Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS198250.roa
File:                     AS198250.roa (raw, json)
Hash identifier:          oFY3tW2HzcVvjeKZhCZ9+jaQJmZrb3ie3+zlKHHjWKs=
Subject key identifier:   BB:29:C4:13:1D:F1:02:A8:EF:4C:A3:02:B3:76:0F:98:B3:47:4D:3A
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       460BF1923675EEC170B4A0952C8916EC6206CFD7
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS198250.roa
Signing time:             Mon 11 May 2026 18:42:40 +0000
ROA not before:           Mon 11 May 2026 18:37:40 +0000
ROA not after:            Mon 10 May 2027 18:42:40 +0000
asID:                     198250
IP address blocks:        212.60.150.0/24 maxlen: 24
                          212.60.152.0/24 maxlen: 24
                          212.60.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:0b:f1:92:36:75:ee:c1:70:b4:a0:95:2c:89:16:ec:62:06:cf:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 11 18:37:40 2026 GMT
            Not After : May 10 18:42:40 2027 GMT
        Subject: CN=BB29C4131DF102A8EF4CA302B3760F98B3474D3A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2c:c5:7c:a0:5b:aa:6b:5f:8a:fd:90:8c:7b:
                    b4:ac:3a:11:29:7e:5e:98:f5:82:e3:10:73:0f:28:
                    59:8e:b4:03:af:59:c8:51:5b:05:1d:e0:49:dc:02:
                    f2:5b:2f:c1:56:52:d3:3c:e9:f0:1a:a8:31:9e:cb:
                    2c:5b:0c:98:27:c4:4f:6a:50:93:83:9e:3a:65:13:
                    c9:74:b6:90:50:f8:a9:22:fa:92:07:38:31:0c:e6:
                    ab:7e:b0:e2:d7:dd:64:7e:eb:ee:a0:0f:e6:65:2d:
                    8b:50:df:39:74:97:0b:23:52:08:a3:b0:c3:b2:28:
                    63:30:46:a2:e0:46:a6:a5:1c:b6:c5:32:52:1e:e8:
                    a2:e6:7e:31:ec:91:1b:45:ca:29:31:84:ea:35:74:
                    a5:0c:22:7f:90:35:a8:2b:ee:1c:81:a4:f2:64:d8:
                    36:8a:c6:17:5d:95:01:41:f9:d5:4f:25:fa:d9:a2:
                    2d:93:39:83:1a:94:ce:86:fe:1e:a9:6a:6d:e5:27:
                    12:5c:7b:9a:53:69:b6:1e:c0:f8:cc:fa:2e:a7:ca:
                    68:8b:62:a2:04:73:07:0a:b1:54:27:a6:fd:72:fc:
                    49:b1:ca:2b:84:1f:b5:e5:5c:69:04:f4:c2:35:8b:
                    ca:7c:e8:df:94:50:b7:09:c2:94:97:45:09:73:78:
                    94:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:29:C4:13:1D:F1:02:A8:EF:4C:A3:02:B3:76:0F:98:B3:47:4D:3A
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS198250.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.150.0/24
                  212.60.152.0/24
                  212.60.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:30:70:72:91:b4:aa:79:51:e5:73:35:60:f4:02:e2:4c:24:
         56:80:85:cc:3b:73:39:f6:85:4f:a5:b1:fd:53:5f:61:28:27:
         87:de:49:a8:62:c3:48:fe:4e:82:e2:b2:04:6d:32:ff:cc:ea:
         3e:1b:a1:33:44:5c:d2:23:0d:85:5a:65:03:28:25:82:cb:ac:
         b7:ea:f7:f9:5a:51:a7:a9:92:fa:e3:6d:e2:1b:ef:c7:2f:54:
         52:f8:bd:1c:4d:30:b2:bd:82:d4:3d:44:01:de:96:f8:e5:1a:
         40:89:90:3c:b1:d9:d9:d0:c0:cc:82:e9:55:d6:92:37:08:8a:
         fc:98:9e:56:97:02:9a:c9:74:c8:51:2a:0b:98:4c:38:7d:93:
         e6:be:b2:9a:ee:4a:b4:ff:5e:9c:85:6f:d0:60:b1:1e:e1:c8:
         aa:9b:6c:f2:90:cd:6c:7d:39:ca:df:53:21:90:85:e8:23:d3:
         da:2b:fb:c4:dd:6e:7f:65:e3:eb:3b:82:7d:e3:fa:96:d2:3e:
         0b:d0:2b:82:3a:40:ac:84:9a:eb:c6:51:19:52:fd:39:ab:36:
         5f:a7:48:66:a2:f1:89:f3:35:8f:ee:be:2c:f2:af:c1:f4:38:
         7e:05:d3:6f:43:53:b6:e1:1a:0f:95:cd:1b:8c:d5:94:af:f7:
         6f:35:a2:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIURgvxkjZ17sFwtKCVLIkW7GIGz9cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MTExODM3NDBaFw0yNzA1MTAxODQyNDBaMDMxMTAvBgNV
BAMTKEJCMjlDNDEzMURGMTAyQThFRjRDQTMwMkIzNzYwRjk4QjM0NzREM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDLMV8oFuqa1+K/ZCMe7SsOhEp
fl6Y9YLjEHMPKFmOtAOvWchRWwUd4EncAvJbL8FWUtM86fAaqDGeyyxbDJgnxE9q
UJODnjplE8l0tpBQ+Kki+pIHODEM5qt+sOLX3WR+6+6gD+ZlLYtQ3zl0lwsjUgij
sMOyKGMwRqLgRqalHLbFMlIe6KLmfjHskRtFyikxhOo1dKUMIn+QNagr7hyBpPJk
2DaKxhddlQFB+dVPJfrZoi2TOYMalM6G/h6pam3lJxJce5pTabYewPjM+i6nymiL
YqIEcwcKsVQnpv1y/EmxyiuEH7XlXGkE9MI1i8p86N+UULcJwpSXRQlzeJT1AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUuynEEx3xAqjvTKMCs3YPmLNHTTowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMTk4MjUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1DyW
AwQA1DyYAwQA1DyaMA0GCSqGSIb3DQEBCwUAA4IBAQAlMHBykbSqeVHlczVg9ALi
TCRWgIXMO3M59oVPpbH9U19hKCeH3kmoYsNI/k6C4rIEbTL/zOo+G6EzRFzSIw2F
WmUDKCWCy6y36vf5WlGnqZL6423iG+/HL1RS+L0cTTCyvYLUPUQB3pb45RpAiZA8
sdnZ0MDMgulV1pI3CIr8mJ5WlwKayXTIUSoLmEw4fZPmvrKa7kq0/16chW/QYLEe
4ciqm2zykM1sfTnK31MhkIXoI9PaK/vE3W5/ZePrO4J94/qW0j4L0CuCOkCshJrr
xlEZUv05qzZfp0hmovGJ8zWP7r4s8q/B9Dh+BdNvQ1O24RoPlc0bjNWUr/dvNaKV
-----END CERTIFICATE-----