Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198420.roa
File:                     AS198420.roa (raw, json)
Hash identifier:          H+y0w+vMeAOActNM1RwEX4ICPvHE3ZtCPrRf33HcZ8s=
Subject key identifier:   A2:3D:F6:4E:2D:10:4B:A7:EC:FA:74:7D:11:56:5B:7F:79:2F:68:5D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0611FE350DF609CF5429B2DDB582441205D38FCE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198420.roa
Signing time:             Tue 28 Apr 2026 21:37:53 +0000
ROA not before:           Tue 28 Apr 2026 21:32:53 +0000
ROA not after:            Tue 27 Apr 2027 21:37:53 +0000
asID:                     198420
IP address blocks:        82.41.120.0/24 maxlen: 24
                          84.75.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:11:fe:35:0d:f6:09:cf:54:29:b2:dd:b5:82:44:12:05:d3:8f:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 28 21:32:53 2026 GMT
            Not After : Apr 27 21:37:53 2027 GMT
        Subject: CN=A23DF64E2D104BA7ECFA747D11565B7F792F685D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:22:2b:b5:16:ee:f8:d5:d1:03:ff:55:3a:1c:
                    98:51:a1:5a:de:5e:42:7b:fc:40:c1:04:a9:df:60:
                    9a:da:ad:26:ed:c8:c8:86:1f:00:6a:1f:57:11:07:
                    f5:61:be:ae:58:1a:21:73:68:e0:ea:41:b2:3d:43:
                    43:a2:e3:98:b3:ef:a0:7a:77:8b:d1:d2:a2:de:a9:
                    57:8e:e1:9a:71:c6:2b:f9:c0:e8:55:67:28:cc:bb:
                    31:02:1a:5a:83:b8:a8:69:ad:ce:84:d8:0a:6a:5a:
                    4b:a7:51:7e:0a:57:30:74:d0:92:dd:23:57:95:3b:
                    5c:95:37:25:6b:47:67:57:5b:54:7a:f6:90:c9:cd:
                    f5:61:9e:f7:0b:41:e2:57:fa:53:50:73:97:4f:33:
                    63:a5:f7:48:c0:79:f4:38:a3:a2:d1:93:30:86:ae:
                    30:11:20:37:99:45:a8:30:37:b2:1e:69:7b:0a:cf:
                    51:de:47:88:c3:aa:b2:8a:7d:b7:7b:4f:1d:53:c6:
                    18:ea:30:7d:e0:a9:25:29:e2:96:98:b9:4f:ca:2c:
                    85:66:e5:8f:93:ab:7f:27:71:24:27:54:e7:79:d1:
                    93:2e:64:6a:20:17:74:a9:24:82:86:97:a0:26:b5:
                    1b:eb:1c:63:50:f1:2c:24:12:ae:60:dd:1d:43:cb:
                    90:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:3D:F6:4E:2D:10:4B:A7:EC:FA:74:7D:11:56:5B:7F:79:2F:68:5D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198420.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.120.0/24
                  84.75.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:04:2d:62:78:88:3c:be:4f:5c:92:f1:80:a5:2d:c4:50:f6:
         0c:da:d1:65:54:73:2d:55:64:86:90:89:17:db:40:42:00:13:
         c8:48:19:ec:c6:62:4e:71:29:39:dc:ba:6d:5f:18:e6:65:12:
         7a:56:16:9c:66:00:85:9e:74:fa:eb:f0:be:61:01:f9:28:64:
         e2:3a:77:07:00:2a:ac:c8:da:1e:07:ef:15:48:19:a3:6a:1f:
         fb:b5:4d:dd:57:70:f5:9d:f4:a8:ae:8d:54:0b:c2:53:ea:f3:
         56:05:c9:6e:33:1a:4f:8c:ac:51:1e:19:b1:64:c6:a4:fa:47:
         fc:7c:71:cd:0e:ab:12:2b:59:50:e4:4b:d2:e9:14:fc:05:a5:
         b4:6b:13:16:3b:f6:19:9f:ca:e5:9d:5b:1d:ab:0e:e1:e1:d3:
         c4:62:b1:77:67:4b:de:5f:1d:b7:72:1d:33:d6:39:53:a4:70:
         6e:ec:0e:5b:05:59:dd:5c:7e:0e:46:2d:63:ba:89:c5:84:bf:
         98:67:fa:57:d9:ce:de:04:2c:1e:33:58:8c:34:e2:2e:b9:7c:
         16:01:66:d1:db:45:e5:85:1e:7f:fb:7c:7f:20:20:1d:00:93:
         5e:c2:53:fd:d7:a0:51:f1:d9:24:36:3a:e4:06:b2:ea:31:e1:
         f3:cb:52:6f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUBhH+NQ32Cc9UKbLdtYJEEgXTj84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjgyMTMyNTNaFw0yNzA0MjcyMTM3NTNaMDMxMTAvBgNV
BAMTKEEyM0RGNjRFMkQxMDRCQTdFQ0ZBNzQ3RDExNTY1QjdGNzkyRjY4NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNIiu1Fu741dED/1U6HJhRoVre
XkJ7/EDBBKnfYJrarSbtyMiGHwBqH1cRB/Vhvq5YGiFzaODqQbI9Q0Oi45iz76B6
d4vR0qLeqVeO4Zpxxiv5wOhVZyjMuzECGlqDuKhprc6E2ApqWkunUX4KVzB00JLd
I1eVO1yVNyVrR2dXW1R69pDJzfVhnvcLQeJX+lNQc5dPM2Ol90jAefQ4o6LRkzCG
rjARIDeZRagwN7IeaXsKz1HeR4jDqrKKfbd7Tx1TxhjqMH3gqSUp4paYuU/KLIVm
5Y+Tq38ncSQnVOd50ZMuZGogF3SpJIKGl6AmtRvrHGNQ8SwkEq5g3R1Dy5CxAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUoj32Ti0QS6fs+nR9EVZbf3kvaF0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4NDIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUil4
AwQAVEuhMA0GCSqGSIb3DQEBCwUAA4IBAQBOBC1ieIg8vk9ckvGApS3EUPYM2tFl
VHMtVWSGkIkX20BCABPISBnsxmJOcSk53LptXxjmZRJ6VhacZgCFnnT66/C+YQH5
KGTiOncHACqsyNoeB+8VSBmjah/7tU3dV3D1nfSoro1UC8JT6vNWBcluMxpPjKxR
HhmxZMak+kf8fHHNDqsSK1lQ5EvS6RT8BaW0axMWO/YZn8rlnVsdqw7h4dPEYrF3
Z0veXx23ch0z1jlTpHBu7A5bBVndXH4ORi1juonFhL+YZ/pX2c7eBCweM1iMNOIu
uXwWAWbR20XlhR5/+3x/ICAdAJNewlP916BR8dkkNjrkBrLqMeHzy1Jv
-----END CERTIFICATE-----