Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS197858.roa
File:                     AS197858.roa (raw, json)
Hash identifier:          Z+DgVo1phCA6DA5OkHSVL3h9yU/hUo0TeZNYQvD8HPQ=
Subject key identifier:   7A:B2:31:1E:65:68:04:44:2C:A4:3B:19:43:82:B5:BD:8F:51:6A:FC
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5CB0C1289C8B26AA3A5F9ACD3D8888C3F6094D4F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS197858.roa
Signing time:             Wed 06 May 2026 12:32:11 +0000
ROA not before:           Wed 06 May 2026 12:27:11 +0000
ROA not after:            Wed 05 May 2027 12:32:11 +0000
asID:                     197858
IP address blocks:        141.11.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:b0:c1:28:9c:8b:26:aa:3a:5f:9a:cd:3d:88:88:c3:f6:09:4d:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  6 12:27:11 2026 GMT
            Not After : May  5 12:32:11 2027 GMT
        Subject: CN=7AB2311E656804442CA43B194382B5BD8F516AFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a9:e3:4e:3a:8b:66:46:70:22:81:96:07:8d:
                    54:5f:6b:12:25:2a:38:5f:f5:d1:93:6c:48:ac:53:
                    70:0a:8f:82:98:fb:44:d2:80:2d:81:76:b8:05:af:
                    29:ed:e3:c0:e5:5d:71:72:88:57:b2:d1:57:a4:89:
                    e0:00:48:f1:f3:bb:8f:1d:0e:2a:da:6f:3b:59:ce:
                    6e:84:a5:4a:8a:23:52:f0:7f:78:0d:15:b4:74:d5:
                    92:dd:9f:6e:e8:2b:55:84:0b:41:49:d6:ab:03:31:
                    5b:6b:6e:f3:1c:c7:96:57:1b:32:3d:fa:81:7d:d4:
                    e9:ae:c0:3f:77:89:e5:8e:ca:9b:20:a0:55:d9:79:
                    f8:15:59:c0:46:2a:ab:9b:70:e3:14:5f:2d:9f:f9:
                    1b:ad:10:9e:c2:15:e3:e4:7d:35:c3:22:10:b4:1e:
                    82:60:59:d5:59:3c:45:70:23:43:c4:ac:30:6f:1f:
                    32:72:e0:28:fa:9b:04:60:a9:00:2b:a0:a6:40:ca:
                    80:cd:bb:1a:01:32:5e:34:b8:4e:e6:a6:a9:f5:eb:
                    4d:37:57:42:31:b7:c7:28:5f:65:88:f2:98:52:88:
                    1a:a4:74:2b:f6:cf:9f:ed:d3:f7:4b:cd:5d:52:36:
                    d9:9d:a6:36:ba:8d:bb:71:bc:5a:f9:38:96:62:5b:
                    86:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B2:31:1E:65:68:04:44:2C:A4:3B:19:43:82:B5:BD:8F:51:6A:FC
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS197858.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:8a:25:88:57:67:e7:e8:3f:02:c7:07:7d:af:d9:ec:ac:5d:
         b2:12:9e:e2:fb:7a:46:53:f3:16:de:ed:f8:d7:09:c1:34:96:
         41:12:ce:05:12:df:07:25:c4:24:2f:c8:db:9a:df:47:be:c9:
         72:98:f9:21:ab:42:f7:b2:e4:4e:84:98:9c:ca:42:c9:58:59:
         e6:6b:fd:ab:c2:49:ae:9d:74:6d:b0:d5:36:49:b6:37:37:9f:
         2f:db:8f:9c:b8:c6:74:6a:9b:c0:aa:7c:a4:60:f2:44:39:42:
         c4:da:0f:68:ae:80:26:d7:f7:d4:07:c9:f9:b4:ae:27:66:92:
         9c:fe:81:b2:d6:57:ab:50:c3:20:bf:3b:76:f2:1e:62:c4:a8:
         fb:c8:62:7f:cb:7d:19:12:c5:a5:09:78:7d:94:50:42:7c:be:
         91:a9:a9:0e:ce:1b:ca:ec:23:b4:bd:bd:37:88:6d:89:8e:8d:
         96:54:e7:6f:67:c4:ad:47:ca:03:4b:60:53:f7:0c:69:57:80:
         4b:1f:c1:aa:26:05:2f:d0:08:52:9d:af:8a:4c:66:4b:f3:a8:
         c1:4d:17:8f:c9:5e:3f:9b:30:e3:2c:8a:db:21:9e:32:98:71:
         65:4d:0d:9c:84:7d:ac:cf:49:30:b4:37:65:88:82:97:3f:cb:
         a5:d0:a8:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXLDBKJyLJqo6X5rNPYiIw/YJTU8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MDYxMjI3MTFaFw0yNzA1MDUxMjMyMTFaMDMxMTAvBgNV
BAMTKDdBQjIzMTFFNjU2ODA0NDQyQ0E0M0IxOTQzODJCNUJEOEY1MTZBRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjqeNOOotmRnAigZYHjVRfaxIl
Kjhf9dGTbEisU3AKj4KY+0TSgC2BdrgFrynt48DlXXFyiFey0VekieAASPHzu48d
DirabztZzm6EpUqKI1Lwf3gNFbR01ZLdn27oK1WEC0FJ1qsDMVtrbvMcx5ZXGzI9
+oF91OmuwD93ieWOypsgoFXZefgVWcBGKqubcOMUXy2f+RutEJ7CFePkfTXDIhC0
HoJgWdVZPEVwI0PErDBvHzJy4Cj6mwRgqQAroKZAyoDNuxoBMl40uE7mpqn16003
V0Ixt8coX2WI8phSiBqkdCv2z5/t0/dLzV1SNtmdpja6jbtxvFr5OJZiW4YRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUerIxHmVoBEQspDsZQ4K1vY9RavwwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk3ODU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQs/
MA0GCSqGSIb3DQEBCwUAA4IBAQBHiiWIV2fn6D8Cxwd9r9nsrF2yEp7i+3pGU/MW
3u341wnBNJZBEs4FEt8HJcQkL8jbmt9HvslymPkhq0L3suROhJicykLJWFnma/2r
wkmunXRtsNU2SbY3N58v24+cuMZ0apvAqnykYPJEOULE2g9oroAm1/fUB8n5tK4n
ZpKc/oGy1lerUMMgvzt28h5ixKj7yGJ/y30ZEsWlCXh9lFBCfL6RqakOzhvK7CO0
vb03iG2Jjo2WVOdvZ8StR8oDS2BT9wxpV4BLH8GqJgUv0AhSna+KTGZL86jBTReP
yV4/mzDjLIrbIZ4ymHFlTQ2chH2sz0kwtDdliIKXP8ul0KhS
-----END CERTIFICATE-----