Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS199550.roa
File:                     AS199550.roa (raw, json)
Hash identifier:          SAYBrdPfVneMF3yJ1GTXO/FZQDDTwPTb8JsgewY73Yc=
Subject key identifier:   D3:FF:6C:B6:80:19:32:68:C4:9F:5B:F6:16:B0:39:F7:4C:C9:81:72
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       39EFC5B0D78DB46B6ED39CE135C1B8FF80EF4A55
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS199550.roa
Signing time:             Wed 01 Jul 2026 11:11:26 +0000
ROA not before:           Wed 01 Jul 2026 11:06:26 +0000
ROA not after:            Wed 30 Jun 2027 11:11:26 +0000
asID:                     199550
IP address blocks:        51.146.18.0/24 maxlen: 24
                          51.146.22.0/24 maxlen: 24
                          51.146.244.0/24 maxlen: 24
                          51.146.245.0/24 maxlen: 24
                          51.241.194.0/24 maxlen: 24
                          51.241.200.0/24 maxlen: 24
                          51.241.209.0/24 maxlen: 24
                          51.241.218.0/24 maxlen: 24
                          188.220.72.0/22 maxlen: 24
                          188.220.104.0/22 maxlen: 24
                          188.221.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jul 2026 09:43:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:ef:c5:b0:d7:8d:b4:6b:6e:d3:9c:e1:35:c1:b8:ff:80:ef:4a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jul  1 11:06:26 2026 GMT
            Not After : Jun 30 11:11:26 2027 GMT
        Subject: CN=D3FF6CB680193268C49F5BF616B039F74CC98172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:91:ec:a9:9a:d8:01:8f:d9:3e:3b:27:c2:24:
                    7e:5e:bc:f4:02:13:0f:08:4f:82:38:47:35:a6:2a:
                    08:8f:65:7c:75:0d:ef:4b:37:66:f4:ea:6b:81:df:
                    1c:03:7e:ed:7c:4c:85:30:05:be:fc:19:f1:f0:85:
                    a8:e5:3d:21:9c:b9:d6:a7:21:fc:67:55:23:cd:3f:
                    8c:a3:6b:f8:54:ce:72:55:7e:98:65:71:1f:3b:ad:
                    3f:3d:42:b4:23:5d:9c:5f:62:d4:5d:93:1b:59:1b:
                    20:35:5a:10:09:6d:a6:a1:03:e1:86:15:d6:73:fd:
                    b3:5f:81:55:63:d8:50:2a:86:1d:43:39:b8:4a:55:
                    0a:d2:5f:fe:01:8b:aa:9f:1b:e6:40:1b:f0:79:03:
                    04:97:09:2e:fc:c8:56:f8:82:72:16:c6:39:eb:7c:
                    14:21:55:f5:df:62:97:1d:e4:e6:5d:91:5c:f0:c9:
                    e8:67:ab:3f:06:3a:c7:be:b4:a6:80:0b:9f:06:cf:
                    92:8b:1d:31:71:88:b6:ef:8d:fa:e0:07:90:0f:b3:
                    e6:ad:3a:8b:1c:12:c8:a3:22:b8:b1:be:f0:ef:f0:
                    c7:39:90:cd:f6:64:b6:35:74:1b:14:a8:89:b0:6f:
                    cd:72:25:a7:0f:ba:65:30:9d:1c:9e:61:00:70:d5:
                    37:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FF:6C:B6:80:19:32:68:C4:9F:5B:F6:16:B0:39:F7:4C:C9:81:72
