Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          TddHUvB4nFKOUwdquEYBiIpAy6jvCIi2yCMKeok8BmQ=
Subject key identifier:   A7:FC:FC:53:00:8A:A2:E4:09:C0:64:2D:F1:4A:22:CF:F9:0E:64:6E
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4C56ED8688D5A92D3F8231F1E4A59EFCAE0978A2
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa
Signing time:             Tue 07 Oct 2025 04:18:44 +0000
ROA not before:           Tue 07 Oct 2025 04:13:44 +0000
ROA not after:            Tue 06 Oct 2026 04:18:44 +0000
asID:                     25198
IP address blocks:        212.115.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:54:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:56:ed:86:88:d5:a9:2d:3f:82:31:f1:e4:a5:9e:fc:ae:09:78:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct  7 04:13:44 2025 GMT
            Not After : Oct  6 04:18:44 2026 GMT
        Subject: CN=A7FCFC53008AA2E409C0642DF14A22CFF90E646E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7b:64:a9:bb:20:87:c5:05:8d:9d:d0:af:43:
                    2d:a7:89:a5:95:cc:af:8e:a2:ce:5b:87:9d:0f:56:
                    17:99:98:33:d3:74:45:32:7a:67:c8:9c:f5:93:3e:
                    51:9c:30:b1:07:1b:07:74:d4:37:11:f6:3d:0b:6f:
                    c0:eb:5d:3c:50:61:a9:61:93:0a:05:b8:5a:23:67:
                    5e:4a:75:d9:e9:5c:12:8c:8d:f2:88:8f:68:52:3b:
                    dc:1f:e9:1e:9c:ca:c0:11:01:61:b5:44:e0:a6:37:
                    87:38:67:82:c4:8f:62:04:4d:d6:dd:2d:18:1c:43:
                    3e:b6:cf:89:a7:60:ad:2f:a5:07:78:04:17:ed:b9:
                    e6:54:c1:85:e3:a0:41:25:26:9a:6a:5f:02:01:54:
                    e8:1a:bb:71:07:47:56:ac:b9:33:61:1c:7e:43:1f:
                    68:e5:bb:4a:bd:ed:aa:d2:82:18:7b:f0:2f:03:d9:
                    65:71:2e:8f:c5:ee:ee:0d:f8:d8:da:58:bd:0f:d1:
                    9f:f0:2d:d4:8c:78:03:40:3d:bf:f3:56:a3:d0:34:
                    71:2a:25:2b:1d:1c:ab:7c:27:5a:69:29:d6:60:3b:
                    e4:4b:99:fb:2b:7a:96:3d:fa:c3:e4:9c:b8:c8:fe:
                    b0:99:75:80:1f:8a:b6:d6:36:c1:91:b5:c6:f0:a8:
                    28:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:FC:FC:53:00:8A:A2:E4:09:C0:64:2D:F1:4A:22:CF:F9:0E:64:6E
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:88:06:c7:88:6a:ae:eb:a7:5a:72:ce:b5:2b:0d:f3:b6:20:
         c1:36:84:07:f0:45:22:1d:f1:a9:98:ee:f7:cc:c1:4b:af:48:
         cc:16:a7:d2:bb:8a:1e:4a:67:dc:14:7a:8c:33:2b:87:55:65:
         5c:0a:48:ef:62:6c:94:b0:a1:12:41:a8:4d:71:73:65:99:fb:
         84:31:d3:1c:ef:90:cd:9a:df:e2:a9:9d:74:6e:a2:b9:1b:4c:
         e0:73:af:ee:c0:ca:76:13:51:eb:07:e1:e6:41:65:0b:11:d8:
         dc:a1:f0:64:b2:88:3d:99:18:67:1c:e2:0d:9c:25:b9:43:8c:
         cd:2a:b6:13:30:43:1b:8f:48:19:f1:6d:93:28:03:49:6d:ad:
         a5:68:6a:17:af:cd:3d:f9:e7:46:2f:de:11:8a:f1:3d:b6:31:
         60:38:7a:11:b2:08:30:b0:57:a6:9a:3b:ea:30:48:48:64:79:
         de:55:19:16:a9:17:38:05:ac:b8:8f:9b:75:8e:42:83:22:5b:
         7b:94:69:9f:57:a7:ab:98:f2:23:d5:34:85:9b:c1:07:36:04:
         9f:45:e9:45:62:ec:44:87:ae:71:43:16:f3:98:37:a3:8d:8e:
         6a:e4:ed:05:0d:9b:6c:18:f9:dd:5b:93:2f:4c:8b:22:1d:ad:
         8b:49:b9:5a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTFbthojVqS0/gjHx5KWe/K4JeKIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMDcwNDEzNDRaFw0yNjEwMDYwNDE4NDRaMDMxMTAvBgNV
BAMTKEE3RkNGQzUzMDA4QUEyRTQwOUMwNjQyREYxNEEyMkNGRjkwRTY0NkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSe2SpuyCHxQWNndCvQy2niaWV
zK+Oos5bh50PVheZmDPTdEUyemfInPWTPlGcMLEHGwd01DcR9j0Lb8DrXTxQYalh
kwoFuFojZ15KddnpXBKMjfKIj2hSO9wf6R6cysARAWG1ROCmN4c4Z4LEj2IETdbd
LRgcQz62z4mnYK0vpQd4BBftueZUwYXjoEElJppqXwIBVOgau3EHR1asuTNhHH5D
H2jlu0q97arSghh78C8D2WVxLo/F7u4N+NjaWL0P0Z/wLdSMeANAPb/zVqPQNHEq
JSsdHKt8J1ppKdZgO+RLmfsrepY9+sPknLjI/rCZdYAfirbWNsGRtcbwqCgrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUp/z8UwCKouQJwGQt8Uoiz/kOZG4wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUc2Yw
DQYJKoZIhvcNAQELBQADggEBAByIBseIaq7rp1pyzrUrDfO2IME2hAfwRSId8amY
7vfMwUuvSMwWp9K7ih5KZ9wUeowzK4dVZVwKSO9ibJSwoRJBqE1xc2WZ+4Qx0xzv
kM2a3+KpnXRuorkbTOBzr+7AynYTUesH4eZBZQsR2Nyh8GSyiD2ZGGcc4g2cJblD
jM0qthMwQxuPSBnxbZMoA0ltraVoahevzT3550Yv3hGK8T22MWA4ehGyCDCwV6aa
O+owSEhked5VGRapFzgFrLiPm3WOQoMiW3uUaZ9Xp6uY8iPVNIWbwQc2BJ9F6UVi
7ESHrnFDFvOYN6ONjmrk7QUNm2wY+d1bky9MiyIdrYtJuVo=
-----END CERTIFICATE-----