Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS198478.roa
File:                     AS198478.roa (raw, json)
Hash identifier:          wyMgQl7OideoXMqojarJWiss5eAMKNmqfnIU1qYWEOA=
Subject key identifier:   D6:1E:48:31:95:FE:BA:E5:C3:96:E2:FF:0B:40:03:CC:23:89:B6:05
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1B4EB807260671054799AE5805ABCBE42165B909
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS198478.roa
Signing time:             Mon 27 Apr 2026 13:14:08 +0000
ROA not before:           Mon 27 Apr 2026 13:09:08 +0000
ROA not after:            Mon 26 Apr 2027 13:14:08 +0000
asID:                     198478
IP address blocks:        2a14:7581:ff9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:4e:b8:07:26:06:71:05:47:99:ae:58:05:ab:cb:e4:21:65:b9:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr 27 13:09:08 2026 GMT
            Not After : Apr 26 13:14:08 2027 GMT
        Subject: CN=D61E483195FEBAE5C396E2FF0B4003CC2389B605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:79:f4:e4:1b:df:c9:0e:4a:ef:b4:f5:5f:2d:
                    40:20:3e:3f:38:a5:34:08:2b:66:53:44:b9:e9:6e:
                    7d:25:fd:3a:84:c0:a6:05:0d:eb:f7:f0:6d:91:04:
                    1b:a5:c5:59:e8:b5:37:0d:a3:2f:dc:0f:f2:d7:dd:
                    ff:e1:b1:cb:cd:5d:74:6d:72:53:fe:1d:c2:2d:c7:
                    1b:f1:ea:9c:4a:4a:4a:34:b9:db:d5:53:d3:9c:11:
                    e4:b0:a1:f9:09:79:ec:ce:9c:18:fb:f4:42:b6:ff:
                    c2:85:f4:12:5d:a3:e8:d4:b7:51:c7:87:f0:5e:e8:
                    74:1a:62:55:45:de:0e:f0:08:f4:1f:59:57:f2:df:
                    01:43:21:c6:bd:29:fe:bb:c7:dd:45:56:b0:1e:7e:
                    d7:de:82:33:1d:59:0a:5a:56:e4:77:23:e3:0b:39:
                    eb:b8:89:c5:32:ff:5d:9e:dc:23:69:4e:c6:5d:27:
                    1f:e6:aa:dc:9f:9f:da:80:f8:d9:38:f4:3a:02:f5:
                    4e:42:b6:b6:c9:16:e5:57:c0:be:a0:37:6b:bb:fc:
                    98:5e:8a:b2:18:09:47:75:58:c4:4a:9c:40:43:46:
                    2a:03:96:46:e5:28:fd:6f:58:97:be:65:a0:e2:35:
                    17:8f:85:56:7c:8f:f9:72:52:3d:32:cf:3f:1b:dd:
                    82:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:1E:48:31:95:FE:BA:E5:C3:96:E2:FF:0B:40:03:CC:23:89:B6:05
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS198478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:ff9::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:5e:7c:2c:7c:24:19:7e:85:6e:b6:ed:84:c5:c8:81:3c:55:
         e4:e7:a5:9f:e0:c7:28:cd:2c:d7:3b:8b:f1:83:f8:9b:c9:48:
         c8:31:14:9c:81:2a:55:e1:de:c4:cd:1c:ad:d8:e7:e2:b2:e6:
         bf:b1:c7:bc:95:f2:d0:4f:cc:38:a3:80:27:a8:39:c3:36:7d:
         cd:57:3b:09:44:ea:d5:7f:31:ef:71:ff:a7:0e:84:b2:22:b8:
         06:fb:e4:5c:c2:e0:4f:0d:9b:86:09:44:fc:8e:91:ca:22:78:
         61:56:12:be:59:ab:26:4a:3a:30:4a:89:90:d4:17:77:9b:a0:
         fb:7e:d3:85:fd:26:da:91:69:f3:a4:ec:c4:92:3e:7f:bd:3e:
         2e:27:b6:f6:78:5d:06:89:77:6f:67:81:34:93:39:3a:fe:8d:
         1a:90:af:fa:eb:e4:e4:8d:cf:59:e9:73:3b:f9:dc:1c:2b:5d:
         c1:09:38:78:dd:64:8f:86:a9:1d:2c:aa:72:95:4b:a0:ff:d6:
         1e:53:58:db:cf:8c:c5:71:25:71:be:f9:e3:f0:b7:42:e7:db:
         29:bf:2d:ed:b1:4c:9f:0d:e5:dc:4a:42:16:cd:f2:ef:0d:5b:
         c1:40:df:64:dd:25:31:06:c0:41:ca:25:48:51:69:f0:76:89:
         85:95:26:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUG064ByYGcQVHma5YBavL5CFluQkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA0MjcxMzA5MDhaFw0yNzA0MjYxMzE0MDhaMDMxMTAvBgNV
BAMTKEQ2MUU0ODMxOTVGRUJBRTVDMzk2RTJGRjBCNDAwM0NDMjM4OUI2MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdefTkG9/JDkrvtPVfLUAgPj84
pTQIK2ZTRLnpbn0l/TqEwKYFDev38G2RBBulxVnotTcNoy/cD/LX3f/hscvNXXRt
clP+HcItxxvx6pxKSko0udvVU9OcEeSwofkJeezOnBj79EK2/8KF9BJdo+jUt1HH
h/Be6HQaYlVF3g7wCPQfWVfy3wFDIca9Kf67x91FVrAeftfegjMdWQpaVuR3I+ML
Oeu4icUy/12e3CNpTsZdJx/mqtyfn9qA+Nk49DoC9U5CtrbJFuVXwL6gN2u7/Jhe
irIYCUd1WMRKnEBDRioDlkblKP1vWJe+ZaDiNRePhVZ8j/lyUj0yzz8b3YIlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1h5IMZX+uuXDluL/C0ADzCOJtgUwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTk4NDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gQ/5MA0GCSqGSIb3DQEBCwUAA4IBAQAnXnwsfCQZfoVutu2ExciBPFXk56Wf4Mco
zSzXO4vxg/ibyUjIMRScgSpV4d7EzRyt2Ofisua/sce8lfLQT8w4o4AnqDnDNn3N
VzsJROrVfzHvcf+nDoSyIrgG++RcwuBPDZuGCUT8jpHKInhhVhK+WasmSjowSomQ
1Bd3m6D7ftOF/SbakWnzpOzEkj5/vT4uJ7b2eF0GiXdvZ4E0kzk6/o0akK/66+Tk
jc9Z6XM7+dwcK13BCTh43WSPhqkdLKpylUug/9YeU1jbz4zFcSVxvvnj8LdC59sp
vy3tsUyfDeXcSkIWzfLvDVvBQN9k3SUxBsBByiVIUWnwdomFlSZL
-----END CERTIFICATE-----