Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199414.roa
File:                     AS199414.roa (raw, json)
Hash identifier:          cKXWeU3uPS3SqGVIiXJikkE4f1/8a92mmVMakp/Ks8Y=
Subject key identifier:   2A:DA:B2:76:A3:A0:68:10:68:64:A0:E7:E7:7A:A0:45:A5:ED:52:CB
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3BF960FE10E3D6DE4761CD77AE95F90D2A77547C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199414.roa
Signing time:             Sun 31 Aug 2025 20:54:46 +0000
ROA not before:           Sun 31 Aug 2025 20:49:46 +0000
ROA not after:            Sun 30 Aug 2026 20:54:46 +0000
asID:                     199414
IP address blocks:        95.134.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:f9:60:fe:10:e3:d6:de:47:61:cd:77:ae:95:f9:0d:2a:77:54:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 31 20:49:46 2025 GMT
            Not After : Aug 30 20:54:46 2026 GMT
        Subject: CN=2ADAB276A3A068106864A0E7E77AA045A5ED52CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:65:d8:4c:4c:02:c0:07:31:04:1f:89:33:d9:
                    fe:54:77:36:ad:3f:c7:67:63:1b:ee:36:83:3a:d3:
                    31:d1:f8:d6:0b:28:d9:9b:3a:57:55:36:20:91:14:
                    4e:e1:17:c5:51:40:e1:b3:b3:7e:18:d9:e5:4e:df:
                    97:7b:3a:9e:f9:44:3f:06:88:a3:cc:24:e3:14:99:
                    cd:09:38:93:04:5f:e0:9f:3e:d1:f6:ad:e8:a0:64:
                    b0:37:1d:b3:5f:e8:c3:df:ce:0e:4f:28:96:f1:f5:
                    cc:e4:60:71:ce:b9:a4:b6:28:77:39:3b:a3:8f:dd:
                    96:74:b8:0e:56:cc:db:e0:b5:20:d0:25:b3:ea:0e:
                    9f:9a:c5:5f:30:46:b7:6e:24:1f:2e:92:da:96:17:
                    23:8a:49:00:d2:92:fc:b0:6f:9f:1d:68:4e:70:15:
                    21:69:24:08:3a:7d:6f:9a:df:b1:03:41:07:6d:fa:
                    3d:1b:88:5c:ad:3b:36:e0:08:96:14:11:6c:44:b3:
                    25:92:ab:b9:4f:32:02:d6:de:a7:8a:9e:d2:24:7e:
                    ba:2f:52:3e:c4:e0:48:c8:8a:ad:2e:27:24:5c:1e:
                    83:be:db:b0:ac:00:7d:af:ad:cd:e0:d0:5f:32:a0:
                    06:2b:3f:7e:e3:1b:6b:46:47:a9:b3:a4:53:46:56:
                    64:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DA:B2:76:A3:A0:68:10:68:64:A0:E7:E7:7A:A0:45:A5:ED:52:CB
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:43:a4:5f:6e:92:06:e0:ff:a1:12:fa:08:40:1b:95:75:a9:
         bb:98:83:67:70:76:49:82:07:65:a4:85:b8:4b:57:84:f2:58:
         81:98:12:1c:70:e9:49:49:5d:9a:9d:f6:ce:22:b4:0d:1d:ce:
         81:5d:10:c7:0c:27:ca:24:8c:2e:ae:b6:c0:82:e1:9d:25:2b:
         30:7e:6e:93:89:c5:78:6a:f8:3e:33:9a:ab:5a:2e:87:f1:47:
         8b:25:60:b6:9c:4c:04:da:cb:a6:f1:6e:15:9a:3c:29:c0:b8:
         65:2c:cf:1c:b8:86:a6:7f:d6:19:73:1d:f6:af:90:ba:1c:39:
         25:0c:58:b7:9d:76:b4:00:9f:1f:dd:26:a8:61:d0:04:d3:a3:
         63:e0:92:99:0d:50:8c:1f:e0:6d:61:9c:c1:73:ad:5b:5b:b5:
         a7:fa:14:4a:08:13:b8:9d:c1:f2:06:a6:1e:2d:6a:9b:a7:9c:
         94:8c:70:79:c2:bb:42:3f:9a:b5:54:4d:b8:33:33:b3:f1:69:
         7a:c7:ce:5a:2f:d4:91:f8:74:c8:86:99:81:9f:e9:bf:cf:75:
         f0:b2:00:35:97:69:c0:90:6d:25:59:4c:a4:e6:3f:7c:05:8a:
         ee:5b:6b:d6:40:aa:59:3a:8f:c6:8a:96:bd:3b:ff:7f:0b:c8:
         c9:36:9e:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUO/lg/hDj1t5HYc13rpX5DSp3VHwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA4MzEyMDQ5NDZaFw0yNjA4MzAyMDU0NDZaMDMxMTAvBgNV
BAMTKDJBREFCMjc2QTNBMDY4MTA2ODY0QTBFN0U3N0FBMDQ1QTVFRDUyQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ZdhMTALABzEEH4kz2f5Udzat
P8dnYxvuNoM60zHR+NYLKNmbOldVNiCRFE7hF8VRQOGzs34Y2eVO35d7Op75RD8G
iKPMJOMUmc0JOJMEX+CfPtH2reigZLA3HbNf6MPfzg5PKJbx9czkYHHOuaS2KHc5
O6OP3ZZ0uA5WzNvgtSDQJbPqDp+axV8wRrduJB8uktqWFyOKSQDSkvywb58daE5w
FSFpJAg6fW+a37EDQQdt+j0biFytOzbgCJYUEWxEsyWSq7lPMgLW3qeKntIkfrov
Uj7E4EjIiq0uJyRcHoO+27CsAH2vrc3g0F8yoAYrP37jG2tGR6mzpFNGVmQPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKtqydqOgaBBoZKDn53qgRaXtUsswHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk5NDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4YF
MA0GCSqGSIb3DQEBCwUAA4IBAQCTQ6RfbpIG4P+hEvoIQBuVdam7mINncHZJggdl
pIW4S1eE8liBmBIccOlJSV2anfbOIrQNHc6BXRDHDCfKJIwurrbAguGdJSswfm6T
icV4avg+M5qrWi6H8UeLJWC2nEwE2sum8W4VmjwpwLhlLM8cuIamf9YZcx32r5C6
HDklDFi3nXa0AJ8f3SaoYdAE06Nj4JKZDVCMH+BtYZzBc61bW7Wn+hRKCBO4ncHy
BqYeLWqbp5yUjHB5wrtCP5q1VE24MzOz8Wl6x85aL9SR+HTIhpmBn+m/z3XwsgA1
l2nAkG0lWUyk5j98BYruW2vWQKpZOo/Gipa9O/9/C8jJNp69
-----END CERTIFICATE-----