Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197806.roa
File:                     AS197806.roa (raw, json)
Hash identifier:          MgOXvm1klOWAMSoALMTS3YBM/5/ApCLSGgvA8x+fSiA=
Subject key identifier:   23:08:D8:D2:E4:E0:B3:9D:3F:A3:57:33:75:6A:CD:C7:A6:09:60:D7
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       59514391557E28002DC30BBBA842797A9C455031
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197806.roa
Signing time:             Tue 23 Jun 2026 11:03:58 +0000
ROA not before:           Tue 23 Jun 2026 10:58:58 +0000
ROA not after:            Tue 22 Jun 2027 11:03:58 +0000
asID:                     197806
IP address blocks:        2a14:7580:5700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:51:43:91:55:7e:28:00:2d:c3:0b:bb:a8:42:79:7a:9c:45:50:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun 23 10:58:58 2026 GMT
            Not After : Jun 22 11:03:58 2027 GMT
        Subject: CN=2308D8D2E4E0B39D3FA35733756ACDC7A60960D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:68:37:12:84:8d:84:ab:52:2e:1d:90:a2:f9:
                    cd:6d:6e:b8:f0:cc:07:02:8b:f1:c0:4f:ec:cf:44:
                    28:e4:9e:2d:2d:13:fc:6e:4f:72:06:3e:95:e5:42:
                    4d:62:af:b7:c9:bd:6c:13:eb:2f:1b:e9:2b:27:5f:
                    f4:43:36:58:4e:7c:6a:45:99:52:d4:e4:07:3d:76:
                    a2:fa:81:1b:9f:85:11:3a:d0:fa:d4:98:1a:50:7b:
                    3c:ca:88:03:0b:7c:a7:09:68:77:22:47:ad:9a:34:
                    94:55:15:fe:4a:12:f4:16:f8:46:ee:3d:1a:55:d5:
                    1f:f2:d1:cc:94:33:91:ad:87:3b:e5:90:28:64:5e:
                    f7:76:2a:fa:f8:1b:9e:b9:1a:e7:51:9f:f0:f6:d1:
                    5c:ca:32:a2:64:a9:91:3d:1d:ed:b6:ff:56:4d:aa:
                    be:17:26:a1:6e:7c:47:7e:13:00:a7:50:7e:8f:57:
                    43:95:6c:22:85:74:86:da:92:8e:47:b2:3d:98:32:
                    42:a6:7e:54:27:6f:9e:0f:ba:8c:94:9b:e5:7a:ef:
                    bc:3b:d9:06:ef:ff:d7:d6:c3:5c:42:5f:7a:40:61:
                    39:f6:59:f6:e3:65:3c:1c:a4:b3:4e:bc:35:89:3e:
                    ed:30:a8:2d:3c:b6:86:a6:9a:1b:0b:e9:2f:54:83:
                    c5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:08:D8:D2:E4:E0:B3:9D:3F:A3:57:33:75:6A:CD:C7:A6:09:60:D7
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197806.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:5700::/40

    Signature Algorithm: sha256WithRSAEncryption
         9f:e4:53:0a:44:1f:42:31:cb:5b:89:5e:54:8e:13:53:d0:f0:
         39:e1:b1:fe:e9:76:bb:50:5e:41:9a:24:6a:bf:9a:d1:3f:95:
         73:85:85:6a:ec:9c:80:54:61:bb:46:56:87:62:b4:c0:bf:dd:
         7f:57:60:cf:3e:32:56:32:0b:36:33:3d:61:cd:ae:bc:45:b2:
         a2:89:16:e1:d4:7f:93:dc:3e:4a:ba:91:d5:5d:a4:96:98:1f:
         62:94:97:e3:c5:ce:d5:ef:59:f5:b8:45:dd:bd:d6:a7:1e:fa:
         bd:7b:55:59:05:4c:e6:96:5b:ca:40:d9:af:35:a3:2b:93:b1:
         e9:30:48:9e:a3:19:16:60:93:61:68:e4:37:79:b7:4a:95:01:
         79:64:7b:d4:b1:0c:7d:80:53:a2:37:92:f3:f5:05:58:55:00:
         65:78:ca:04:71:22:82:16:b6:3c:de:74:a2:fc:f6:96:13:66:
         81:94:ea:3c:74:14:15:0c:8a:5e:e4:66:11:9f:a9:aa:2e:d5:
         84:8d:2d:11:d5:0d:0d:85:70:3c:bf:d7:6b:39:35:cd:6a:1b:
         08:e9:dd:02:53:49:78:54:90:d0:58:8c:b1:3f:f1:45:08:52:
         dd:c1:e0:66:3d:ac:86:0f:7d:c1:ff:d4:66:ef:cc:75:e0:22:
         47:39:4b:b1
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUWVFDkVV+KAAtwwu7qEJ5epxFUDEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA2MjMxMDU4NThaFw0yNzA2MjIxMTAzNThaMDMxMTAvBgNV
BAMTKDIzMDhEOEQyRTRFMEIzOUQzRkEzNTczMzc1NkFDREM3QTYwOTYwRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8aDcShI2Eq1IuHZCi+c1tbrjw
zAcCi/HAT+zPRCjkni0tE/xuT3IGPpXlQk1ir7fJvWwT6y8b6SsnX/RDNlhOfGpF
mVLU5Ac9dqL6gRufhRE60PrUmBpQezzKiAMLfKcJaHciR62aNJRVFf5KEvQW+Ebu
PRpV1R/y0cyUM5GthzvlkChkXvd2Kvr4G565GudRn/D20VzKMqJkqZE9He22/1ZN
qr4XJqFufEd+EwCnUH6PV0OVbCKFdIbako5Hsj2YMkKmflQnb54PuoyUm+V677w7
2Qbv/9fWw1xCX3pAYTn2WfbjZTwcpLNOvDWJPu0wqC08toammhsL6S9Ug8XjAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUIwjY0uTgs50/o1czdWrNx6YJYNcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTk3ODA2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gFcwDQYJKoZIhvcNAQELBQADggEBAJ/kUwpEH0Ixy1uJXlSOE1PQ8Dnhsf7pdrtQ
XkGaJGq/mtE/lXOFhWrsnIBUYbtGVoditMC/3X9XYM8+MlYyCzYzPWHNrrxFsqKJ
FuHUf5PcPkq6kdVdpJaYH2KUl+PFztXvWfW4Rd291qce+r17VVkFTOaWW8pA2a81
oyuTsekwSJ6jGRZgk2Fo5Dd5t0qVAXlke9SxDH2AU6I3kvP1BVhVAGV4ygRxIoIW
tjzedKL89pYTZoGU6jx0FBUMil7kZhGfqaou1YSNLRHVDQ2FcDy/12s5Nc1qGwjp
3QJTSXhUkNBYjLE/8UUIUt3B4GY9rIYPfcH/1GbvzHXgIkc5S7E=
-----END CERTIFICATE-----