Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198963.roa
File:                     AS198963.roa (raw, json)
Hash identifier:          6KUjUXAyN1tSE7nyTkrBqbs3gE3aAhUA4jresf62r5Y=
Subject key identifier:   9B:12:8B:F9:5F:9E:96:56:FE:43:63:7B:0F:74:68:2D:51:39:F1:27
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3524A4E421F9BDE5E7F77CA6FAF53E094B3F5F4C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198963.roa
Signing time:             Mon 11 May 2026 00:01:07 +0000
ROA not before:           Sun 10 May 2026 23:56:07 +0000
ROA not after:            Mon 10 May 2027 00:01:07 +0000
asID:                     198963
IP address blocks:        2a13:9500:8b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:24:a4:e4:21:f9:bd:e5:e7:f7:7c:a6:fa:f5:3e:09:4b:3f:5f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 10 23:56:07 2026 GMT
            Not After : May 10 00:01:07 2027 GMT
        Subject: CN=9B128BF95F9E9656FE43637B0F74682D5139F127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f0:a6:7f:20:a7:d0:12:76:2a:51:2f:8c:74:
                    77:19:ad:08:ad:b9:b5:1c:04:2a:e9:07:f5:35:b6:
                    b3:85:f4:32:af:fe:76:b0:78:e0:05:54:42:79:3b:
                    1e:0f:d2:34:0e:54:d9:00:2d:aa:bf:13:ba:66:9c:
                    79:7b:14:72:cf:6a:8e:52:c9:9e:74:a7:2b:1a:7b:
                    18:bb:35:a1:33:46:10:ba:72:c6:9d:7e:49:8f:4a:
                    2c:bb:79:0e:88:e1:62:c2:2e:a3:fc:b5:34:fb:0c:
                    d4:d0:cc:02:b9:b3:7f:69:08:3d:7a:87:eb:8e:70:
                    9f:07:81:5d:b5:16:a8:66:36:0f:07:e0:d5:33:92:
                    b0:fd:d8:b1:93:4c:49:63:32:27:77:99:3c:30:9c:
                    2b:72:31:d9:7f:db:79:e6:1a:9d:d0:5a:cb:d6:07:
                    93:c9:3f:ae:b4:83:ca:75:3c:26:6b:dc:42:38:41:
                    a4:89:5b:09:a4:7b:14:43:27:bb:19:92:2e:bf:ab:
                    46:9e:98:64:a2:5f:b7:31:61:f6:f0:c7:ff:f1:1c:
                    c7:7d:6b:1a:67:df:c3:52:b8:92:e8:f9:00:10:1c:
                    69:c6:2f:b3:d3:aa:37:35:61:00:67:e1:0f:e6:78:
                    f9:87:5b:b1:bb:80:d8:fd:57:17:56:08:ad:6b:c9:
                    97:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:12:8B:F9:5F:9E:96:56:FE:43:63:7B:0F:74:68:2D:51:39:F1:27
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198963.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:8b::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:2b:7a:82:a6:69:6f:25:37:45:bd:e3:af:d2:c6:eb:eb:b6:
         81:02:43:28:de:44:e5:61:23:87:c1:26:a3:d8:14:ef:d8:75:
         68:99:f7:9f:00:3f:ad:90:24:bc:f6:50:a2:d6:cd:aa:6f:be:
         12:18:f0:c3:21:27:ff:59:b2:fe:14:84:3f:de:74:33:d6:b0:
         7d:c4:15:cd:a2:2a:40:1e:64:8f:23:db:f9:4f:ad:a4:e2:aa:
         78:5a:26:90:4e:e3:21:91:b5:dd:0a:07:c5:d5:8a:7a:83:8b:
         bb:94:42:3b:dd:46:82:cc:9a:94:d3:aa:f0:12:0c:40:77:8e:
         73:e8:ac:eb:12:0e:07:95:db:de:a7:3c:6b:0b:ec:75:ee:b5:
         e1:bb:87:33:de:85:6a:ec:38:5f:8f:8e:0e:47:0c:9b:2c:98:
         9a:ae:d1:03:e1:c0:43:a7:62:11:f6:40:c1:32:89:fb:97:e0:
         d9:b0:a3:b9:fc:53:bb:c1:d7:ea:de:df:3a:3a:35:a3:44:a8:
         5a:2c:cc:3e:bb:dc:0e:1d:a8:f5:78:0d:35:d7:20:03:65:72:
         14:34:0c:9d:cc:88:4d:e6:91:4c:fa:6b:61:d6:9a:e8:ce:9e:
         f3:e6:d4:00:7b:85:a9:3c:df:5f:49:fd:75:15:81:61:6d:8d:
         5c:61:cb:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNSSk5CH5veXn93ym+vU+CUs/X0wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTAyMzU2MDdaFw0yNzA1MTAwMDAxMDdaMDMxMTAvBgNV
BAMTKDlCMTI4QkY5NUY5RTk2NTZGRTQzNjM3QjBGNzQ2ODJENTEzOUYxMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn8KZ/IKfQEnYqUS+MdHcZrQit
ubUcBCrpB/U1trOF9DKv/naweOAFVEJ5Ox4P0jQOVNkALaq/E7pmnHl7FHLPao5S
yZ50pysaexi7NaEzRhC6csadfkmPSiy7eQ6I4WLCLqP8tTT7DNTQzAK5s39pCD16
h+uOcJ8HgV21FqhmNg8H4NUzkrD92LGTTEljMid3mTwwnCtyMdl/23nmGp3QWsvW
B5PJP660g8p1PCZr3EI4QaSJWwmkexRDJ7sZki6/q0aemGSiX7cxYfbwx//xHMd9
axpn38NSuJLo+QAQHGnGL7PTqjc1YQBn4Q/mePmHW7G7gNj9VxdWCK1ryZeXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUmxKL+V+ellb+Q2N7D3RoLVE58ScwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4OTYzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACLMA0GCSqGSIb3DQEBCwUAA4IBAQCeK3qCpmlvJTdFveOv0sbr67aBAkMo3kTl
YSOHwSaj2BTv2HVomfefAD+tkCS89lCi1s2qb74SGPDDISf/WbL+FIQ/3nQz1rB9
xBXNoipAHmSPI9v5T62k4qp4WiaQTuMhkbXdCgfF1Yp6g4u7lEI73UaCzJqU06rw
EgxAd45z6KzrEg4HldvepzxrC+x17rXhu4cz3oVq7Dhfj44ORwybLJiartED4cBD
p2IR9kDBMon7l+DZsKO5/FO7wdfq3t86OjWjRKhaLMw+u9wOHaj1eA011yADZXIU
NAydzIhN5pFM+mth1prozp7z5tQAe4WpPN9fSf11FYFhbY1cYcsV
-----END CERTIFICATE-----