Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          pVVeiFfmBqaUJAyFvGvlXRcmtQdZviqGD+Irt9k8qgU=
Subject key identifier:   19:19:64:3C:F2:E3:4F:DE:4B:68:26:FC:AC:89:AD:6C:A6:5B:AF:C9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7D93EE8B41751EC373C5503805F5C0B874C251F1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
Signing time:             Wed 18 Mar 2026 07:35:35 +0000
ROA not before:           Wed 18 Mar 2026 07:30:35 +0000
ROA not after:            Wed 17 Mar 2027 07:35:35 +0000
asID:                     25198
IP address blocks:        82.25.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:93:ee:8b:41:75:1e:c3:73:c5:50:38:05:f5:c0:b8:74:c2:51:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 18 07:30:35 2026 GMT
            Not After : Mar 17 07:35:35 2027 GMT
        Subject: CN=1919643CF2E34FDE4B6826FCAC89AD6CA65BAFC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:29:a5:aa:c3:57:65:0e:56:02:a0:26:f8:85:
                    60:6e:9b:be:35:c8:ba:45:cd:24:14:10:5b:ff:0f:
                    e8:02:f4:ab:90:4d:28:d7:94:cd:bb:e4:ee:76:2f:
                    2e:64:78:0d:d2:fd:92:cc:2a:75:68:33:d8:35:d7:
                    c2:c8:f1:1b:62:73:fd:e3:e4:02:78:50:3e:0b:d7:
                    4e:de:55:e2:bc:58:0a:b5:b6:b4:cf:03:9c:79:cd:
                    d1:1b:f4:d4:8e:bb:de:bb:b0:a4:b0:10:e2:d7:38:
                    76:6a:ec:4e:9d:e2:db:5a:85:fb:f2:19:16:56:ca:
                    06:9e:fb:f5:cb:9f:ee:bf:5c:9a:d8:42:53:b6:0b:
                    e5:86:9f:99:c2:34:a0:a6:4a:8d:cc:cf:65:1e:68:
                    8d:06:30:a1:ff:41:c6:19:9e:fb:df:a7:f6:fc:8d:
                    3a:89:3a:36:72:04:59:64:9b:a0:f1:0b:72:98:36:
                    d1:0a:c4:43:ef:fc:20:5e:0c:c0:3c:23:fb:8f:a1:
                    98:b1:ef:50:af:7c:aa:f1:24:56:6a:2f:73:c5:df:
                    64:18:26:f2:a7:4d:f3:28:30:fa:eb:8c:da:04:1a:
                    55:2c:15:1c:e1:e5:9b:40:10:a1:ef:71:bf:f1:d0:
                    5d:a3:72:28:d0:d3:33:bf:cd:d7:43:7b:08:5e:5a:
                    a1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:19:64:3C:F2:E3:4F:DE:4B:68:26:FC:AC:89:AD:6C:A6:5B:AF:C9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:89:20:2b:b8:4d:77:da:40:97:7d:a7:9e:ed:b7:f2:62:c8:
         60:2d:f9:57:e4:98:5c:f2:be:11:87:69:e8:eb:54:fd:6f:f4:
         4e:39:d8:fc:88:65:a4:8c:89:20:c1:cb:b7:d1:2a:e8:16:64:
         28:e5:b1:10:6b:fd:a2:dc:3d:fc:1b:09:11:80:3f:ef:b5:22:
         d9:c8:cf:5e:63:77:81:b7:7f:5a:74:97:30:74:54:05:43:13:
         53:06:0e:15:68:1d:02:aa:44:c0:f6:bb:48:e1:07:fb:4d:33:
         2b:a2:16:8f:b9:36:56:2c:14:78:1a:06:d8:bd:39:e0:1f:53:
         74:20:75:18:64:b8:91:a3:ef:96:77:2f:d8:27:e3:cb:d1:2a:
         73:d1:95:e4:bc:d1:73:45:d3:4d:86:4e:68:45:0d:c7:d4:7d:
         48:6a:8b:fb:4e:18:b7:b3:58:a1:95:f6:39:a9:da:88:3d:c8:
         eb:08:52:b3:59:0f:5c:be:16:d0:9a:4e:42:3a:7e:d1:8b:c3:
         4b:54:7b:81:de:19:fd:98:26:da:68:44:b7:84:e5:e2:12:67:
         8e:79:7f:1d:6a:f3:68:c4:42:ce:e9:e9:df:c2:a5:c3:42:23:
         ae:d8:2e:7c:2b:81:28:ad:02:d7:bf:67:66:e3:64:a5:e9:76:
         98:c3:37:89
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfZPui0F1HsNzxVA4BfXAuHTCUfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTgwNzMwMzVaFw0yNzAzMTcwNzM1MzVaMDMxMTAvBgNV
BAMTKDE5MTk2NDNDRjJFMzRGREU0QjY4MjZGQ0FDODlBRDZDQTY1QkFGQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfKaWqw1dlDlYCoCb4hWBum741
yLpFzSQUEFv/D+gC9KuQTSjXlM275O52Ly5keA3S/ZLMKnVoM9g118LI8Rtic/3j
5AJ4UD4L107eVeK8WAq1trTPA5x5zdEb9NSOu967sKSwEOLXOHZq7E6d4ttahfvy
GRZWygae+/XLn+6/XJrYQlO2C+WGn5nCNKCmSo3Mz2UeaI0GMKH/QcYZnvvfp/b8
jTqJOjZyBFlkm6DxC3KYNtEKxEPv/CBeDMA8I/uPoZix71CvfKrxJFZqL3PF32QY
JvKnTfMoMPrrjNoEGlUsFRzh5ZtAEKHvcb/x0F2jcijQ0zO/zddDewheWqEnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUGRlkPPLjT95LaCb8rImtbKZbr8kwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGbsw
DQYJKoZIhvcNAQELBQADggEBACuJICu4TXfaQJd9p57tt/JiyGAt+VfkmFzyvhGH
aejrVP1v9E452PyIZaSMiSDBy7fRKugWZCjlsRBr/aLcPfwbCRGAP++1ItnIz15j
d4G3f1p0lzB0VAVDE1MGDhVoHQKqRMD2u0jhB/tNMyuiFo+5NlYsFHgaBti9OeAf
U3QgdRhkuJGj75Z3L9gn48vRKnPRleS80XNF002GTmhFDcfUfUhqi/tOGLezWKGV
9jmp2og9yOsIUrNZD1y+FtCaTkI6ftGLw0tUe4HeGf2YJtpoRLeE5eISZ455fx1q
82jEQs7p6d/CpcNCI67YLnwrgSitAte/Z2bjZKXpdpjDN4k=
-----END CERTIFICATE-----