Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          f2xsl7Q+rLU61kuZkWcVdrOI27jXoLsI2YChN5DYzIA=
Subject key identifier:   0B:E9:AC:58:F8:F8:0E:9E:DA:70:CF:CA:7B:ED:94:E2:B6:1E:7A:14
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       50EB39C1B3E91AA12446D7907DFAF9A52E5F3D01
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
Signing time:             Mon 20 Oct 2025 09:57:13 +0000
ROA not before:           Mon 20 Oct 2025 09:52:13 +0000
ROA not after:            Mon 19 Oct 2026 09:57:13 +0000
asID:                     25198
IP address blocks:        140.150.155.0/24 maxlen: 24
                          140.150.156.0/24 maxlen: 24
                          143.14.71.0/24 maxlen: 24
                          143.14.174.0/24 maxlen: 24
                          148.135.175.0/24 maxlen: 24
                          162.141.48.0/24 maxlen: 24
                          162.141.136.0/24 maxlen: 24
                          167.148.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:eb:39:c1:b3:e9:1a:a1:24:46:d7:90:7d:fa:f9:a5:2e:5f:3d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 20 09:52:13 2025 GMT
            Not After : Oct 19 09:57:13 2026 GMT
        Subject: CN=0BE9AC58F8F80E9EDA70CFCA7BED94E2B61E7A14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b3:84:0e:ca:0e:e2:c0:f9:77:d3:04:e3:fb:
                    15:94:22:9c:67:ca:c0:7c:bf:a6:93:03:51:9e:0e:
                    9a:c1:7b:f7:82:d3:86:4f:5d:ff:5d:48:d8:8a:a8:
                    82:24:83:63:6f:49:0f:9d:84:13:27:1b:72:11:db:
                    82:f1:1e:9d:25:f5:6a:1c:79:2d:3a:44:2d:68:ff:
                    f5:6c:d2:b3:48:b1:75:99:ab:27:f7:4b:3d:e9:0b:
                    e3:cf:f4:fa:9f:f2:bf:df:80:ee:70:97:01:0e:7a:
                    bb:6d:85:0b:af:24:7e:b9:c0:a5:4b:b8:4f:e7:e0:
                    21:0f:62:58:27:d8:1f:b0:f3:4c:34:a2:a2:f3:56:
                    c4:a9:6a:f3:42:63:34:3b:33:c1:56:a9:56:fa:1e:
                    c5:52:0f:16:97:cf:fb:df:ad:59:24:d0:5f:dc:2f:
                    ee:ed:2f:af:68:84:03:e0:86:18:66:7e:11:1e:b2:
                    b2:a4:90:b5:16:93:f8:13:35:12:54:63:89:df:8b:
                    ed:41:81:1d:13:69:e2:b4:59:8a:c1:6f:35:5e:24:
                    8f:a4:71:3b:de:7d:7c:86:dd:83:d8:3f:76:52:7a:
                    a1:7d:a5:43:9b:d7:d0:12:8f:35:7b:e7:1a:f3:7d:
                    fd:c6:75:65:44:38:01:04:15:86:43:de:f8:8a:39:
                    28:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E9:AC:58:F8:F8:0E:9E:DA:70:CF:CA:7B:ED:94:E2:B6:1E:7A:14
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.155.0-140.150.156.255
                  143.14.71.0/24
                  143.14.174.0/24
                  148.135.175.0/24
                  162.141.48.0/24
                  162.141.136.0/24
                  167.148.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:27:88:ee:2d:83:ac:a6:ef:7b:f8:11:18:fa:9a:93:d1:bb:
         db:0a:d4:2b:3a:13:e9:cd:23:96:7a:96:4d:9f:eb:8b:30:1c:
         58:2b:b4:bd:a9:13:0f:6d:66:06:a2:25:93:90:fd:0e:3c:c2:
         88:e7:f2:d4:5b:69:8f:25:b1:c7:48:87:93:6d:27:7c:2d:c2:
         c6:68:e7:09:67:d0:5c:37:b3:9e:77:0e:eb:2b:72:ac:ac:39:
         83:e8:3a:75:dc:42:b9:6a:2b:00:ba:74:2d:3a:32:d9:ad:11:
         11:e5:33:aa:7b:8c:28:b8:87:fd:99:69:35:f3:19:ed:9d:02:
         52:c1:57:1c:53:91:f6:96:ff:15:76:f6:56:92:92:27:6d:56:
         f1:0f:6c:3f:f0:1c:63:45:6c:90:7f:64:4a:40:24:6e:ac:90:
         c3:87:b3:d1:e3:d1:72:cb:04:84:10:9d:a5:8d:50:67:47:21:
         d3:af:b8:01:02:07:95:bf:75:54:c6:30:26:44:4e:5f:ab:fd:
         1b:bd:e8:22:96:38:a0:ad:af:32:30:d6:a2:5d:ee:e2:42:52:
         f9:c8:e7:9b:ff:23:58:3d:65:07:8f:c9:67:f0:37:77:be:58:
         36:4c:48:44:a7:93:23:69:20:47:71:0b:5f:ef:9f:c2:5e:de:
         e5:51:86:ca
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUUOs5wbPpGqEkRteQffr5pS5fPQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjAwOTUyMTNaFw0yNjEwMTkwOTU3MTNaMDMxMTAvBgNV
BAMTKDBCRTlBQzU4RjhGODBFOUVEQTcwQ0ZDQTdCRUQ5NEUyQjYxRTdBMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCss4QOyg7iwPl30wTj+xWUIpxn
ysB8v6aTA1GeDprBe/eC04ZPXf9dSNiKqIIkg2NvSQ+dhBMnG3IR24LxHp0l9Woc
eS06RC1o//Vs0rNIsXWZqyf3Sz3pC+PP9Pqf8r/fgO5wlwEOertthQuvJH65wKVL
uE/n4CEPYlgn2B+w80w0oqLzVsSpavNCYzQ7M8FWqVb6HsVSDxaXz/vfrVkk0F/c
L+7tL69ohAPghhhmfhEesrKkkLUWk/gTNRJUY4nfi+1BgR0TaeK0WYrBbzVeJI+k
cTvefXyG3YPYP3ZSeqF9pUOb19ASjzV75xrzff3GdWVEOAEEFYZD3viKOSiDAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUC+msWPj4Dp7acM/Ke+2U4rYeehQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSwYIKwYBBQUHAQcBAf8EPDA6MDgEAgABMDIwDAMEAIyW
mwMEAIyWnAMEAI8ORwMEAI8OrgMEAJSHrwMEAKKNMAMEAKKNiAMEAKeUaTANBgkq
hkiG9w0BAQsFAAOCAQEAOieI7i2DrKbve/gRGPqak9G72wrUKzoT6c0jlnqWTZ/r
izAcWCu0vakTD21mBqIlk5D9DjzCiOfy1FtpjyWxx0iHk20nfC3CxmjnCWfQXDez
nncO6ytyrKw5g+g6ddxCuWorALp0LToy2a0REeUzqnuMKLiH/ZlpNfMZ7Z0CUsFX
HFOR9pb/FXb2VpKSJ21W8Q9sP/AcY0VskH9kSkAkbqyQw4ez0ePRcssEhBCdpY1Q
Z0ch06+4AQIHlb91VMYwJkROX6v9G73oIpY4oK2vMjDWol3u4kJS+cjnm/8jWD1l
B4/JZ/A3d75YNkxIRKeTI2kgR3ELX++fwl7e5VGGyg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:52:55 2025 by rpki-client