Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS219394.roa
File:                     AS219394.roa (raw, json)
Hash identifier:          Wu3HsjiwAGF8meAkn9rZZ/Oqp0zTCgJkpoguv8ZpQAc=
Subject key identifier:   C6:BF:20:69:98:F4:3E:50:3C:F8:86:8E:DE:C0:5B:2D:4C:2B:FB:29
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       4AB1619D731EEC5A9D10D6C2FB7240958B8CBF84
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS219394.roa
Signing time:             Mon 29 Jun 2026 15:21:30 +0000
ROA not before:           Mon 29 Jun 2026 15:16:30 +0000
ROA not after:            Mon 28 Jun 2027 15:21:30 +0000
asID:                     219394
IP address blocks:        188.220.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:b1:61:9d:73:1e:ec:5a:9d:10:d6:c2:fb:72:40:95:8b:8c:bf:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 29 15:16:30 2026 GMT
            Not After : Jun 28 15:21:30 2027 GMT
        Subject: CN=C6BF206998F43E503CF8868EDEC05B2D4C2BFB29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:03:66:d9:91:c7:95:87:84:4b:8c:cc:4f:1b:
                    9e:c6:a4:07:80:4e:04:dd:21:c5:ac:d8:1b:b4:a1:
                    e7:60:be:b8:ff:fc:58:70:14:19:be:9f:1a:3d:f6:
                    49:b2:40:b6:19:d9:9e:5c:43:4f:47:bc:c2:46:b6:
                    00:5f:9f:24:d7:00:fc:29:52:c8:22:15:83:6e:18:
                    8b:a2:1a:11:ad:f8:e4:c5:12:2f:60:28:7b:72:27:
                    86:53:cb:33:73:e5:5a:66:5a:18:ce:de:ef:ed:aa:
                    cc:e2:88:cf:86:9a:9a:09:f5:13:cd:c1:e7:74:57:
                    14:d7:c5:1a:d8:4a:82:38:e1:dd:20:c1:ea:0c:7d:
                    9a:49:46:a7:d7:28:58:e5:f1:8d:1c:69:ea:5d:cf:
                    4a:54:1b:03:9a:cf:20:26:bf:a4:2f:8a:e1:40:e4:
                    f9:e0:48:67:70:2e:7a:b4:59:c2:7f:ad:cf:56:39:
                    6c:11:9a:5a:c0:1d:53:8c:4f:4f:40:b0:ef:8f:2e:
                    7f:0d:92:11:5d:0f:b6:15:52:b9:66:2c:b2:c7:fa:
                    6d:7f:eb:92:11:81:8a:54:e9:5d:b1:7b:83:84:dd:
                    58:cf:ad:b4:c5:36:71:b1:59:9e:62:b0:78:2f:a8:
                    7b:30:c5:98:0d:f8:27:5c:38:8b:01:64:b7:9f:d6:
                    86:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:BF:20:69:98:F4:3E:50:3C:F8:86:8E:DE:C0:5B:2D:4C:2B:FB:29
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS219394.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:58:ce:74:7b:78:88:7f:af:4f:63:21:c1:57:c3:2f:72:2b:
         88:9d:e6:fb:4a:50:b6:10:ac:b4:1b:33:13:80:41:48:80:1f:
         bb:04:43:95:bd:e2:92:96:9e:d1:f3:41:ba:ca:76:06:12:1e:
         96:74:63:08:00:7b:66:b7:f6:2a:db:3a:18:eb:a3:31:34:28:
         ef:80:3c:ef:f5:b9:cc:49:d2:6f:39:46:1a:d5:dc:29:bf:4b:
         e2:e3:9e:39:fb:15:a7:81:e1:8c:cd:e1:92:6b:32:84:b1:e5:
         2e:c3:fa:8d:b5:2f:5c:5d:2e:70:e2:0e:e5:36:c3:74:58:47:
         58:1f:fc:06:31:bd:e2:61:15:89:7d:58:bf:e2:6a:fc:a8:b1:
         7b:56:0f:6e:ef:aa:52:ac:9a:51:98:5e:79:64:89:1b:d7:8b:
         68:cf:77:bd:7f:26:ba:bf:a5:45:fc:0a:72:84:49:82:3a:d8:
         a2:32:ad:67:9b:68:02:73:b4:33:70:60:b4:df:b1:e7:ed:25:
         28:dc:00:68:8a:1d:98:a6:14:92:c5:86:8c:85:6f:5c:b9:a9:
         d6:5c:33:b1:c0:72:68:33:23:b9:62:64:f8:13:95:1f:5d:8d:
         a4:6e:4b:56:f8:be:f4:e3:b9:b8:af:d5:90:0c:61:99:0f:39:
         da:4c:b5:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSrFhnXMe7FqdENbC+3JAlYuMv4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MjkxNTE2MzBaFw0yNzA2MjgxNTIxMzBaMDMxMTAvBgNV
BAMTKEM2QkYyMDY5OThGNDNFNTAzQ0Y4ODY4RURFQzA1QjJENEMyQkZCMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxA2bZkceVh4RLjMxPG57GpAeA
TgTdIcWs2Bu0oedgvrj//FhwFBm+nxo99kmyQLYZ2Z5cQ09HvMJGtgBfnyTXAPwp
UsgiFYNuGIuiGhGt+OTFEi9gKHtyJ4ZTyzNz5VpmWhjO3u/tqsziiM+GmpoJ9RPN
wed0VxTXxRrYSoI44d0gweoMfZpJRqfXKFjl8Y0caepdz0pUGwOazyAmv6QviuFA
5PngSGdwLnq0WcJ/rc9WOWwRmlrAHVOMT09AsO+PLn8NkhFdD7YVUrlmLLLH+m1/
65IRgYpU6V2xe4OE3VjPrbTFNnGxWZ5isHgvqHswxZgN+CdcOIsBZLef1obRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxr8gaZj0PlA8+IaO3sBbLUwr+ykwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjE5Mzk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNwj
MA0GCSqGSIb3DQEBCwUAA4IBAQBBWM50e3iIf69PYyHBV8MvciuIneb7SlC2EKy0
GzMTgEFIgB+7BEOVveKSlp7R80G6ynYGEh6WdGMIAHtmt/Yq2zoY66MxNCjvgDzv
9bnMSdJvOUYa1dwpv0vi4545+xWngeGMzeGSazKEseUuw/qNtS9cXS5w4g7lNsN0
WEdYH/wGMb3iYRWJfVi/4mr8qLF7Vg9u76pSrJpRmF55ZIkb14toz3e9fya6v6VF
/ApyhEmCOtiiMq1nm2gCc7QzcGC037Hn7SUo3ABoih2YphSSxYaMhW9cuanWXDOx
wHJoMyO5YmT4E5UfXY2kbktW+L7047m4r9WQDGGZDznaTLXt
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:55:28 2026 by rpki-client