Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          g0bC/T1Bqh86Fo1vb3c1pxXOqSFuBr2A3Rhesidzkuc=
Subject key identifier:   55:6B:60:3E:81:3E:85:64:FB:D3:95:53:28:58:50:39:B1:F6:66:26
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5D541479AFCBC3171B9DD16BBCF56382EA3EA86F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
Signing time:             Sat 14 Mar 2026 10:13:21 +0000
ROA not before:           Sat 14 Mar 2026 10:08:21 +0000
ROA not after:            Sat 13 Mar 2027 10:13:21 +0000
asID:                     25198
IP address blocks:        168.222.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:54:14:79:af:cb:c3:17:1b:9d:d1:6b:bc:f5:63:82:ea:3e:a8:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 14 10:08:21 2026 GMT
            Not After : Mar 13 10:13:21 2027 GMT
        Subject: CN=556B603E813E8564FBD3955328585039B1F66626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6e:9c:2e:d5:24:d7:a9:44:c6:af:89:75:7d:
                    db:dd:0c:a6:7b:a6:e7:e2:23:ff:82:a1:68:7f:18:
                    1b:92:1b:f0:8a:a1:d8:22:3c:ad:7a:c3:f4:54:d5:
                    45:4c:58:36:22:a5:10:e7:2f:b3:bb:8d:4d:54:c7:
                    d9:3f:b0:a4:95:37:cd:6d:e7:c3:90:ca:99:18:df:
                    99:c2:77:26:78:b1:8f:11:66:21:96:fe:fa:01:c6:
                    06:a7:9d:e3:7c:aa:d1:f1:71:c9:5c:d8:5a:03:1c:
                    07:8b:76:5d:c3:2d:ee:a6:30:a5:b4:84:5e:70:97:
                    d0:e5:a4:35:2a:11:17:a9:62:83:7e:2a:77:ee:92:
                    fa:56:75:93:ca:35:77:0d:50:58:d7:a0:0d:32:d3:
                    a2:86:b8:a9:e7:c9:63:ac:41:b5:c9:66:2b:01:41:
                    0d:56:4a:2f:df:0d:c9:50:8f:6a:7e:8c:35:8f:78:
                    ae:a2:02:78:72:6e:8d:ca:20:ea:3e:a2:c4:b8:53:
                    90:f1:db:02:f0:2a:19:e4:11:c0:cb:e9:92:20:5c:
                    b5:14:11:75:21:ae:ea:60:5b:88:a4:01:82:a8:53:
                    d0:6a:73:d5:7a:14:c4:ef:fe:e0:0e:56:79:ac:82:
                    d3:1d:78:38:20:9e:25:70:71:ca:6f:97:9f:fc:c8:
                    7a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:6B:60:3E:81:3E:85:64:FB:D3:95:53:28:58:50:39:B1:F6:66:26
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:2f:fe:0f:11:bc:60:d4:c0:89:8d:b5:25:33:a1:89:65:7f:
         43:de:9e:80:9b:c9:17:41:39:cd:9a:e0:8f:ab:d9:0e:88:d1:
         97:3a:76:58:79:e3:76:81:f9:27:e4:b3:4a:b6:33:6e:03:de:
         d3:69:18:76:2b:4d:68:2a:94:d7:9b:ed:82:d9:a8:89:ba:54:
         de:0a:42:93:4e:b0:c6:ce:c1:db:d7:d5:5f:2f:59:49:95:5d:
         fd:7a:09:14:16:32:e9:4d:59:5f:d9:2c:3b:e3:49:03:58:34:
         6b:bf:c8:b2:0f:f9:80:5a:c2:70:65:79:3d:9e:90:bd:0d:d6:
         cb:d8:7c:d4:d9:8d:9c:f4:9a:fa:5b:d3:bb:ca:4b:be:89:9c:
         ef:e1:fa:b7:83:1c:49:b0:5d:3f:9f:25:2d:79:fb:49:5e:9f:
         90:04:15:68:73:44:a8:f0:a6:87:67:dc:7b:8c:ea:75:5c:22:
         bf:da:d8:45:42:ce:7d:e8:da:ad:29:c9:bc:9c:5b:a4:71:fd:
         37:d3:58:cc:7f:3a:30:83:7c:eb:b2:bf:80:63:a6:fe:b4:1f:
         b6:0b:44:d8:59:7f:8f:9d:49:83:62:5c:c1:2e:53:8e:13:6d:
         2b:a2:ff:58:f3:44:43:57:e9:de:bb:69:cc:4f:eb:74:f3:98:
         52:5e:84:af
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXVQUea/LwxcbndFrvPVjguo+qG8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTQxMDA4MjFaFw0yNzAzMTMxMDEzMjFaMDMxMTAvBgNV
BAMTKDU1NkI2MDNFODEzRTg1NjRGQkQzOTU1MzI4NTg1MDM5QjFGNjY2MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIbpwu1STXqUTGr4l1fdvdDKZ7
pufiI/+CoWh/GBuSG/CKodgiPK16w/RU1UVMWDYipRDnL7O7jU1Ux9k/sKSVN81t
58OQypkY35nCdyZ4sY8RZiGW/voBxganneN8qtHxcclc2FoDHAeLdl3DLe6mMKW0
hF5wl9DlpDUqERepYoN+KnfukvpWdZPKNXcNUFjXoA0y06KGuKnnyWOsQbXJZisB
QQ1WSi/fDclQj2p+jDWPeK6iAnhybo3KIOo+osS4U5Dx2wLwKhnkEcDL6ZIgXLUU
EXUhrupgW4ikAYKoU9Bqc9V6FMTv/uAOVnmsgtMdeDggniVwccpvl5/8yHoRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUVWtgPoE+hWT705VTKFhQObH2ZiYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKo3mgw
DQYJKoZIhvcNAQELBQADggEBAEUv/g8RvGDUwImNtSUzoYllf0PenoCbyRdBOc2a
4I+r2Q6I0Zc6dlh543aB+Sfks0q2M24D3tNpGHYrTWgqlNeb7YLZqIm6VN4KQpNO
sMbOwdvX1V8vWUmVXf16CRQWMulNWV/ZLDvjSQNYNGu/yLIP+YBawnBleT2ekL0N
1svYfNTZjZz0mvpb07vKS76JnO/h+reDHEmwXT+fJS15+0len5AEFWhzRKjwpodn
3HuM6nVcIr/a2EVCzn3o2q0pybycW6Rx/TfTWMx/OjCDfOuyv4Bjpv60H7YLRNhZ
f4+dSYNiXMEuU44TbSui/1jzRENX6d67acxP63TzmFJehK8=
-----END CERTIFICATE-----