76:1c:39:
                    1f:17:05:47:c5:ff:ca:46:fc:cd:12:77:30:d9:a9:
                    c8:45:e0:53:ef:8b:f9:6b:81:55:85:9d:98:4a:82:
                    98:50:c1:65:08:61:bf:81:be:cf:38:91:ad:e6:e4:
                    b6:5d:84:c8:89:9f:aa:f8:fa:71:74:59:4a:4e:c9:
                    3e:a4:31:58:e5:a1:47:08:c2:14:65:cb:f4:e5:90:
                    1d:dd:a8:8e:c9:87:19:b1:11:4b:27:68:c4:8b:c7:
                    ba:ee:00:ba:82:16:2e:af:74:47:3c:ba:00:8a:8f:
                    1a:75:4b:e8:d8:e9:f6:49:fb:98:74:d4:b6:42:c3:
                    46:4d:35:8b:6a:b4:49:c6:9b:b5:f6:01:ff:41:4f:
                    e1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BE:A0:14:6A:4C:82:62:8E:1B:CC:8A:14:90:39:F1:11:A8:3F:A8
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         38:cb:90:f7:74:ca:73:27:c3:e6:8a:7f:4b:c3:a4:6f:10:f9:
         a6:61:7b:f7:87:4b:a1:c4:10:69:66:53:f2:a1:61:e6:e4:e0:
         df:84:d6:a3:5c:27:44:33:33:b7:85:03:df:f6:12:53:34:84:
         a3:e7:ae:5a:41:bc:21:5e:3f:26:80:37:2e:df:b9:51:b0:b2:
         b6:c8:d0:dc:47:46:7b:00:cd:f7:6c:89:9a:2c:ec:f5:f6:51:
         24:46:8b:48:0e:1d:d3:a7:a6:2c:54:76:ec:d4:e0:a3:6b:43:
         b7:38:63:ff:ea:dd:80:ba:bd:91:d8:15:eb:07:77:a0:c2:19:
         76:ab:d5:49:a0:42:96:1c:81:81:2e:4b:42:79:3f:b7:22:44:
         4d:0c:42:cf:46:fc:02:2a:83:b8:2f:af:cd:77:f6:e5:8f:cb:
         98:bb:aa:1f:33:bf:03:1a:5d:c2:2d:32:58:05:30:dd:f9:04:
         a1:8f:cf:9b:45:70:91:1e:e0:4d:00:cf:f6:92:26:e1:90:06:
         4b:0f:39:16:e5:4a:21:dc:58:f1:1e:e7:8d:df:5a:9a:78:64:
         3f:ba:bd:d1:03:82:12:8f:fe:ee:67:f3:cc:33:cf:c8:e7:7d:
         34:39:7f:85:79:f1:e4:84:65:8f:fa:78:15:f6:13:e1:20:71:
         f1:26:38:37
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUXSl4a2gq01AxYxLXGyvg8ZF7PxkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAxMDYwMDU1NDVaFw0yNzAxMDUwMTAwNDVaMDMxMTAvBgNV
BAMTKDQxQkVBMDE0NkE0QzgyNjI4RTFCQ0M4QTE0OTAzOUYxMTFBODNGQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy8tbJpCj6iXwBE5Zfh/PJpmGZ
AgF7gFGNCEQG3y49LrTvM4ly5PZXS4klzXRc8tLi3F3y27whySbf9WMroYJ6o8n2
gmbd+q7A1b1AyNDbwY2hZJpAgIpBGN0WzY6TqtysRwXtUTXsmG5n7fGPxQ92ocu3
PnYcOR8XBUfF/8pG/M0SdzDZqchF4FPvi/lrgVWFnZhKgphQwWUIYb+Bvs84ka3m
5LZdhMiJn6r4+nF0WUpOyT6kMVjloUcIwhRly/TlkB3dqI7JhxmxEUsnaMSLx7ru
ALqCFi6vdEc8ugCKjxp1S+jY6fZJ+5h01LZCw0ZNNYtqtEnGm7X2Af9BT+HhAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUQb6gFGpMgmKOG8yKFJA58RGoP6gwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTk3NzM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
gVAwDQYJKoZIhvcNAQELBQADggEBADjLkPd0ynMnw+aKf0vDpG8Q+aZhe/eHS6HE
EGlmU/KhYebk4N+E1qNcJ0QzM7eFA9/2ElM0hKPnrlpBvCFePyaANy7fuVGwsrbI
0NxHRnsAzfdsiZos7PX2USRGi0gOHdOnpixUduzU4KNrQ7c4Y//q3YC6vZHYFesH
d6DCGXar1UmgQpYcgYEuS0J5P7ciRE0MQs9G/AIqg7gvr8139uWPy5i7qh8zvwMa
XcItMlgFMN35BKGPz5tFcJEe4E0Az/aSJuGQBksPORblSiHcWPEe543fWpp4ZD+6
vdEDghKP/u5n88wzz8jnfTQ5f4V58eSEZY/6eBX2E+EgcfEmODc=
-----END CERTIFICATE-----