Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198474.roa
File:                     AS198474.roa (raw, json)
Hash identifier:          riQn8FbXE4IJiIbdqeEycrYo2fr9/fn05RyBuWDwEik=
Subject key identifier:   8C:96:39:C3:63:3F:CD:B1:F6:F8:69:88:1B:28:1F:30:DD:CA:7B:0E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4D4AAEC28EC889C74FA1749D5E8F57868CFEDAC4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198474.roa
Signing time:             Fri 08 May 2026 02:27:05 +0000
ROA not before:           Fri 08 May 2026 02:22:05 +0000
ROA not after:            Fri 07 May 2027 02:27:05 +0000
asID:                     198474
IP address blocks:        82.41.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:4a:ae:c2:8e:c8:89:c7:4f:a1:74:9d:5e:8f:57:86:8c:fe:da:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  8 02:22:05 2026 GMT
            Not After : May  7 02:27:05 2027 GMT
        Subject: CN=8C9639C3633FCDB1F6F869881B281F30DDCA7B0E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:18:b2:77:04:10:e6:2b:df:3b:6b:79:48:3e:
                    12:52:a6:63:22:2a:9c:c3:ed:91:20:76:bb:7a:c5:
                    97:30:5a:35:80:6a:e5:3e:9d:27:0e:d2:ed:19:2e:
                    aa:e3:ac:3e:c2:00:63:cc:6d:f6:4e:0d:b8:cd:0c:
                    c5:98:9e:e7:80:f1:c1:93:55:86:f3:d8:64:68:39:
                    8c:b9:c2:d8:8a:72:0e:d0:4b:71:62:d0:f9:a4:d3:
                    f7:fc:59:7f:29:46:f9:e7:32:05:9d:77:73:17:c6:
                    95:40:73:c5:87:41:1a:c9:af:54:fe:c3:11:22:b5:
                    0e:13:c1:e3:21:2b:c3:5e:ec:d1:d9:7d:90:5e:44:
                    72:32:4b:7e:df:86:13:72:ea:3b:e1:04:4e:db:a3:
                    34:cd:3e:14:1f:9e:53:ba:5c:3f:4e:d1:1f:f7:f7:
                    35:fa:0e:3d:86:69:8e:61:96:b2:68:2f:37:d4:1d:
                    ce:06:57:3b:bf:64:f1:c4:d1:24:24:01:4b:28:e7:
                    72:f5:29:c5:74:94:b2:51:18:cc:ed:64:7c:fe:69:
                    42:53:0d:cc:cc:44:98:8c:36:85:10:5e:27:1e:a9:
                    cf:80:11:4e:9c:bf:6a:fc:56:2f:2a:7a:6d:9e:55:
                    09:9b:b4:c7:de:80:9e:c3:8b:29:00:fb:71:03:10:
                    61:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:96:39:C3:63:3F:CD:B1:F6:F8:69:88:1B:28:1F:30:DD:CA:7B:0E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198474.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:e3:0a:2e:55:30:48:49:39:c7:be:16:c6:8a:6e:96:a0:b5:
         1d:be:cc:a5:2f:1c:8d:d9:cd:e0:8b:43:19:63:c2:df:72:c4:
         75:bb:66:db:53:10:3b:07:03:cd:07:f7:a9:b2:f1:f9:46:06:
         b1:54:e9:bd:88:2f:69:46:07:9d:a3:c7:eb:f1:18:6f:1b:9b:
         5b:98:57:30:2e:1a:d2:bd:ac:1e:cf:9a:fa:3a:e7:70:34:d9:
         20:5c:b4:c9:38:ec:74:56:c2:d9:ca:3d:5b:11:49:14:1a:2a:
         60:69:1b:c8:18:17:e2:5b:ca:02:37:a0:ad:61:ae:b3:e8:d7:
         eb:3b:0b:b6:73:b9:16:85:1f:0a:f1:66:bd:ff:a6:8e:f6:38:
         54:54:ba:e0:db:7a:40:92:3b:6f:3a:a9:81:64:39:18:27:ef:
         e4:e2:7e:3b:ef:db:b1:3c:21:2e:4e:ab:be:eb:a1:cf:2d:c5:
         33:cb:3c:04:ec:45:40:5a:68:f5:d8:5a:3e:55:9c:2c:d0:34:
         f9:6e:aa:e5:4c:47:ce:a3:3b:83:b0:44:de:70:88:48:5d:5c:
         4a:f2:30:3a:90:97:6c:25:46:09:4f:8a:0a:f7:8c:66:d8:5e:
         81:21:34:13:b3:73:c3:ab:ae:26:d5:d0:8a:74:76:b4:ca:c7:
         50:4b:d1:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTUquwo7IicdPoXSdXo9Xhoz+2sQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDgwMjIyMDVaFw0yNzA1MDcwMjI3MDVaMDMxMTAvBgNV
BAMTKDhDOTYzOUMzNjMzRkNEQjFGNkY4Njk4ODFCMjgxRjMwRERDQTdCMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4GLJ3BBDmK987a3lIPhJSpmMi
KpzD7ZEgdrt6xZcwWjWAauU+nScO0u0ZLqrjrD7CAGPMbfZODbjNDMWYnueA8cGT
VYbz2GRoOYy5wtiKcg7QS3Fi0Pmk0/f8WX8pRvnnMgWdd3MXxpVAc8WHQRrJr1T+
wxEitQ4TweMhK8Ne7NHZfZBeRHIyS37fhhNy6jvhBE7bozTNPhQfnlO6XD9O0R/3
9zX6Dj2GaY5hlrJoLzfUHc4GVzu/ZPHE0SQkAUso53L1KcV0lLJRGMztZHz+aUJT
DczMRJiMNoUQXiceqc+AEU6cv2r8Vi8qem2eVQmbtMfegJ7DiykA+3EDEGHbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjJY5w2M/zbH2+GmIGygfMN3Kew4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4NDc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUikT
MA0GCSqGSIb3DQEBCwUAA4IBAQBR4wouVTBISTnHvhbGim6WoLUdvsylLxyN2c3g
i0MZY8LfcsR1u2bbUxA7BwPNB/epsvH5RgaxVOm9iC9pRgedo8fr8RhvG5tbmFcw
LhrSvawez5r6OudwNNkgXLTJOOx0VsLZyj1bEUkUGipgaRvIGBfiW8oCN6CtYa6z
6NfrOwu2c7kWhR8K8Wa9/6aO9jhUVLrg23pAkjtvOqmBZDkYJ+/k4n4779uxPCEu
Tqu+66HPLcUzyzwE7EVAWmj12Fo+VZws0DT5bqrlTEfOozuDsETecIhIXVxK8jA6
kJdsJUYJT4oK94xm2F6BITQTs3PDq64m1dCKdHa0ysdQS9Fd
-----END CERTIFICATE-----