Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198128.roa
File:                     AS198128.roa (raw, json)
Hash identifier:          CKDI6yxf19UK/jEMWk3AXTToBGWTFOhgRfhoF3UeVMc=
Subject key identifier:   64:C8:6D:6B:9D:CD:A1:9A:AA:20:0B:F4:B1:C5:45:88:C3:42:B8:54
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5195913968D794A1A940BB527CCE03A9D0966EA3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198128.roa
Signing time:             Fri 06 Jun 2025 14:13:33 +0000
ROA not before:           Fri 06 Jun 2025 14:08:33 +0000
ROA not after:            Fri 05 Jun 2026 14:13:33 +0000
asID:                     198128
IP address blocks:        82.24.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:95:91:39:68:d7:94:a1:a9:40:bb:52:7c:ce:03:a9:d0:96:6e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  6 14:08:33 2025 GMT
            Not After : Jun  5 14:13:33 2026 GMT
        Subject: CN=64C86D6B9DCDA19AAA200BF4B1C54588C342B854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c8:08:97:12:88:53:89:14:f2:90:74:69:70:
                    97:83:40:b4:d1:b5:63:e8:75:6a:c7:f5:7d:a6:ff:
                    72:a4:a2:47:c0:26:78:35:72:36:52:66:49:0e:1d:
                    ed:86:af:36:53:16:a5:c9:cd:9f:98:79:d9:83:64:
                    71:f9:c1:78:cf:bb:6c:f9:d0:df:a1:f5:c0:7e:dc:
                    d6:a6:23:ca:63:96:e8:74:05:8a:a6:a3:f2:95:9d:
                    dd:f4:e9:58:2d:86:02:5b:fb:ac:28:b4:74:94:22:
                    8a:99:b5:12:62:e9:3e:1d:87:17:19:bb:f1:bc:c3:
                    70:e0:96:7c:21:4e:af:d7:e1:aa:33:63:01:0f:15:
                    16:58:52:49:82:0c:21:0d:8e:74:1e:a0:f4:05:ed:
                    58:6d:7d:23:4d:11:d8:dd:eb:fb:65:b7:5f:43:b4:
                    a0:fb:a2:4b:a9:3b:2d:14:9f:77:7c:cc:2f:8d:8c:
                    30:f4:b3:7d:d0:76:ed:1a:d5:e5:73:01:63:10:1e:
                    14:bb:ee:86:b5:12:05:6a:89:4e:b1:0c:04:34:26:
                    46:4c:26:cd:45:8b:9c:4c:02:d1:5e:de:7b:79:6f:
                    08:7b:d0:dd:5c:f4:61:3e:0b:a8:81:d5:5c:94:c6:
                    79:1e:91:c8:7f:6a:f6:0e:52:04:77:f7:1a:75:33:
                    14:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C8:6D:6B:9D:CD:A1:9A:AA:20:0B:F4:B1:C5:45:88:C3:42:B8:54
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198128.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:49:8f:e7:c4:e7:58:f8:25:ea:c0:4b:1d:97:4e:b1:77:6f:
         89:65:ff:a4:c8:17:a5:03:c7:49:7e:8c:b8:f4:d9:60:09:ca:
         d6:a2:53:9b:e2:09:78:aa:28:b8:7b:bf:ff:53:55:25:ec:65:
         64:56:3b:8a:95:32:44:f9:8b:3a:fa:d2:83:d5:4a:ce:ee:c4:
         a2:0c:83:dc:73:ee:34:42:4f:b5:78:c1:08:0b:e0:2a:b0:52:
         58:a8:26:1c:24:49:97:0a:52:ce:db:f2:5c:37:9f:c4:48:86:
         7a:02:fe:f2:17:b3:d0:63:fe:e6:3a:bf:cf:88:7d:4f:de:f4:
         00:04:3e:4f:8a:5c:33:68:d4:07:d8:7d:ce:27:5c:6d:dc:9f:
         2a:85:cb:2f:10:a1:bc:b5:fd:8d:9d:eb:00:73:a2:cd:0d:3c:
         70:fe:48:ee:62:c2:51:8e:e6:1e:05:95:11:49:3b:cc:79:90:
         9b:87:8e:62:d0:86:fc:c5:ab:87:a1:aa:d9:ad:28:38:c8:08:
         5b:5a:43:a4:6a:7d:9f:c8:b6:1f:03:aa:34:33:59:7b:bb:16:
         52:db:28:e5:07:9e:48:f1:1a:a3:84:15:92:35:69:45:01:dd:
         f9:2f:6f:96:20:9c:b5:30:7d:20:74:28:49:d8:2a:f2:2c:c1:
         5f:5a:39:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUZWROWjXlKGpQLtSfM4DqdCWbqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDYxNDA4MzNaFw0yNjA2MDUxNDEzMzNaMDMxMTAvBgNV
BAMTKDY0Qzg2RDZCOURDREExOUFBQTIwMEJGNEIxQzU0NTg4QzM0MkI4NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjyAiXEohTiRTykHRpcJeDQLTR
tWPodWrH9X2m/3KkokfAJng1cjZSZkkOHe2GrzZTFqXJzZ+YedmDZHH5wXjPu2z5
0N+h9cB+3NamI8pjluh0BYqmo/KVnd306VgthgJb+6wotHSUIoqZtRJi6T4dhxcZ
u/G8w3DglnwhTq/X4aozYwEPFRZYUkmCDCENjnQeoPQF7VhtfSNNEdjd6/tlt19D
tKD7okupOy0Un3d8zC+NjDD0s33Qdu0a1eVzAWMQHhS77oa1EgVqiU6xDAQ0JkZM
Js1Fi5xMAtFe3nt5bwh70N1c9GE+C6iB1VyUxnkekch/avYOUgR39xp1MxQVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZMhta53NoZqqIAv0scVFiMNCuFQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4MTI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhjJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAISY/nxOdY+CXqwEsdl06xd2+JZf+kyBelA8dJ
foy49NlgCcrWolOb4gl4qii4e7//U1Ul7GVkVjuKlTJE+Ys6+tKD1UrO7sSiDIPc
c+40Qk+1eMEIC+AqsFJYqCYcJEmXClLO2/JcN5/ESIZ6Av7yF7PQY/7mOr/PiH1P
3vQABD5PilwzaNQH2H3OJ1xt3J8qhcsvEKG8tf2NnesAc6LNDTxw/kjuYsJRjuYe
BZURSTvMeZCbh45i0Ib8xauHoarZrSg4yAhbWkOkan2fyLYfA6o0M1l7uxZS2yjl
B55I8RqjhBWSNWlFAd35L2+WIJy1MH0gdChJ2CryLMFfWjnl
-----END CERTIFICATE-----