Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198810.roa
File:                     AS198810.roa (raw, json)
Hash identifier:          94GOAmDGxgmFKnX4JBQo72Igj5UEsLLlUoVdff0P1e0=
Subject key identifier:   28:01:4C:24:5C:8F:67:1B:E5:9E:4D:90:8E:E6:E8:7B:8F:25:AE:BA
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       32E494556D50B1454A65989B24EEEDB521C8B5A3
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198810.roa
Signing time:             Wed 13 May 2026 06:06:03 +0000
ROA not before:           Wed 13 May 2026 06:01:03 +0000
ROA not after:            Wed 12 May 2027 06:06:03 +0000
asID:                     198810
IP address blocks:        141.11.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 13:18:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e4:94:55:6d:50:b1:45:4a:65:98:9b:24:ee:ed:b5:21:c8:b5:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 13 06:01:03 2026 GMT
            Not After : May 12 06:06:03 2027 GMT
        Subject: CN=28014C245C8F671BE59E4D908EE6E87B8F25AEBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:62:68:03:2e:76:61:4f:18:21:50:d2:ba:ab:
                    67:94:1c:b0:c8:e9:28:58:a2:31:99:23:79:b4:c6:
                    7f:a6:92:31:3b:30:20:aa:cb:df:55:cd:7e:13:d5:
                    22:31:08:91:47:87:dd:80:6f:d4:de:c6:57:b2:1b:
                    8c:ae:67:30:ea:99:25:00:cf:75:29:ea:c0:41:fd:
                    d9:e0:e6:80:54:51:5d:0e:29:fe:ad:fe:42:52:99:
                    f4:e4:50:3f:4e:fc:52:d5:ed:39:ad:27:e1:b0:c7:
                    7a:a4:0c:f6:55:c7:d7:fd:8e:34:74:3e:60:f9:9b:
                    01:ab:d8:a4:ef:68:18:a9:e8:0e:28:a3:6b:20:fd:
                    4e:51:b5:10:51:90:53:32:4f:69:98:cb:2e:80:17:
                    e3:f3:dd:5e:af:0d:3d:eb:fa:00:29:b7:b5:66:0d:
                    38:81:7d:ec:55:b3:ad:bd:2b:04:70:7e:b1:f3:64:
                    a2:53:ce:29:8b:93:26:80:70:0e:f4:60:72:a2:4b:
                    b4:08:05:49:64:68:a2:96:8a:b5:a7:4c:5d:48:f4:
                    d7:2b:48:d9:fe:ef:dd:e3:0c:b2:ae:0f:f1:99:8a:
                    4e:7b:69:60:33:c3:30:f4:31:f4:38:31:6a:9d:04:
                    c0:13:b3:44:9b:56:8f:1a:9b:a0:0e:e4:cc:38:ad:
                    6d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:01:4C:24:5C:8F:67:1B:E5:9E:4D:90:8E:E6:E8:7B:8F:25:AE:BA
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:8d:82:0a:24:66:e6:e5:08:63:2b:d4:e7:c3:a9:e6:33:d6:
         95:b2:d2:67:e5:3b:4b:1b:3a:47:eb:9c:c2:36:ab:0f:d5:b5:
         ed:e5:78:dc:54:fb:a8:10:92:8b:ba:e7:52:6e:0d:26:26:5c:
         67:68:55:65:d8:47:65:a7:f4:54:13:25:57:a2:5d:cc:98:ce:
         c0:f0:de:91:43:80:52:84:12:a2:81:74:8b:b0:c1:df:75:44:
         cb:e0:cd:53:b3:f3:84:6e:d8:e1:67:05:57:1e:04:17:e9:d5:
         09:3e:46:ea:48:9d:b7:63:f6:1e:51:e8:69:27:85:e3:15:d8:
         a9:1a:1e:b6:1e:99:2a:66:5f:c3:38:f7:0e:e1:fc:7c:1b:ae:
         b1:79:98:e3:23:74:9f:82:27:16:79:f0:3f:7d:7a:f9:38:47:
         84:31:dc:c3:a4:14:1c:3b:67:25:0e:39:59:cf:0f:f7:e7:2f:
         74:38:99:01:4e:d1:94:cd:2c:b2:ce:38:36:ae:bd:f6:d7:a5:
         5a:cc:c8:00:ed:4f:bd:e0:30:f2:11:3c:21:c3:3e:d0:c5:39:
         f1:94:d0:70:55:76:50:44:61:d0:25:53:36:2b:cd:1c:22:ce:
         e7:31:55:a1:81:44:e5:3d:07:f8:59:84:8e:3b:c9:c7:9d:a4:
         d5:0a:a4:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMuSUVW1QsUVKZZibJO7ttSHItaMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MTMwNjAxMDNaFw0yNzA1MTIwNjA2MDNaMDMxMTAvBgNV
BAMTKDI4MDE0QzI0NUM4RjY3MUJFNTlFNEQ5MDhFRTZFODdCOEYyNUFFQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuYmgDLnZhTxghUNK6q2eUHLDI
6ShYojGZI3m0xn+mkjE7MCCqy99VzX4T1SIxCJFHh92Ab9TexleyG4yuZzDqmSUA
z3Up6sBB/dng5oBUUV0OKf6t/kJSmfTkUD9O/FLV7TmtJ+Gwx3qkDPZVx9f9jjR0
PmD5mwGr2KTvaBip6A4oo2sg/U5RtRBRkFMyT2mYyy6AF+Pz3V6vDT3r+gApt7Vm
DTiBfexVs629KwRwfrHzZKJTzimLkyaAcA70YHKiS7QIBUlkaKKWirWnTF1I9Ncr
SNn+793jDLKuD/GZik57aWAzwzD0MfQ4MWqdBMATs0SbVo8am6AO5Mw4rW1VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKAFMJFyPZxvlnk2Qjuboe48lrrowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk4ODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvT
MA0GCSqGSIb3DQEBCwUAA4IBAQAsjYIKJGbm5QhjK9Tnw6nmM9aVstJn5TtLGzpH
65zCNqsP1bXt5XjcVPuoEJKLuudSbg0mJlxnaFVl2Edlp/RUEyVXol3MmM7A8N6R
Q4BShBKigXSLsMHfdUTL4M1Ts/OEbtjhZwVXHgQX6dUJPkbqSJ23Y/YeUehpJ4Xj
FdipGh62HpkqZl/DOPcO4fx8G66xeZjjI3SfgicWefA/fXr5OEeEMdzDpBQcO2cl
DjlZzw/35y90OJkBTtGUzSyyzjg2rr3216VazMgA7U+94DDyETwhwz7QxTnxlNBw
VXZQRGHQJVM2K80cIs7nMVWhgUTlPQf4WYSOO8nHnaTVCqRu
-----END CERTIFICATE-----