Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198487.roa
File:                     AS198487.roa (raw, json)
Hash identifier:          m+WuXEvKXQC1Z8n5VQCfzh5ozOLMv8EivZk4g90CSmI=
Subject key identifier:   28:9E:64:CA:94:C9:B9:A9:62:72:68:28:14:4E:AF:4C:E3:30:80:D3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       64CE6651A7DAC131A3615D14E76E5E080A19E680
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198487.roa
Signing time:             Tue 21 Apr 2026 09:37:58 +0000
ROA not before:           Tue 21 Apr 2026 09:32:58 +0000
ROA not after:            Tue 20 Apr 2027 09:37:58 +0000
asID:                     198487
IP address blocks:        95.134.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 07:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:ce:66:51:a7:da:c1:31:a3:61:5d:14:e7:6e:5e:08:0a:19:e6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 21 09:32:58 2026 GMT
            Not After : Apr 20 09:37:58 2027 GMT
        Subject: CN=289E64CA94C9B9A962726828144EAF4CE33080D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8d:cf:e1:6f:7c:ea:53:e3:68:db:31:7c:cb:
                    2c:17:6c:3c:33:79:cc:06:94:be:f9:65:8d:62:90:
                    66:14:60:32:50:ed:b5:04:14:5b:72:32:a8:b2:33:
                    22:90:52:b7:b1:fb:86:76:af:8f:68:6a:c0:5d:fc:
                    30:b7:85:00:8e:c4:eb:91:de:f9:06:61:66:1f:5a:
                    f1:d5:34:7c:0f:cd:bc:59:c2:b9:85:56:4e:78:35:
                    bf:de:1b:4e:2f:15:3f:1f:14:e1:55:c5:91:19:0d:
                    df:fa:ec:e8:16:37:a2:e9:d3:5b:42:13:58:2d:8b:
                    78:75:c1:83:e1:31:bb:8d:be:8b:a5:97:32:d7:8c:
                    f3:1d:8c:bd:b4:8c:3d:cd:22:bd:cc:cf:27:62:33:
                    db:e4:95:58:4c:1e:81:ed:8d:59:5d:3b:68:36:62:
                    6a:03:1f:b9:28:fa:8f:db:4a:9a:da:a3:e0:8f:dd:
                    5f:14:da:f9:07:db:11:41:8d:c0:42:ba:2f:3f:e3:
                    ad:e4:67:89:d8:fe:68:83:3a:7a:c9:9f:f1:f8:ea:
                    5a:b4:04:59:ba:2d:ef:df:45:28:65:e9:cb:ca:80:
                    f6:2f:30:88:af:9e:85:0e:98:a8:cb:a6:a9:f4:2f:
                    9b:77:cb:5e:4d:14:6e:94:09:73:d1:17:36:0a:27:
                    59:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:9E:64:CA:94:C9:B9:A9:62:72:68:28:14:4E:AF:4C:E3:30:80:D3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS198487.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:72:d2:5d:a4:88:83:26:50:22:8e:5d:b1:f6:59:e7:63:75:
         66:4b:a1:88:05:69:22:24:3e:80:02:b3:b6:f6:fb:38:f2:1d:
         75:1d:21:f3:c6:46:63:c1:e9:96:82:73:71:5a:b8:19:d6:df:
         48:95:60:15:f7:8f:57:ab:1b:5a:bf:98:6b:0d:89:b1:20:9e:
         14:5f:b1:9d:b1:79:df:1b:c8:23:dc:df:5a:74:2f:34:6a:ef:
         62:c0:11:d2:86:3d:62:77:99:ba:ce:5f:db:27:1d:24:d1:56:
         2a:3d:75:72:19:18:29:4d:e1:c6:76:e3:2e:42:55:e9:08:94:
         e9:69:86:06:79:20:21:71:26:b1:53:80:6c:d9:c9:8f:b1:d3:
         a6:17:23:90:51:49:30:41:ad:47:ec:8b:99:7d:ee:0d:50:48:
         82:19:93:a7:d2:6a:24:d2:77:2e:1b:15:7c:59:c3:e7:3e:bc:
         0c:6d:34:ff:9d:51:5f:63:0c:c5:5d:a7:ba:1b:cf:c5:5a:56:
         94:4b:8e:24:9a:f4:81:35:17:55:0d:21:05:40:c3:f7:83:c5:
         d4:e0:ee:a9:f2:79:4c:06:4c:f0:7e:df:35:13:46:02:a0:d9:
         7e:54:26:fa:6f:75:0b:6b:44:55:3b:9b:96:4b:fb:71:be:36:
         cd:16:66:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZM5mUafawTGjYV0U525eCAoZ5oAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjEwOTMyNThaFw0yNzA0MjAwOTM3NThaMDMxMTAvBgNV
BAMTKDI4OUU2NENBOTRDOUI5QTk2MjcyNjgyODE0NEVBRjRDRTMzMDgwRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDjc/hb3zqU+No2zF8yywXbDwz
ecwGlL75ZY1ikGYUYDJQ7bUEFFtyMqiyMyKQUrex+4Z2r49oasBd/DC3hQCOxOuR
3vkGYWYfWvHVNHwPzbxZwrmFVk54Nb/eG04vFT8fFOFVxZEZDd/67OgWN6Lp01tC
E1gti3h1wYPhMbuNvoullzLXjPMdjL20jD3NIr3MzydiM9vklVhMHoHtjVldO2g2
YmoDH7ko+o/bSprao+CP3V8U2vkH2xFBjcBCui8/463kZ4nY/miDOnrJn/H46lq0
BFm6Le/fRShl6cvKgPYvMIivnoUOmKjLpqn0L5t3y15NFG6UCXPRFzYKJ1khAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKJ5kypTJualicmgoFE6vTOMwgNMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk4NDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4Yf
MA0GCSqGSIb3DQEBCwUAA4IBAQB3ctJdpIiDJlAijl2x9lnnY3VmS6GIBWkiJD6A
ArO29vs48h11HSHzxkZjwemWgnNxWrgZ1t9IlWAV949Xqxtav5hrDYmxIJ4UX7Gd
sXnfG8gj3N9adC80au9iwBHShj1id5m6zl/bJx0k0VYqPXVyGRgpTeHGduMuQlXp
CJTpaYYGeSAhcSaxU4Bs2cmPsdOmFyOQUUkwQa1H7IuZfe4NUEiCGZOn0mok0ncu
GxV8WcPnPrwMbTT/nVFfYwzFXae6G8/FWlaUS44kmvSBNRdVDSEFQMP3g8XU4O6p
8nlMBkzwft81E0YCoNl+VCb6b3ULa0RVO5uWS/txvjbNFman
-----END CERTIFICATE-----