Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS197537.roa
File:                     AS197537.roa (raw, json)
Hash identifier:          cJiH56Inady06LVYFGnSVA2pFpnweyE/PUKSOh0efWc=
Subject key identifier:   DD:C5:15:A4:D5:6E:A5:2F:46:C8:07:9E:11:C2:91:D8:71:FD:5C:50
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       01DB9DAD853C714644D2E70E2E9C357D2E3FA26F
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS197537.roa
Signing time:             Tue 30 Sep 2025 10:03:14 +0000
ROA not before:           Tue 30 Sep 2025 09:58:14 +0000
ROA not after:            Tue 29 Sep 2026 10:03:14 +0000
asID:                     197537
IP address blocks:        46.236.240.0/24 maxlen: 24
                          82.139.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:db:9d:ad:85:3c:71:46:44:d2:e7:0e:2e:9c:35:7d:2e:3f:a2:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:14 2025 GMT
            Not After : Sep 29 10:03:14 2026 GMT
        Subject: CN=DDC515A4D56EA52F46C8079E11C291D871FD5C50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2a:75:2e:a3:c3:db:83:43:cb:3d:7d:be:96:
                    ce:5c:8e:57:87:e0:9b:5d:6d:52:2e:92:a2:00:11:
                    98:1f:75:b9:0c:a2:c3:d5:90:66:2d:c6:71:3b:b9:
                    69:2a:75:8a:1e:68:29:94:87:52:d0:b3:80:87:c8:
                    ac:cb:8c:3f:9c:35:5b:91:60:00:7d:dc:28:c4:88:
                    d5:86:56:9c:2c:b0:b7:41:c6:41:3d:ac:a6:bd:7a:
                    b2:3c:5f:6e:b7:b5:17:94:bf:72:b4:46:64:01:45:
                    1d:90:e3:a5:55:a1:df:c5:5d:f8:79:f0:93:ba:df:
                    dc:0d:0d:62:f4:a7:99:0f:85:70:29:00:93:29:8c:
                    6c:b7:96:21:07:bd:d4:ba:ff:5b:c1:95:02:e2:f5:
                    0c:d9:51:a0:c4:97:9d:8d:15:8c:1c:61:45:36:95:
                    52:f2:23:79:fe:94:ea:07:fe:8c:89:3e:cd:59:0e:
                    41:05:9c:f9:6b:d5:96:68:ca:4b:31:74:71:ef:1e:
                    6e:5d:04:2d:7f:c3:32:eb:52:51:9a:e5:2e:78:b3:
                    d7:3d:75:63:1a:7f:c8:ff:6c:b6:cf:46:d4:a8:91:
                    e4:71:12:ec:0a:20:44:4f:2f:04:83:3e:dd:c1:3f:
                    89:70:00:9b:99:38:44:a8:fb:7a:ef:04:14:f8:b4:
                    25:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C5:15:A4:D5:6E:A5:2F:46:C8:07:9E:11:C2:91:D8:71:FD:5C:50
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS197537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.240.0/24
                  82.139.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:5a:47:82:58:e6:3d:45:68:7d:96:c1:b1:a3:83:5b:74:50:
         a0:30:b1:e0:76:8b:eb:e9:45:df:87:51:1c:1e:b7:30:33:7c:
         7a:d8:fa:17:91:06:40:a9:69:38:85:b8:4d:33:30:93:aa:c6:
         5e:75:37:52:b2:8a:7e:a2:57:5d:e4:d4:9e:bf:b0:e5:88:17:
         94:49:3c:c2:8b:a9:bb:74:6c:1c:ca:b0:eb:3d:9b:fe:73:b3:
         f9:91:78:aa:83:c2:72:72:a1:87:08:dc:e9:95:c8:af:dd:14:
         a1:83:0b:ce:eb:d5:43:73:d6:cd:b1:df:02:fa:0c:f9:7f:24:
         bd:07:78:e8:89:4f:d2:0f:a6:be:f6:3c:72:9d:bc:c4:e1:2d:
         e3:9a:65:5c:c7:34:4a:9e:aa:ce:68:4c:25:16:9a:57:11:81:
         f9:27:67:e6:54:52:e9:74:3b:19:82:fc:48:89:5d:17:a4:25:
         e9:9b:f3:98:b9:6c:58:2e:4f:6b:de:ff:03:c4:88:07:4f:6f:
         22:98:04:3e:ce:ed:54:ea:1c:2c:3e:d2:0f:8b:1a:79:f9:59:
         90:8b:2d:6f:00:33:c7:12:b5:15:1f:2a:6f:57:37:9c:f2:3c:
         41:9e:d5:38:a3:3b:8d:ad:05:61:a8:fd:57:5f:6f:b3:b0:8c:
         09:19:8c:72
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUAdudrYU8cUZE0ucOLpw1fS4/om8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTRaFw0yNjA5MjkxMDAzMTRaMDMxMTAvBgNV
BAMTKEREQzUxNUE0RDU2RUE1MkY0NkM4MDc5RTExQzI5MUQ4NzFGRDVDNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXKnUuo8Pbg0PLPX2+ls5cjleH
4JtdbVIukqIAEZgfdbkMosPVkGYtxnE7uWkqdYoeaCmUh1LQs4CHyKzLjD+cNVuR
YAB93CjEiNWGVpwssLdBxkE9rKa9erI8X263tReUv3K0RmQBRR2Q46VVod/FXfh5
8JO639wNDWL0p5kPhXApAJMpjGy3liEHvdS6/1vBlQLi9QzZUaDEl52NFYwcYUU2
lVLyI3n+lOoH/oyJPs1ZDkEFnPlr1ZZoyksxdHHvHm5dBC1/wzLrUlGa5S54s9c9
dWMaf8j/bLbPRtSokeRxEuwKIERPLwSDPt3BP4lwAJuZOESo+3rvBBT4tCXfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU3cUVpNVupS9GyAeeEcKR2HH9XFAwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTk3NTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALuzw
AwQAUoviMA0GCSqGSIb3DQEBCwUAA4IBAQBvWkeCWOY9RWh9lsGxo4NbdFCgMLHg
dovr6UXfh1EcHrcwM3x62PoXkQZAqWk4hbhNMzCTqsZedTdSsop+oldd5NSev7Dl
iBeUSTzCi6m7dGwcyrDrPZv+c7P5kXiqg8JycqGHCNzplciv3RShgwvO69VDc9bN
sd8C+gz5fyS9B3joiU/SD6a+9jxynbzE4S3jmmVcxzRKnqrOaEwlFppXEYH5J2fm
VFLpdDsZgvxIiV0XpCXpm/OYuWxYLk9r3v8DxIgHT28imAQ+zu1U6hwsPtIPixp5
+VmQiy1vADPHErUVHypvVzec8jxBntU4ozuNrQVhqP1XX2+zsIwJGYxy
-----END CERTIFICATE-----