Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198087.roa
File:                     AS198087.roa (raw, json)
Hash identifier:          U6/GXel5FKXMc4kRCeTnhBYufugGTmHmQYifbUwR0As=
Subject key identifier:   B7:A7:92:35:B6:07:1C:1A:29:30:AC:90:F0:95:DC:51:1D:6B:7C:F4
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7AAACE6863A501399EEE450A2006B925BF353669
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198087.roa
Signing time:             Thu 19 Mar 2026 12:15:31 +0000
ROA not before:           Thu 19 Mar 2026 12:10:31 +0000
ROA not after:            Thu 18 Mar 2027 12:15:31 +0000
asID:                     198087
IP address blocks:        46.203.33.0/24 maxlen: 24
                          178.95.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:aa:ce:68:63:a5:01:39:9e:ee:45:0a:20:06:b9:25:bf:35:36:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 19 12:10:31 2026 GMT
            Not After : Mar 18 12:15:31 2027 GMT
        Subject: CN=B7A79235B6071C1A2930AC90F095DC511D6B7CF4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:28:39:93:7c:b5:24:7f:56:5b:06:c2:a3:14:
                    30:50:88:8b:60:4b:0e:2e:f7:14:57:1d:69:fd:9c:
                    e5:c8:4f:05:09:b0:b9:ef:b2:e0:ed:2c:22:70:e8:
                    bf:20:82:cb:63:5b:d7:d6:0f:8f:ae:8e:5b:1a:b5:
                    ea:0f:92:c1:0f:b5:55:c9:dc:a4:f8:8d:e1:34:c2:
                    e1:0e:45:3d:ae:57:b6:82:7d:55:c4:58:56:1b:8e:
                    06:13:04:a7:29:39:35:93:83:6c:83:83:63:07:81:
                    ab:b9:64:56:57:a1:43:10:01:50:bf:b0:af:7f:d8:
                    ab:f8:a2:cd:8a:78:89:af:ab:47:08:74:27:71:22:
                    1f:9e:77:c4:e7:18:6c:8f:a2:f1:26:6a:3a:b4:17:
                    73:8e:d0:e2:15:b5:57:7b:0f:f2:73:fe:69:5f:32:
                    29:b8:94:90:e6:9c:1f:61:fe:bc:a0:93:71:f7:1d:
                    17:2d:e1:f7:20:b7:4c:8f:8e:bb:87:45:77:8b:9a:
                    59:0b:d5:3c:4b:05:b8:2e:3a:6d:f9:2b:63:fe:75:
                    1e:4a:d8:86:a2:00:ee:17:40:ee:8d:6a:8f:b0:58:
                    14:16:95:99:3c:38:c1:c3:f0:9e:07:45:2a:db:98:
                    f1:94:67:08:b3:21:52:92:de:24:3a:d7:8f:78:0c:
                    8f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:A7:92:35:B6:07:1C:1A:29:30:AC:90:F0:95:DC:51:1D:6B:7C:F4
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198087.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.33.0/24
                  178.95.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:52:4a:cf:cd:70:e7:97:19:16:d6:1d:01:4a:c0:34:39:c0:
         bb:c9:1f:06:00:56:3a:45:74:9d:00:00:c9:68:af:7b:7d:25:
         90:8e:bd:40:6b:06:8d:70:9b:c3:ed:8a:63:5e:50:c5:9e:0e:
         f0:20:57:42:b9:c9:d6:dd:9f:e5:4d:c7:c7:c4:a2:53:45:e4:
         82:26:55:ed:9e:98:ae:73:1b:e8:13:f3:bb:8e:7b:66:41:5b:
         84:05:f3:62:27:50:00:8c:9f:ac:52:65:1e:a1:8d:5a:f0:3d:
         74:80:ff:32:1b:f6:d0:41:86:e8:0c:8d:34:86:5c:45:d1:2e:
         16:7f:ed:f2:84:b7:86:67:dc:4c:eb:99:f0:26:17:bd:0d:ee:
         e2:b6:d9:98:2f:23:44:94:b7:04:0b:c8:53:f2:98:c9:df:6d:
         ac:06:db:57:08:2a:c6:e7:9c:f6:ec:87:68:3f:f1:bb:3a:c6:
         97:f4:6e:18:2a:e1:74:82:a3:2b:8c:af:32:66:e9:d8:dd:a3:
         dc:03:94:4e:90:1b:c4:8f:9b:59:79:2a:00:5e:e7:61:d0:6e:
         05:37:fc:87:32:10:ed:e9:62:c7:65:1d:85:75:c4:8b:66:35:
         70:bd:bc:18:b7:3a:8c:c8:b0:af:fa:0f:a9:1c:b9:0c:6c:1c:
         fd:1d:6c:47
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUeqrOaGOlATme7kUKIAa5Jb81NmkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMTkxMjEwMzFaFw0yNzAzMTgxMjE1MzFaMDMxMTAvBgNV
BAMTKEI3QTc5MjM1QjYwNzFDMUEyOTMwQUM5MEYwOTVEQzUxMUQ2QjdDRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfKDmTfLUkf1ZbBsKjFDBQiItg
Sw4u9xRXHWn9nOXITwUJsLnvsuDtLCJw6L8ggstjW9fWD4+ujlsateoPksEPtVXJ
3KT4jeE0wuEORT2uV7aCfVXEWFYbjgYTBKcpOTWTg2yDg2MHgau5ZFZXoUMQAVC/
sK9/2Kv4os2KeImvq0cIdCdxIh+ed8TnGGyPovEmajq0F3OO0OIVtVd7D/Jz/mlf
Mim4lJDmnB9h/rygk3H3HRct4fcgt0yPjruHRXeLmlkL1TxLBbguOm35K2P+dR5K
2IaiAO4XQO6Nao+wWBQWlZk8OMHD8J4HRSrbmPGUZwizIVKS3iQ61494DI+5AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUt6eSNbYHHBopMKyQ8JXcUR1rfPQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk4MDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALssh
AwQAsl8IMA0GCSqGSIb3DQEBCwUAA4IBAQChUkrPzXDnlxkW1h0BSsA0OcC7yR8G
AFY6RXSdAADJaK97fSWQjr1AawaNcJvD7YpjXlDFng7wIFdCucnW3Z/lTcfHxKJT
ReSCJlXtnpiucxvoE/O7jntmQVuEBfNiJ1AAjJ+sUmUeoY1a8D10gP8yG/bQQYbo
DI00hlxF0S4Wf+3yhLeGZ9xM65nwJhe9De7ittmYLyNElLcEC8hT8pjJ322sBttX
CCrG55z27IdoP/G7OsaX9G4YKuF0gqMrjK8yZunY3aPcA5ROkBvEj5tZeSoAXudh
0G4FN/yHMhDt6WLHZR2FdcSLZjVwvbwYtzqMyLCv+g+pHLkMbBz9HWxH
-----END CERTIFICATE-----