Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197806.roa
File:                     AS197806.roa (raw, json)
Hash identifier:          t9008BE/4HXLd8vHmT0TGgT/Ib+p97DVLR0V7/51wmo=
Subject key identifier:   23:6F:49:D3:65:D4:36:40:81:3D:9B:E8:2D:8C:84:59:98:F7:F5:77
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       37E0BBF65B1B9827A9144CA5B9E72A3D3DEC520B
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197806.roa
Signing time:             Thu 14 May 2026 08:34:30 +0000
ROA not before:           Thu 14 May 2026 08:29:30 +0000
ROA not after:            Thu 13 May 2027 08:34:30 +0000
asID:                     197806
IP address blocks:        2a14:7580:5700::/40 maxlen: 40
                          2a14:7585:5000::/48 maxlen: 48
                          2a14:7585:a100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:e0:bb:f6:5b:1b:98:27:a9:14:4c:a5:b9:e7:2a:3d:3d:ec:52:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 14 08:29:30 2026 GMT
            Not After : May 13 08:34:30 2027 GMT
        Subject: CN=236F49D365D43640813D9BE82D8C845998F7F577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:75:ef:e6:04:eb:aa:b3:de:97:1f:d5:ac:95:
                    e0:09:a0:d0:11:7c:2b:d4:3f:bf:6a:13:88:22:c8:
                    56:39:4c:0d:af:15:e2:96:fb:40:8d:89:04:a3:c0:
                    e7:66:9d:d3:bd:7c:dd:d3:45:72:1a:7b:1a:a8:22:
                    ca:68:5e:ff:bf:e4:17:f7:7e:ff:2b:c8:b6:42:83:
                    2e:67:93:f2:fb:13:a0:77:d9:f4:26:2b:7f:57:7c:
                    e3:56:ed:a1:56:ef:7f:b4:f9:de:86:88:00:e7:14:
                    f7:c4:f8:71:bc:20:9c:10:8d:e1:ce:21:3a:70:85:
                    45:3d:ec:d2:1f:19:41:fd:1f:db:7b:05:33:41:7d:
                    f3:88:5a:5e:60:65:c2:57:93:c4:c5:68:c0:4b:14:
                    d9:83:01:32:28:f1:82:d4:fc:0d:ec:b6:f3:52:27:
                    ab:3b:34:0e:62:e0:bb:bb:27:24:4a:af:8f:46:16:
                    13:8e:0f:ef:ef:37:06:e9:16:38:ca:8c:60:1e:5f:
                    40:ed:18:33:2b:27:c4:36:df:83:4e:f5:50:77:18:
                    e8:e2:f6:87:72:ce:40:28:d3:39:c9:06:64:e7:b9:
                    b4:a9:03:fa:03:1f:df:7c:15:ff:14:5d:62:5e:2a:
                    fb:b9:d4:a4:d6:96:dc:12:61:92:4e:1f:c2:a6:22:
                    bb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:6F:49:D3:65:D4:36:40:81:3D:9B:E8:2D:8C:84:59:98:F7:F5:77
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS197806.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:5700::/40
                  2a14:7585:5000::/48
                  2a14:7585:a100::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:14:f5:04:6a:60:16:8b:f6:84:8d:f8:7b:30:45:ee:7f:9e:
         71:5a:ab:e8:65:cd:8b:2b:8b:19:dd:1c:c8:1d:36:3c:0b:5d:
         4f:cb:bb:8c:7c:8d:f8:1b:90:d9:39:68:56:5e:5e:e3:11:f4:
         4e:f0:db:e5:8c:1e:89:b7:63:87:2a:df:97:bc:d2:e1:96:a4:
         87:5d:86:ca:0c:1b:0f:e2:74:3a:ff:c3:4d:45:0c:c8:87:3e:
         f8:9d:c5:61:50:a0:9d:cc:0b:eb:ee:3f:c8:3d:e5:20:9b:4c:
         06:3a:23:97:da:3a:a0:f3:c5:a8:ce:7d:6d:dc:6a:32:95:7b:
         44:aa:96:34:ba:00:dd:00:d8:dd:e8:7b:11:10:3d:e4:c8:44:
         90:77:ce:04:72:ab:89:5f:f9:96:02:23:f8:ef:11:42:e7:05:
         8e:02:54:9c:ad:ee:28:d7:e7:73:9a:24:47:6f:25:ab:26:5b:
         9a:83:bb:77:61:0c:10:41:7d:5f:11:60:31:27:e6:3c:c4:55:
         b8:7f:8a:b6:01:b7:b4:da:31:11:d8:4f:63:20:be:32:1d:f4:
         ae:2a:70:3b:56:44:86:c5:8b:f7:69:7e:cf:9f:ca:51:b5:34:
         85:f8:56:7c:6d:08:92:c8:4c:7e:4e:d9:39:19:f3:bd:0d:30:
         d6:d8:e1:9b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUN+C79lsbmCepFEyluecqPT3sUgswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MTQwODI5MzBaFw0yNzA1MTMwODM0MzBaMDMxMTAvBgNV
BAMTKDIzNkY0OUQzNjVENDM2NDA4MTNEOUJFODJEOEM4NDU5OThGN0Y1NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCade/mBOuqs96XH9WsleAJoNAR
fCvUP79qE4giyFY5TA2vFeKW+0CNiQSjwOdmndO9fN3TRXIaexqoIspoXv+/5Bf3
fv8ryLZCgy5nk/L7E6B32fQmK39XfONW7aFW73+0+d6GiADnFPfE+HG8IJwQjeHO
ITpwhUU97NIfGUH9H9t7BTNBffOIWl5gZcJXk8TFaMBLFNmDATIo8YLU/A3stvNS
J6s7NA5i4Lu7JyRKr49GFhOOD+/vNwbpFjjKjGAeX0DtGDMrJ8Q234NO9VB3GOji
9odyzkAo0znJBmTnubSpA/oDH998Ff8UXWJeKvu51KTWltwSYZJOH8KmIrvJAgMB
AAGjggIeMIICGjAdBgNVHQ4EFgQUI29J02XUNkCBPZvoLYyEWZj39XcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTk3ODA2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwYAKhR1
gFcDBwAqFHWFUAADBwAqFHWFoQAwDQYJKoZIhvcNAQELBQADggEBAF8U9QRqYBaL
9oSN+HswRe5/nnFaq+hlzYsrixndHMgdNjwLXU/Lu4x8jfgbkNk5aFZeXuMR9E7w
2+WMHom3Y4cq35e80uGWpIddhsoMGw/idDr/w01FDMiHPvidxWFQoJ3MC+vuP8g9
5SCbTAY6I5faOqDzxajOfW3cajKVe0SqljS6AN0A2N3oexEQPeTIRJB3zgRyq4lf
+ZYCI/jvEULnBY4CVJyt7ijX53OaJEdvJasmW5qDu3dhDBBBfV8RYDEn5jzEVbh/
irYBt7TaMRHYT2MgvjId9K4qcDtWRIbFi/dpfs+fylG1NIX4VnxtCJLITH5O2TkZ
870NMNbY4Zs=
-----END CERTIFICATE-----