Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199737.roa
File:                     AS199737.roa (raw, json)
Hash identifier:          SBmywZnQPwAtkvCjG+hOAYPHatGBOA5kSZZCcILzvMk=
Subject key identifier:   AE:01:D1:19:2F:1F:39:68:82:EA:8C:24:8A:81:F2:CF:87:26:D9:89
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       09EC16C756F89269B4C5E3721F3D05380FDD1F20
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199737.roa
Signing time:             Fri 27 Jun 2025 16:54:11 +0000
ROA not before:           Fri 27 Jun 2025 16:49:11 +0000
ROA not after:            Fri 26 Jun 2026 16:54:11 +0000
asID:                     199737
IP address blocks:        141.11.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:24:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:ec:16:c7:56:f8:92:69:b4:c5:e3:72:1f:3d:05:38:0f:dd:1f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 27 16:49:11 2025 GMT
            Not After : Jun 26 16:54:11 2026 GMT
        Subject: CN=AE01D1192F1F396882EA8C248A81F2CF8726D989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c4:62:9c:49:28:9e:e2:05:d4:5c:52:fe:f6:
                    31:08:96:55:2e:26:ac:4a:25:13:34:7c:b7:74:f4:
                    61:3c:06:44:ab:9b:43:c3:9e:52:ab:30:73:25:cb:
                    f7:00:55:9b:5d:42:ce:7c:7f:85:42:da:3f:51:35:
                    bb:e6:1f:c3:83:f1:29:14:e0:d5:36:10:88:a2:65:
                    22:9a:6b:41:f5:06:69:13:c9:c5:75:73:5b:43:2c:
                    ac:98:10:a3:72:2a:9e:d9:52:fd:aa:93:11:00:80:
                    44:d7:fd:d0:0e:11:94:0d:b0:0d:e6:72:dc:14:4e:
                    0b:f2:ee:88:f4:c6:bd:22:db:37:b3:cc:a5:9b:e9:
                    4f:dc:f2:79:9e:e2:36:ad:0d:bd:36:4a:03:80:3b:
                    ba:6c:8d:4d:6c:6b:58:5d:7b:a0:a2:b9:ea:1b:72:
                    85:6f:f2:53:41:20:36:19:0d:22:63:e9:ca:01:b5:
                    e7:23:a1:37:0d:a5:c2:1b:a5:e2:3e:e7:b2:83:bd:
                    f6:d4:d9:60:7b:0c:c3:21:c0:20:73:7e:f3:ec:15:
                    1b:b7:56:2b:a2:01:f1:e1:32:16:68:5d:eb:63:a2:
                    2b:de:c4:d3:ff:3b:a3:9d:37:ed:8b:6c:e6:2f:71:
                    04:51:ab:8d:c8:6b:61:ae:32:5c:1f:57:ad:a1:de:
                    3f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:01:D1:19:2F:1F:39:68:82:EA:8C:24:8A:81:F2:CF:87:26:D9:89
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS199737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a7:da:6c:6d:f0:0b:94:1b:aa:6d:59:23:f3:2d:ba:16:58:
         d2:2f:77:ff:4e:de:45:88:68:1b:e3:3c:9d:78:74:c1:94:60:
         31:17:34:2a:15:99:ec:75:5a:9d:77:8d:e9:2e:27:64:3b:71:
         62:e9:a0:2a:b9:c1:9b:9b:03:35:59:f0:c0:b2:d3:1f:67:11:
         a3:be:ad:22:d5:8e:34:7f:24:55:69:68:4b:c3:42:37:c9:3b:
         62:99:d0:ba:d8:ce:78:50:6c:35:bd:1b:82:5b:02:ad:d7:7f:
         eb:2a:30:ef:0e:dc:36:7a:c1:21:a6:ea:07:ff:b0:99:ae:89:
         a7:34:da:92:5d:82:e8:6e:a5:5c:d1:55:ca:7e:b9:25:c7:96:
         95:55:a8:41:d3:e2:7b:1e:5a:9b:43:ac:cc:b2:ea:04:09:c5:
         4b:a9:88:6d:c9:25:46:6c:ab:1c:e0:82:ff:7d:90:29:98:e8:
         c7:7c:db:9a:b8:3a:08:a5:14:04:ec:6b:bd:1c:78:25:fd:4b:
         55:96:5b:e7:78:a6:f9:03:49:c5:03:7a:59:b7:03:e9:9e:da:
         3e:6a:e5:b6:88:6f:3e:2a:98:5d:e1:22:82:23:55:e2:af:e2:
         03:3f:2d:bd:c0:48:d4:a8:64:76:07:5d:c0:4d:41:e9:97:f9:
         14:44:c0:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCewWx1b4kmm0xeNyHz0FOA/dHyAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MjcxNjQ5MTFaFw0yNjA2MjYxNjU0MTFaMDMxMTAvBgNV
BAMTKEFFMDFEMTE5MkYxRjM5Njg4MkVBOEMyNDhBODFGMkNGODcyNkQ5ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVxGKcSSie4gXUXFL+9jEIllUu
JqxKJRM0fLd09GE8BkSrm0PDnlKrMHMly/cAVZtdQs58f4VC2j9RNbvmH8OD8SkU
4NU2EIiiZSKaa0H1BmkTycV1c1tDLKyYEKNyKp7ZUv2qkxEAgETX/dAOEZQNsA3m
ctwUTgvy7oj0xr0i2zezzKWb6U/c8nme4jatDb02SgOAO7psjU1sa1hde6Ciueob
coVv8lNBIDYZDSJj6coBtecjoTcNpcIbpeI+57KDvfbU2WB7DMMhwCBzfvPsFRu3
ViuiAfHhMhZoXetjoivexNP/O6OdN+2LbOYvcQRRq43Ia2GuMlwfV62h3j/zAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUrgHRGS8fOWiC6owkioHyz4cm2YkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk5NzM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvy
MA0GCSqGSIb3DQEBCwUAA4IBAQCLp9psbfALlBuqbVkj8y26FljSL3f/Tt5FiGgb
4zydeHTBlGAxFzQqFZnsdVqdd43pLidkO3Fi6aAqucGbmwM1WfDAstMfZxGjvq0i
1Y40fyRVaWhLw0I3yTtimdC62M54UGw1vRuCWwKt13/rKjDvDtw2esEhpuoH/7CZ
romnNNqSXYLobqVc0VXKfrklx5aVVahB0+J7HlqbQ6zMsuoECcVLqYhtySVGbKsc
4IL/fZApmOjHfNuauDoIpRQE7Gu9HHgl/UtVllvneKb5A0nFA3pZtwPpnto+auW2
iG8+Kphd4SKCI1Xir+IDPy29wEjUqGR2B13ATUHpl/kURMAb
-----END CERTIFICATE-----