Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198584.roa
File:                     AS198584.roa (raw, json)
Hash identifier:          mJZiKtFwXQBjTGyGujBXVDBt1DgY024KmFyEPfzoQfo=
Subject key identifier:   8C:10:EC:A0:7B:AC:E9:D8:14:DA:3F:76:5C:1F:06:96:A8:F1:AD:5F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       62A0710A236A7EA29505762977669F8D0FB92BE0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198584.roa
Signing time:             Fri 23 May 2025 07:52:56 +0000
ROA not before:           Fri 23 May 2025 07:47:56 +0000
ROA not after:            Fri 22 May 2026 07:52:56 +0000
asID:                     198584
IP address blocks:        141.11.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:a0:71:0a:23:6a:7e:a2:95:05:76:29:77:66:9f:8d:0f:b9:2b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 23 07:47:56 2025 GMT
            Not After : May 22 07:52:56 2026 GMT
        Subject: CN=8C10ECA07BACE9D814DA3F765C1F0696A8F1AD5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:08:76:c9:98:52:f4:a1:b9:8d:40:23:61:dc:
                    54:21:57:03:8b:30:b0:03:7d:a0:da:58:dc:19:fd:
                    83:12:bf:be:8d:d7:86:63:be:2b:c4:e1:1c:d7:43:
                    3a:f4:8e:70:6e:4c:ed:6e:1f:db:49:f7:42:9a:94:
                    a8:b7:c1:f5:9e:ac:d6:98:a0:8e:c9:43:25:7c:05:
                    c3:5c:67:09:5c:a4:00:04:43:d9:c1:3f:1f:73:2b:
                    20:87:ad:48:00:54:b0:85:b6:9c:ac:46:7f:3c:23:
                    e1:fc:f7:5e:85:b6:d3:36:11:3b:13:54:75:f0:a4:
                    14:a1:d8:58:64:0e:35:45:5a:03:aa:df:79:0d:f6:
                    39:f9:bf:fc:d7:78:d4:ce:7f:82:d5:a7:cd:be:4b:
                    7c:d8:65:82:cf:42:52:df:03:66:90:c6:c6:54:91:
                    60:62:d1:ca:36:c1:00:6c:be:39:cf:ff:46:43:c6:
                    84:88:fb:07:ff:94:d0:92:54:ec:00:2c:80:2c:48:
                    91:58:ec:1a:95:85:55:1a:f8:65:cd:cd:0b:f1:0f:
                    40:20:71:eb:75:fc:26:c8:7e:2c:6f:b4:d4:d2:84:
                    2c:cd:b7:5d:6b:58:c2:ef:7e:bf:1e:e5:97:88:21:
                    f8:42:6b:86:9c:1c:20:d6:e6:04:8b:45:ee:8d:1d:
                    02:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:10:EC:A0:7B:AC:E9:D8:14:DA:3F:76:5C:1F:06:96:A8:F1:AD:5F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198584.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:f7:87:10:cb:e2:f6:d1:08:74:8d:71:45:18:af:a3:19:9e:
         2f:0a:71:47:45:e9:16:8f:a6:e5:cc:8c:8e:be:4e:41:49:24:
         a4:f1:97:f3:64:c4:c4:1e:09:04:d7:b1:ec:3f:ae:c3:ee:94:
         c2:4b:12:ad:ef:58:65:5c:07:f5:f1:7f:62:65:9f:2b:06:87:
         85:31:8b:1c:f0:a1:34:ed:af:8d:3f:59:21:b9:24:89:e9:00:
         6d:3c:1e:dc:60:30:11:23:4c:1a:92:6b:36:c8:48:61:07:ed:
         83:20:2a:a0:7e:af:c0:b9:c4:0f:a2:e6:ca:5a:02:35:d1:2a:
         ee:ea:ce:ec:fe:3a:20:20:46:27:f1:4e:3c:7d:86:c7:2c:d3:
         e9:81:44:88:19:65:47:f4:61:37:1a:d0:19:72:dd:09:eb:49:
         62:57:29:8c:df:ca:43:7b:d5:be:ba:59:2e:27:67:cc:22:ab:
         00:6f:77:f4:f5:5e:89:06:79:17:df:9d:2b:70:4d:d4:01:e0:
         c0:de:28:fe:15:98:60:80:95:03:3b:a7:fb:14:f6:d0:59:0b:
         92:6b:81:c8:d9:f5:47:8f:b4:4e:2c:b0:0d:fb:c6:da:80:d0:
         00:d7:be:4a:d8:03:87:c9:73:8c:ba:05:8f:d0:dd:04:33:30:
         27:e3:0e:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYqBxCiNqfqKVBXYpd2afjQ+5K+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA1MjMwNzQ3NTZaFw0yNjA1MjIwNzUyNTZaMDMxMTAvBgNV
BAMTKDhDMTBFQ0EwN0JBQ0U5RDgxNERBM0Y3NjVDMUYwNjk2QThGMUFENUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtCHbJmFL0obmNQCNh3FQhVwOL
MLADfaDaWNwZ/YMSv76N14ZjvivE4RzXQzr0jnBuTO1uH9tJ90KalKi3wfWerNaY
oI7JQyV8BcNcZwlcpAAEQ9nBPx9zKyCHrUgAVLCFtpysRn88I+H8916FttM2ETsT
VHXwpBSh2FhkDjVFWgOq33kN9jn5v/zXeNTOf4LVp82+S3zYZYLPQlLfA2aQxsZU
kWBi0co2wQBsvjnP/0ZDxoSI+wf/lNCSVOwALIAsSJFY7BqVhVUa+GXNzQvxD0Ag
cet1/CbIfixvtNTShCzNt11rWMLvfr8e5ZeIIfhCa4acHCDW5gSLRe6NHQIbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjBDsoHus6dgU2j92XB8GlqjxrV8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk4NTg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsa
MA0GCSqGSIb3DQEBCwUAA4IBAQAX94cQy+L20Qh0jXFFGK+jGZ4vCnFHRekWj6bl
zIyOvk5BSSSk8ZfzZMTEHgkE17HsP67D7pTCSxKt71hlXAf18X9iZZ8rBoeFMYsc
8KE07a+NP1khuSSJ6QBtPB7cYDARI0wakms2yEhhB+2DICqgfq/AucQPoubKWgI1
0Sru6s7s/jogIEYn8U48fYbHLNPpgUSIGWVH9GE3GtAZct0J60liVymM38pDe9W+
ulkuJ2fMIqsAb3f09V6JBnkX350rcE3UAeDA3ij+FZhggJUDO6f7FPbQWQuSa4HI
2fVHj7ROLLAN+8bagNAA175K2AOHyXOMugWP0N0EMzAn4w5w
-----END CERTIFICATE-----