Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198487.roa
File:                     AS198487.roa (raw, json)
Hash identifier:          pW1ir8ItsDNWbOGrndhKXMAnojcREMJibgbYRLzOeWk=
Subject key identifier:   F7:3C:6D:2F:FC:58:79:6B:7A:9F:2D:B0:44:63:01:E8:34:FE:75:71
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7D5A9A5E77C1B005018BF5309C691C02978F375B
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198487.roa
Signing time:             Fri 05 Jun 2026 03:07:42 +0000
ROA not before:           Fri 05 Jun 2026 03:02:42 +0000
ROA not after:            Fri 04 Jun 2027 03:07:42 +0000
asID:                     198487
IP address blocks:        95.134.70.0/24 maxlen: 24
                          178.94.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:5a:9a:5e:77:c1:b0:05:01:8b:f5:30:9c:69:1c:02:97:8f:37:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  5 03:02:42 2026 GMT
            Not After : Jun  4 03:07:42 2027 GMT
        Subject: CN=F73C6D2FFC58796B7A9F2DB0446301E834FE7571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:58:81:f6:89:24:57:aa:27:e4:9e:72:f8:f0:
                    1b:46:53:aa:79:31:40:b6:c7:41:b5:6e:02:10:56:
                    f1:4a:d2:be:02:9c:f1:08:bc:e7:72:de:f7:59:b0:
                    f1:25:a0:b9:21:98:56:5d:49:80:cf:b4:77:85:0a:
                    f0:a7:d5:82:60:47:56:3a:94:d6:c3:97:b6:09:57:
                    fa:6b:f6:f0:f1:6b:12:20:8b:c0:1b:92:d5:04:a5:
                    00:8b:01:91:c9:00:10:fd:bd:8e:f3:1b:e9:f7:3e:
                    82:46:f6:18:e2:cb:3d:47:d4:83:c3:a9:4f:9e:4e:
                    cf:2e:cc:eb:f5:e9:8b:62:e8:d4:8f:6b:54:4e:22:
                    93:c1:27:ca:39:7a:f5:0b:8f:a0:51:ba:46:55:78:
                    06:f1:6d:ad:9a:5a:53:05:f0:3a:89:8d:92:5f:32:
                    3a:1d:e7:1c:4a:da:99:d8:89:eb:e0:02:b4:1a:1f:
                    99:1a:3c:fb:e7:52:63:d7:41:9c:35:87:9e:cc:8f:
                    e9:00:bb:d7:b2:ff:31:cd:44:01:61:69:46:8a:45:
                    37:89:24:cb:2f:9e:b8:b1:1f:dc:af:77:6e:85:66:
                    be:6f:79:f9:a7:7e:5c:93:a8:76:a8:51:ab:f7:ff:
                    4e:db:e0:a3:de:51:a9:02:18:4c:fa:3b:1a:85:30:
                    1c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:3C:6D:2F:FC:58:79:6B:7A:9F:2D:B0:44:63:01:E8:34:FE:75:71
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198487.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.70.0/24
                  178.94.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:4d:b8:fb:2a:ee:0f:2b:c0:f5:b9:97:dc:fc:d9:77:d9:8f:
         9d:32:32:81:d0:25:2e:3a:e3:88:9b:3d:69:09:16:90:48:0f:
         59:4c:11:91:ea:66:82:89:ad:8b:2d:5a:ce:05:db:ea:a5:2d:
         e1:c1:6b:b3:e6:5c:37:ec:c5:24:7d:45:09:88:1d:f0:e9:e7:
         4f:10:0b:62:a6:e1:6b:00:0d:21:f2:9e:99:43:1d:c8:f4:f6:
         9d:c4:c5:b3:7b:46:a9:37:31:da:a1:06:5f:fb:b6:68:26:ec:
         40:17:22:51:ae:44:45:62:85:ab:ff:49:7e:76:d7:5d:5e:9f:
         8a:13:6e:df:5d:2f:66:5f:3a:1c:0d:36:be:1d:fb:66:48:94:
         57:75:7c:be:1e:88:7c:28:18:44:40:30:87:c9:45:ff:7a:fd:
         49:9a:b5:6c:dc:29:9d:2c:b1:5e:b1:94:da:01:e7:52:30:94:
         af:00:da:47:c6:22:3e:2a:b9:3c:3a:86:0b:b8:5e:42:46:d1:
         49:c7:23:89:a1:02:29:4d:1a:a1:a0:37:28:92:ce:8b:c6:79:
         50:12:35:cc:16:51:e9:76:d7:b3:2f:b4:9e:ef:99:45:e8:aa:
         b7:70:ae:25:af:10:a9:6d:bb:64:55:5b:71:3c:91:cb:b4:fc:
         8e:d7:9c:9e
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUfVqaXnfBsAUBi/UwnGkcApePN1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDUwMzAyNDJaFw0yNzA2MDQwMzA3NDJaMDMxMTAvBgNV
BAMTKEY3M0M2RDJGRkM1ODc5NkI3QTlGMkRCMDQ0NjMwMUU4MzRGRTc1NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWIH2iSRXqifknnL48BtGU6p5
MUC2x0G1bgIQVvFK0r4CnPEIvOdy3vdZsPEloLkhmFZdSYDPtHeFCvCn1YJgR1Y6
lNbDl7YJV/pr9vDxaxIgi8AbktUEpQCLAZHJABD9vY7zG+n3PoJG9hjiyz1H1IPD
qU+eTs8uzOv16Yti6NSPa1ROIpPBJ8o5evULj6BRukZVeAbxba2aWlMF8DqJjZJf
Mjod5xxK2pnYievgArQaH5kaPPvnUmPXQZw1h57Mj+kAu9ey/zHNRAFhaUaKRTeJ
JMsvnrixH9yvd26FZr5vefmnflyTqHaoUav3/07b4KPeUakCGEz6OxqFMByLAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU9zxtL/xYeWt6ny2wRGMB6DT+dXEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk4NDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4ZG
AwQAsl67MA0GCSqGSIb3DQEBCwUAA4IBAQAkTbj7Ku4PK8D1uZfc/Nl32Y+dMjKB
0CUuOuOImz1pCRaQSA9ZTBGR6maCia2LLVrOBdvqpS3hwWuz5lw37MUkfUUJiB3w
6edPEAtipuFrAA0h8p6ZQx3I9PadxMWze0apNzHaoQZf+7ZoJuxAFyJRrkRFYoWr
/0l+dtddXp+KE27fXS9mXzocDTa+HftmSJRXdXy+Hoh8KBhEQDCHyUX/ev1JmrVs
3CmdLLFesZTaAedSMJSvANpHxiI+Krk8OoYLuF5CRtFJxyOJoQIpTRqhoDcoks6L
xnlQEjXMFlHpdtezL7Se75lF6Kq3cK4lrxCpbbtkVVtxPJHLtPyO15ye
-----END CERTIFICATE-----