Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199176.roa
File:                     AS199176.roa (raw, json)
Hash identifier:          YLXi1sQDYWDO+NO5ERarDOuRM9ZilTBR7MymfEtEPdM=
Subject key identifier:   8D:86:8A:5F:82:03:CC:22:A4:33:DE:84:E9:9E:5C:90:EB:49:16:E7
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1B847F7C0B23DE91778F1EAE31116FE600A00CE7
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199176.roa
Signing time:             Sat 02 May 2026 16:27:04 +0000
ROA not before:           Sat 02 May 2026 16:22:04 +0000
ROA not after:            Sat 01 May 2027 16:27:04 +0000
asID:                     199176
IP address blocks:        178.95.48.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:84:7f:7c:0b:23:de:91:77:8f:1e:ae:31:11:6f:e6:00:a0:0c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  2 16:22:04 2026 GMT
            Not After : May  1 16:27:04 2027 GMT
        Subject: CN=8D868A5F8203CC22A433DE84E99E5C90EB4916E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:dc:50:08:d2:06:1d:b4:0a:18:67:61:69:87:
                    84:a1:90:35:17:dd:c8:08:ef:ad:a9:fd:4b:a9:7c:
                    fd:79:ae:75:fb:64:b5:ec:c2:87:f2:47:5c:f9:2d:
                    ee:e3:c6:b3:50:86:87:b3:aa:93:8a:f0:f7:72:d2:
                    af:22:34:c4:57:a4:9b:fe:10:0b:33:f6:1c:1a:bc:
                    4b:4f:d8:5e:b0:54:8b:98:51:25:bd:de:0f:77:9a:
                    af:38:cd:97:6b:10:dd:2b:90:55:d2:62:f6:0c:60:
                    27:13:8c:8c:0d:7c:03:57:69:6f:63:55:61:21:0f:
                    89:5d:53:02:86:16:66:ac:85:30:33:df:7e:4d:ce:
                    3e:7d:62:ee:fb:81:f9:df:2f:53:bf:89:90:99:13:
                    30:cc:b4:39:26:06:35:6e:7d:32:1d:f1:83:6a:d1:
                    db:cd:57:9d:70:8a:8e:7f:16:b7:ae:39:22:7b:58:
                    fb:88:1a:65:82:72:c7:60:24:9c:28:6e:ad:21:7f:
                    2f:de:1c:97:61:38:c6:5e:56:44:b0:c1:0f:e8:00:
                    ca:c2:11:f4:7a:ee:ea:ca:5b:35:2a:34:2b:aa:66:
                    e5:a8:83:5c:93:76:fc:3f:30:ba:d5:a0:fc:c4:26:
                    b9:af:c1:f0:dd:80:1b:7b:4e:ea:71:4b:33:dc:d8:
                    76:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:86:8A:5F:82:03:CC:22:A4:33:DE:84:E9:9E:5C:90:EB:49:16:E7
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199176.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:60:99:bd:0d:53:3d:db:64:cc:38:df:4f:6b:bb:f2:1c:91:
         7d:1e:5b:47:fa:40:ae:35:86:52:ab:d6:11:4c:de:41:f7:c6:
         38:ec:bc:cc:5e:74:3f:93:b7:5e:b8:c1:89:3c:c1:6d:b3:e7:
         4a:4c:95:df:11:a9:06:39:fb:36:5b:ff:e8:50:0d:af:0e:25:
         20:cc:97:e3:e9:e0:18:94:c5:e1:30:8e:0b:5e:72:14:f3:08:
         33:b8:89:9f:0c:07:b5:37:9b:c3:2b:81:96:99:92:d5:be:73:
         aa:00:d1:ac:08:99:0c:fd:d7:c6:18:91:63:c8:fe:f3:e8:a5:
         b5:ef:f5:48:70:62:9d:f0:92:7c:65:f1:db:ed:23:f8:03:0b:
         11:e5:8e:f8:d3:aa:09:ef:01:4b:f6:fb:9c:e9:db:49:f7:8c:
         fe:6b:22:10:ed:bb:97:74:56:ab:61:77:db:fc:d0:27:c3:ba:
         ba:e4:64:f7:ec:86:d0:89:1f:19:55:2e:39:29:05:3b:fd:9d:
         7c:cd:ee:fc:c9:f0:3a:01:2a:bd:8e:a4:dc:ed:e1:95:29:b9:
         6b:41:39:ec:08:62:81:84:85:50:e2:8f:5e:5c:21:0b:21:27:
         cc:76:a1:21:49:af:5a:31:53:46:9d:64:60:2a:9e:7a:28:b9:
         ef:40:93:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUG4R/fAsj3pF3jx6uMRFv5gCgDOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDIxNjIyMDRaFw0yNzA1MDExNjI3MDRaMDMxMTAvBgNV
BAMTKDhEODY4QTVGODIwM0NDMjJBNDMzREU4NEU5OUU1QzkwRUI0OTE2RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv3FAI0gYdtAoYZ2Fph4ShkDUX
3cgI762p/UupfP15rnX7ZLXswofyR1z5Le7jxrNQhoezqpOK8Pdy0q8iNMRXpJv+
EAsz9hwavEtP2F6wVIuYUSW93g93mq84zZdrEN0rkFXSYvYMYCcTjIwNfANXaW9j
VWEhD4ldUwKGFmashTAz335Nzj59Yu77gfnfL1O/iZCZEzDMtDkmBjVufTId8YNq
0dvNV51wio5/FreuOSJ7WPuIGmWCcsdgJJwobq0hfy/eHJdhOMZeVkSwwQ/oAMrC
EfR67urKWzUqNCuqZuWog1yTdvw/MLrVoPzEJrmvwfDdgBt7TupxSzPc2HYxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjYaKX4IDzCKkM96E6Z5ckOtJFucwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk5MTc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsl8w
MA0GCSqGSIb3DQEBCwUAA4IBAQCBYJm9DVM922TMON9Pa7vyHJF9HltH+kCuNYZS
q9YRTN5B98Y47LzMXnQ/k7deuMGJPMFts+dKTJXfEakGOfs2W//oUA2vDiUgzJfj
6eAYlMXhMI4LXnIU8wgzuImfDAe1N5vDK4GWmZLVvnOqANGsCJkM/dfGGJFjyP7z
6KW17/VIcGKd8JJ8ZfHb7SP4AwsR5Y7406oJ7wFL9vuc6dtJ94z+ayIQ7buXdFar
YXfb/NAnw7q65GT37IbQiR8ZVS45KQU7/Z18ze78yfA6ASq9jqTc7eGVKblrQTns
CGKBhIVQ4o9eXCELISfMdqEhSa9aMVNGnWRgKp56KLnvQJPS
-----END CERTIFICATE-----