Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198825.roa
File:                     AS198825.roa (raw, json)
Hash identifier:          RGnn7XBRyZQJ1sCwvzGjvgaZIzWGT7XF2CC3A08ib+c=
Subject key identifier:   43:CA:BE:32:2C:06:31:67:97:D7:FB:6D:48:33:A3:D8:0A:4B:98:C8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2F5820935FF86C17426953FDF6F49588B1AB4398
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198825.roa
Signing time:             Wed 20 Aug 2025 08:05:34 +0000
ROA not before:           Wed 20 Aug 2025 08:00:34 +0000
ROA not after:            Wed 19 Aug 2026 08:05:34 +0000
asID:                     198825
IP address blocks:        82.22.77.0/24 maxlen: 24
                          82.26.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:58:20:93:5f:f8:6c:17:42:69:53:fd:f6:f4:95:88:b1:ab:43:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 20 08:00:34 2025 GMT
            Not After : Aug 19 08:05:34 2026 GMT
        Subject: CN=43CABE322C06316797D7FB6D4833A3D80A4B98C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:63:a4:e8:53:7a:10:31:f0:31:d3:72:1d:f5:
                    da:83:d2:7d:f3:d0:72:7f:b1:15:d0:85:ae:96:7a:
                    4e:2a:66:41:01:19:6f:52:79:b9:2e:bb:86:d9:a0:
                    6f:cf:6f:5d:4a:d0:0b:07:18:4d:7f:f0:67:9f:e9:
                    a2:bd:71:9c:62:57:cd:26:f9:37:83:7f:e8:c4:94:
                    3a:e9:30:3f:b9:94:03:c4:1d:98:b2:d2:c7:26:2a:
                    53:3a:7e:a0:ae:d1:df:ba:d7:db:07:84:2b:f6:3d:
                    94:12:7f:41:6b:8a:1c:0c:81:00:75:05:91:a1:f6:
                    dd:74:9c:76:b6:cd:44:78:65:e5:77:2d:4d:6c:47:
                    e2:f1:31:e4:b6:4a:b6:7f:68:c8:16:35:bd:c6:e0:
                    f0:7f:33:92:3d:71:d9:84:4f:67:47:40:af:b6:ab:
                    4b:22:84:1b:aa:65:7f:99:9e:6c:76:b0:2d:11:1b:
                    10:df:5f:f1:7a:f6:bd:3a:f6:da:b2:2a:d3:30:9d:
                    45:77:1f:39:ec:e3:1b:ba:d8:c7:f5:bf:0c:89:ca:
                    10:71:e8:60:d7:8e:f4:e8:90:69:4b:d5:5a:2a:ed:
                    cf:06:28:e4:94:d0:40:22:ff:4f:5f:ef:12:9e:7d:
                    75:96:a5:16:11:41:aa:f6:da:84:ca:54:1a:c3:29:
                    d2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:CA:BE:32:2C:06:31:67:97:D7:FB:6D:48:33:A3:D8:0A:4B:98:C8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198825.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.77.0/24
                  82.26.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ea:cb:01:b8:df:11:1f:e5:90:c7:c8:5b:63:8e:4e:c8:10:
         d9:ea:c3:0f:7b:f5:36:5d:26:18:27:63:5b:ff:b3:b0:ef:71:
         6c:fb:b5:08:75:7f:95:46:f7:b0:08:cd:9d:77:03:73:c6:b1:
         bd:7e:f6:fc:e2:48:dc:ea:50:dc:d1:d7:11:49:e8:23:7f:53:
         d5:67:27:0b:55:b0:2f:57:11:85:db:69:de:3e:66:b5:dc:c4:
         1a:b9:65:27:48:3e:9a:94:dc:28:53:10:39:97:42:bc:ff:d8:
         ef:f8:cb:1d:ee:61:b3:a5:ef:9a:b7:c9:d9:64:7f:44:f7:72:
         77:e6:55:83:a7:5f:2f:95:94:ba:d0:d0:df:a9:81:73:18:5c:
         b7:38:aa:cf:e8:41:0d:3c:6d:f6:50:55:b1:41:81:bd:20:cf:
         c3:71:a4:6b:81:5c:23:ab:b2:d6:ea:fc:ce:97:bb:a8:49:e7:
         a5:d9:30:9b:b9:ca:99:7a:99:b5:00:a0:25:b7:51:ed:b7:63:
         bd:6a:eb:29:93:b6:c9:11:27:c2:ec:07:d7:94:47:bd:36:54:
         2a:17:d1:19:73:0a:00:c1:cb:ce:57:5b:ee:83:41:33:d3:5d:
         7f:7a:cf:44:a2:f3:d6:33:d6:9c:7d:c7:10:32:ec:23:42:c4:
         2b:54:a2:e6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUL1ggk1/4bBdCaVP99vSViLGrQ5gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MjAwODAwMzRaFw0yNjA4MTkwODA1MzRaMDMxMTAvBgNV
BAMTKDQzQ0FCRTMyMkMwNjMxNjc5N0Q3RkI2RDQ4MzNBM0Q4MEE0Qjk4QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXY6ToU3oQMfAx03Id9dqD0n3z
0HJ/sRXQha6Wek4qZkEBGW9Sebkuu4bZoG/Pb11K0AsHGE1/8Gef6aK9cZxiV80m
+TeDf+jElDrpMD+5lAPEHZiy0scmKlM6fqCu0d+619sHhCv2PZQSf0FrihwMgQB1
BZGh9t10nHa2zUR4ZeV3LU1sR+LxMeS2SrZ/aMgWNb3G4PB/M5I9cdmET2dHQK+2
q0sihBuqZX+Znmx2sC0RGxDfX/F69r069tqyKtMwnUV3Hzns4xu62Mf1vwyJyhBx
6GDXjvTokGlL1Voq7c8GKOSU0EAi/09f7xKefXWWpRYRQar22oTKVBrDKdLzAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUQ8q+MiwGMWeX1/ttSDOj2ApLmMgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4ODI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhZN
AwQAUhqdMA0GCSqGSIb3DQEBCwUAA4IBAQAq6ssBuN8RH+WQx8hbY45OyBDZ6sMP
e/U2XSYYJ2Nb/7Ow73Fs+7UIdX+VRvewCM2ddwNzxrG9fvb84kjc6lDc0dcRSegj
f1PVZycLVbAvVxGF22nePma13MQauWUnSD6alNwoUxA5l0K8/9jv+Msd7mGzpe+a
t8nZZH9E93J35lWDp18vlZS60NDfqYFzGFy3OKrP6EENPG32UFWxQYG9IM/DcaRr
gVwjq7LW6vzOl7uoSeel2TCbucqZepm1AKAlt1Htt2O9auspk7bJESfC7AfXlEe9
NlQqF9EZcwoAwcvOV1vug0Ez011/es9EovPWM9acfccQMuwjQsQrVKLm
-----END CERTIFICATE-----