Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS197537.roa
File:                     AS197537.roa (raw, json)
Hash identifier:          noPyyqDyLbuhS525IRyEeJZFARQ4F45SA6+9qQx9fBM=
Subject key identifier:   BD:D9:E9:5B:46:A5:FD:6F:6D:B3:EF:9C:69:F2:49:03:70:F3:28:5C
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       24C53878DCFFEDEE58FCB13F7C795D386F69A0E7
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS197537.roa
Signing time:             Thu 28 May 2026 14:40:50 +0000
ROA not before:           Thu 28 May 2026 14:35:50 +0000
ROA not after:            Thu 27 May 2027 14:40:50 +0000
asID:                     197537
IP address blocks:        188.220.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:c5:38:78:dc:ff:ed:ee:58:fc:b1:3f:7c:79:5d:38:6f:69:a0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May 28 14:35:50 2026 GMT
            Not After : May 27 14:40:50 2027 GMT
        Subject: CN=BDD9E95B46A5FD6F6DB3EF9C69F2490370F3285C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2d:0a:c1:de:4a:fc:a8:5a:2c:09:ec:c8:1b:
                    23:53:03:28:30:18:16:37:35:cc:42:85:cb:d3:d5:
                    f0:51:07:61:f6:19:b7:fa:54:4d:5c:e6:cb:23:e5:
                    ad:28:6c:f1:f6:39:1f:f0:e2:e3:a0:c5:f4:e3:1f:
                    f2:9d:a7:4a:55:0d:64:46:17:4b:f8:3a:7e:0d:25:
                    d1:eb:3f:b5:30:d2:ef:5b:5c:7c:b3:40:1c:87:7b:
                    19:d1:a2:26:fd:69:ab:d8:e2:0a:3c:1f:40:4b:06:
                    80:23:49:ea:28:7a:46:6c:e9:99:43:c5:12:fd:54:
                    a7:e3:65:b8:f3:c6:6e:63:cd:fe:08:1d:3a:fc:69:
                    ee:17:43:6e:50:5a:ab:11:00:66:1e:55:e1:6f:96:
                    f6:50:53:7b:0a:65:02:11:b1:c1:88:33:7a:7b:21:
                    6b:47:2c:83:be:a6:45:6d:a0:ed:93:e9:f2:55:86:
                    91:4d:ae:eb:51:a7:23:0e:dc:69:14:6c:3d:c0:ae:
                    50:f6:01:68:74:26:97:3a:a6:bb:91:47:90:f6:69:
                    86:41:96:57:6d:bb:66:59:1a:43:da:f4:0c:98:18:
                    ec:0b:0e:9f:85:74:a8:78:bd:4e:cb:8d:8c:32:cb:
                    46:61:7a:1f:76:8a:b9:f5:c6:f5:bd:8d:de:03:43:
                    4f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D9:E9:5B:46:A5:FD:6F:6D:B3:EF:9C:69:F2:49:03:70:F3:28:5C
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS197537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:2a:76:b7:ed:7f:d3:e1:19:09:88:e3:15:bb:32:9e:6a:1e:
         0f:40:1a:f0:3e:2d:35:5d:83:e5:de:0e:16:01:8b:32:1f:a2:
         29:06:75:11:ba:e5:b0:be:7f:a0:ec:33:6c:cc:f9:8a:7d:d2:
         fe:93:0d:0c:6c:0e:2f:76:8f:53:52:ee:d7:50:1a:7a:7d:fc:
         fb:55:06:6d:1a:5c:70:01:77:03:c2:ad:0f:c0:02:ad:91:e4:
         61:f7:0f:43:08:87:3a:dc:26:aa:90:cd:11:81:de:be:63:df:
         1e:2e:29:63:9e:9a:93:94:0b:c3:68:b4:8a:ff:0d:2a:47:95:
         6d:ea:be:1a:1a:2e:ce:4e:46:81:ae:94:13:ab:64:03:c5:50:
         55:82:2d:b0:19:f2:de:bd:54:41:fb:fe:f9:10:b8:c5:6e:39:
         ae:3b:f9:33:bd:3a:45:a3:5d:34:96:80:dc:42:7e:f1:9e:c5:
         63:11:68:81:7d:bf:51:82:1c:ad:ee:1a:d2:d1:db:71:5b:1f:
         9a:70:a9:25:1b:6e:e0:99:b9:24:42:9b:78:94:86:6c:91:a4:
         e7:f7:36:93:9b:f3:32:17:e6:f6:8a:32:ef:5f:00:a6:9e:9c:
         2d:08:5e:41:a5:c8:2a:59:c7:84:a4:ae:a9:90:70:39:2f:d1:
         b4:49:11:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJMU4eNz/7e5Y/LE/fHldOG9poOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjgxNDM1NTBaFw0yNzA1MjcxNDQwNTBaMDMxMTAvBgNV
BAMTKEJERDlFOTVCNDZBNUZENkY2REIzRUY5QzY5RjI0OTAzNzBGMzI4NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmLQrB3kr8qFosCezIGyNTAygw
GBY3NcxChcvT1fBRB2H2Gbf6VE1c5ssj5a0obPH2OR/w4uOgxfTjH/Kdp0pVDWRG
F0v4On4NJdHrP7Uw0u9bXHyzQByHexnRoib9aavY4go8H0BLBoAjSeooekZs6ZlD
xRL9VKfjZbjzxm5jzf4IHTr8ae4XQ25QWqsRAGYeVeFvlvZQU3sKZQIRscGIM3p7
IWtHLIO+pkVtoO2T6fJVhpFNrutRpyMO3GkUbD3ArlD2AWh0Jpc6pruRR5D2aYZB
lldtu2ZZGkPa9AyYGOwLDp+FdKh4vU7LjYwyy0Zheh92irn1xvW9jd4DQ08nAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvdnpW0al/W9ts++cafJJA3DzKFwwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTk3NTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvNwo
MA0GCSqGSIb3DQEBCwUAA4IBAQCCKna37X/T4RkJiOMVuzKeah4PQBrwPi01XYPl
3g4WAYsyH6IpBnURuuWwvn+g7DNszPmKfdL+kw0MbA4vdo9TUu7XUBp6ffz7VQZt
GlxwAXcDwq0PwAKtkeRh9w9DCIc63CaqkM0Rgd6+Y98eLiljnpqTlAvDaLSK/w0q
R5Vt6r4aGi7OTkaBrpQTq2QDxVBVgi2wGfLevVRB+/75ELjFbjmuO/kzvTpFo100
loDcQn7xnsVjEWiBfb9Rghyt7hrS0dtxWx+acKklG27gmbkkQpt4lIZskaTn9zaT
m/MyF+b2ijLvXwCmnpwtCF5BpcgqWceEpK6pkHA5L9G0SREM
-----END CERTIFICATE-----