Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198075.roa
File:                     AS198075.roa (raw, json)
Hash identifier:          Hg6e+NFY9yFFmnOy43I15dkUS2fEze+DwaqyYQ9urWU=
Subject key identifier:   0D:B1:28:5A:35:EA:C3:60:B3:09:67:53:66:F9:36:54:97:05:C7:17
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       69AFB25C93670A16DD015AE7F46EADDAF6BE18BE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198075.roa
Signing time:             Tue 05 May 2026 15:24:12 +0000
ROA not before:           Tue 05 May 2026 15:19:12 +0000
ROA not after:            Tue 04 May 2027 15:24:12 +0000
asID:                     198075
IP address blocks:        147.79.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:af:b2:5c:93:67:0a:16:dd:01:5a:e7:f4:6e:ad:da:f6:be:18:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  5 15:19:12 2026 GMT
            Not After : May  4 15:24:12 2027 GMT
        Subject: CN=0DB1285A35EAC360B309675366F936549705C717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:f6:50:6d:fd:84:26:f2:51:11:2d:b3:60:58:
                    75:6a:13:65:9e:ee:45:35:e1:08:9d:04:75:2e:4b:
                    b1:71:a0:44:18:d3:90:45:58:9c:f6:11:da:08:24:
                    e0:67:06:83:8b:a1:16:c2:7b:c3:54:62:69:84:a0:
                    bc:2c:57:ec:07:ca:44:14:23:e2:76:06:7c:41:23:
                    48:f1:39:e5:81:87:f4:43:6e:38:e9:f0:fc:ad:ad:
                    64:08:83:26:d1:ec:7a:16:76:ed:a4:36:1a:65:61:
                    ec:85:9c:ea:2f:9e:d4:ca:07:1a:84:cb:2d:aa:02:
                    44:c4:68:50:de:2e:60:76:3a:93:75:48:9e:2f:ec:
                    a2:fc:0f:3b:48:ea:35:57:77:1b:10:3f:3a:58:4e:
                    99:8d:09:e6:d1:fd:47:ea:92:55:ce:65:7d:c6:92:
                    6e:7a:92:12:ca:cf:ec:8a:4d:b1:b8:33:b5:a9:cd:
                    fb:7a:04:da:3a:8e:d1:d5:99:77:37:6b:82:1e:03:
                    d6:d0:ff:03:57:05:b3:c5:e9:21:69:df:05:4a:3e:
                    41:9c:fd:7f:8a:e4:72:fc:07:f5:29:92:cf:38:60:
                    2b:a4:4f:3b:29:8f:33:12:1c:0a:b7:79:e7:4d:26:
                    f0:60:92:12:8a:96:82:c4:77:78:16:c8:97:e7:61:
                    8a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B1:28:5A:35:EA:C3:60:B3:09:67:53:66:F9:36:54:97:05:C7:17
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:07:66:17:4d:0d:d4:57:ef:3c:6e:5d:82:29:6d:50:9d:d7:
         d7:d1:8b:84:d2:2a:3a:64:40:21:26:03:5a:b2:e5:54:17:88:
         57:2d:23:d4:98:ec:3f:88:cc:fa:f7:fa:f2:21:fe:46:78:c5:
         49:d7:86:ac:4b:cd:29:14:ca:97:23:54:1c:10:b4:bd:32:73:
         09:b2:9f:c3:80:54:e6:bb:cc:19:1a:b3:fd:5f:ea:bb:58:75:
         60:7e:89:84:b0:5b:67:d8:b8:c9:d3:5a:ee:c5:4e:2a:c9:f3:
         82:4a:93:2d:4d:78:8d:6e:12:be:e4:94:a9:08:20:30:a2:b3:
         99:53:d7:80:29:b7:18:5e:4c:44:11:77:4e:52:0f:1c:41:f7:
         30:73:cc:cf:68:35:f6:eb:a8:bc:be:03:55:f9:8a:1a:2b:b6:
         40:20:80:2d:c1:3d:40:1c:6c:36:63:70:58:f9:12:11:ad:6d:
         dc:f7:86:e0:77:df:2c:31:09:9b:1e:ae:6b:80:4c:8b:36:f7:
         55:26:b7:d0:89:1b:a7:fc:15:eb:b0:f6:2e:9c:61:9b:97:0b:
         cc:30:98:e6:25:d3:b6:8d:6f:31:b8:67:8c:92:7c:dc:97:b0:
         45:68:42:47:05:30:81:1d:a6:9e:c1:a9:f8:20:0a:52:66:73:
         bd:10:3b:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaa+yXJNnChbdAVrn9G6t2va+GL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDUxNTE5MTJaFw0yNzA1MDQxNTI0MTJaMDMxMTAvBgNV
BAMTKDBEQjEyODVBMzVFQUMzNjBCMzA5Njc1MzY2RjkzNjU0OTcwNUM3MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm9lBt/YQm8lERLbNgWHVqE2We
7kU14QidBHUuS7FxoEQY05BFWJz2EdoIJOBnBoOLoRbCe8NUYmmEoLwsV+wHykQU
I+J2BnxBI0jxOeWBh/RDbjjp8PytrWQIgybR7HoWdu2kNhplYeyFnOovntTKBxqE
yy2qAkTEaFDeLmB2OpN1SJ4v7KL8DztI6jVXdxsQPzpYTpmNCebR/UfqklXOZX3G
km56khLKz+yKTbG4M7Wpzft6BNo6jtHVmXc3a4IeA9bQ/wNXBbPF6SFp3wVKPkGc
/X+K5HL8B/Upks84YCukTzspjzMSHAq3eedNJvBgkhKKloLEd3gWyJfnYYofAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDbEoWjXqw2CzCWdTZvk2VJcFxxcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk4MDc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08C
MA0GCSqGSIb3DQEBCwUAA4IBAQBAB2YXTQ3UV+88bl2CKW1QndfX0YuE0io6ZEAh
JgNasuVUF4hXLSPUmOw/iMz69/ryIf5GeMVJ14asS80pFMqXI1QcELS9MnMJsp/D
gFTmu8wZGrP9X+q7WHVgfomEsFtn2LjJ01ruxU4qyfOCSpMtTXiNbhK+5JSpCCAw
orOZU9eAKbcYXkxEEXdOUg8cQfcwc8zPaDX266i8vgNV+YoaK7ZAIIAtwT1AHGw2
Y3BY+RIRrW3c94bgd98sMQmbHq5rgEyLNvdVJrfQiRun/BXrsPYunGGblwvMMJjm
JdO2jW8xuGeMknzcl7BFaEJHBTCBHaaewan4IApSZnO9EDtv
-----END CERTIFICATE-----