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS199550.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.18.0/24
                  51.146.22.0/24
                  51.146.244.0/23
                  51.241.194.0/24
                  51.241.200.0/24
                  51.241.209.0/24
                  51.241.218.0/24
                  188.220.72.0/22
                  188.220.104.0/22
                  188.221.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:ee:07:93:41:5d:e6:46:2d:53:72:64:8b:9b:1e:87:14:08:
         71:d4:b6:2d:99:7b:bb:49:c1:a2:2a:36:e7:cf:6f:51:fb:84:
         58:67:46:30:1b:5c:7e:48:fc:eb:3b:12:88:dd:c9:3f:b1:9c:
         97:db:6e:fc:38:76:7a:38:f5:8f:3e:30:73:e5:de:c5:4b:9a:
         86:86:b0:aa:ae:c0:10:20:e2:36:42:61:a5:c9:bd:2e:73:0d:
         c8:b4:d5:48:c0:52:f5:9b:85:15:d1:1a:f8:80:c2:60:16:7d:
         50:3e:14:da:5a:bb:4d:c6:72:66:9f:92:dc:01:98:df:02:9c:
         cd:56:b9:26:c8:c4:ad:d3:13:d0:f9:e9:28:a6:84:ed:18:22:
         e2:e8:2a:73:7a:65:cb:8e:ea:8e:82:9a:64:6a:88:4d:12:b5:
         0c:7e:45:3f:02:3b:68:fa:8a:77:57:cc:6a:ef:00:9a:dd:30:
         2b:f8:ce:97:cc:ff:2a:94:12:de:03:67:0c:3d:b4:a3:e1:2f:
         96:19:f4:03:c3:e7:3b:94:08:95:a3:09:f5:35:cf:f1:fc:e5:
         79:ce:35:73:e1:0d:e6:bb:20:10:c0:72:14:a4:45:1d:ec:3a:
         b6:17:21:4a:a2:1a:26:c7:f1:62:8c:23:4f:4d:a3:22:95:99:
         cf:b5:2b:e1
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIUOe/FsNeNtGtu05zhNcG4/4DvSlUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA3MDExMTA2MjZaFw0yNzA2MzAxMTExMjZaMDMxMTAvBgNV
BAMTKEQzRkY2Q0I2ODAxOTMyNjhDNDlGNUJGNjE2QjAzOUY3NENDOTgxNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3keypmtgBj9k+OyfCJH5evPQC
Ew8IT4I4RzWmKgiPZXx1De9LN2b06muB3xwDfu18TIUwBb78GfHwhajlPSGcudan
IfxnVSPNP4yja/hUznJVfphlcR87rT89QrQjXZxfYtRdkxtZGyA1WhAJbaahA+GG
FdZz/bNfgVVj2FAqhh1DObhKVQrSX/4Bi6qfG+ZAG/B5AwSXCS78yFb4gnIWxjnr
fBQhVfXfYpcd5OZdkVzwyehnqz8GOse+tKaAC58Gz5KLHTFxiLbvjfrgB5APs+at
OoscEsijIrixvvDv8Mc5kM32ZLY1dBsUqImwb81yJacPumUwnRyeYQBw1Te5AgMB
AAGjggJAMIICPDAdBgNVHQ4EFgQU0/9stoAZMmjEn1v2FrA590zJgXIwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTk5NTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAM5IS
AwQAM5IWAwQBM5L0AwQAM/HCAwQAM/HIAwQAM/HRAwQAM/HaAwQCvNxIAwQCvNxo
AwQAvN3AMA0GCSqGSIb3DQEBCwUAA4IBAQB67geTQV3mRi1TcmSLmx6HFAhx1LYt
mXu7ScGiKjbnz29R+4RYZ0YwG1x+SPzrOxKI3ck/sZyX2278OHZ6OPWPPjBz5d7F
S5qGhrCqrsAQIOI2QmGlyb0ucw3ItNVIwFL1m4UV0Rr4gMJgFn1QPhTaWrtNxnJm
n5LcAZjfApzNVrkmyMSt0xPQ+ekopoTtGCLi6CpzemXLjuqOgppkaohNErUMfkU/
Ajto+op3V8xq7wCa3TAr+M6XzP8qlBLeA2cMPbSj4S+WGfQDw+c7lAiVown1Nc/x
/OV5zjVz4Q3muyAQwHIUpEUd7Dq2FyFKohomx/FijCNPTaMilZnPtSvh
-----END CERTIFICATE-----
Generated at Sun Jul 19 18:43:48 2026 by rpki-client