Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199626.roa
File:                     AS199626.roa (raw, json)
Hash identifier:          NvOpltuwpNJywEOdaAiEPUkxSn+idGy1qFa5bEXAj/U=
Subject key identifier:   35:80:9C:12:C2:25:63:99:54:3D:AB:2C:8F:C9:77:40:F1:2C:BB:6A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3BD3CD0EC71CCE83D35ACA796F8B12B5BBF15BEA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199626.roa
Signing time:             Sun 29 Mar 2026 14:02:52 +0000
ROA not before:           Sun 29 Mar 2026 13:57:52 +0000
ROA not after:            Sun 28 Mar 2027 14:02:52 +0000
asID:                     199626
IP address blocks:        162.141.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:d3:cd:0e:c7:1c:ce:83:d3:5a:ca:79:6f:8b:12:b5:bb:f1:5b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 29 13:57:52 2026 GMT
            Not After : Mar 28 14:02:52 2027 GMT
        Subject: CN=35809C12C2256399543DAB2C8FC97740F12CBB6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:11:46:0c:f6:fc:cd:4d:aa:8c:a5:0c:1a:86:
                    5b:3d:e6:f2:fd:13:15:3a:85:2a:3f:fd:76:fa:74:
                    bb:b5:1a:73:b5:13:8a:30:24:14:c7:fc:bf:14:30:
                    c8:a1:f0:46:24:02:2e:62:04:1f:7f:fe:4b:0e:39:
                    27:bc:f8:79:57:19:e3:1f:9e:8b:c4:e9:b0:bf:b7:
                    5d:06:d9:ea:cd:68:17:5e:65:c7:53:04:45:e9:07:
                    5a:fb:98:68:cd:07:0e:da:ec:bd:38:c1:b2:f2:1c:
                    7b:5b:78:72:dd:bc:df:43:7e:68:03:e3:e3:9f:f4:
                    a6:9e:a1:96:ae:6a:40:1a:29:75:5d:d1:c6:5c:5e:
                    72:3d:8d:d3:65:50:17:d4:f6:cb:65:4b:6a:29:4a:
                    54:25:aa:c6:56:9c:f5:2b:0f:55:d4:79:b5:90:d8:
                    64:49:67:7b:7b:72:18:5f:87:55:d4:45:4b:e3:ed:
                    30:91:09:01:60:27:21:ae:bc:f0:ff:ab:82:1c:4b:
                    0e:96:31:90:ff:3d:02:d7:09:c7:64:f9:5e:d9:6a:
                    4c:ea:83:53:e6:07:f6:1c:b3:a5:f8:20:4a:00:60:
                    9f:c9:ae:ac:7b:81:40:99:ea:2d:47:72:55:c5:22:
                    c8:68:5e:59:ed:ec:ea:af:3b:dd:11:0e:aa:67:23:
                    ee:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:80:9C:12:C2:25:63:99:54:3D:AB:2C:8F:C9:77:40:F1:2C:BB:6A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199626.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:a5:b4:11:9b:1d:61:74:c8:da:8a:43:c8:f1:c8:52:93:b8:
         d8:9d:90:05:ec:ec:d1:28:c5:91:65:c9:08:55:fa:a2:07:9f:
         73:0c:ad:28:45:82:c6:a9:37:3b:40:5c:45:fc:b3:36:62:b0:
         76:ee:2b:97:08:99:ae:02:7a:88:0f:4e:f2:f6:96:91:10:a0:
         93:8d:8c:ec:f5:fd:8f:64:8a:21:84:41:fe:9c:7e:a1:9b:80:
         37:43:69:b4:78:c1:65:cd:c0:50:30:2e:9e:27:06:28:e0:33:
         d2:f0:b9:68:cb:3f:f1:59:77:53:1e:8c:28:b6:08:a8:e3:6e:
         91:de:1b:4a:f6:bc:d1:70:ee:3a:7b:dd:18:5c:a2:01:a7:fc:
         5e:66:c3:87:7c:4b:fa:5c:ae:e1:6d:71:4a:74:fd:25:3e:77:
         ad:d1:c7:5a:0d:c3:2e:40:ac:ac:29:e0:30:8b:59:14:98:65:
         1c:74:b5:68:2e:bd:7c:0e:14:b4:7f:15:cd:64:19:a6:0f:46:
         de:bb:20:8b:68:b3:08:7f:44:24:2b:a4:c6:de:bb:82:fa:66:
         60:a1:c2:b0:0b:91:a3:68:34:c9:b1:d1:69:f7:a8:96:d3:ba:
         68:42:dc:0f:8d:13:03:66:5d:3b:cb:ff:dd:89:ed:02:b8:6f:
         54:d2:94:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUO9PNDscczoPTWsp5b4sStbvxW+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjkxMzU3NTJaFw0yNzAzMjgxNDAyNTJaMDMxMTAvBgNV
BAMTKDM1ODA5QzEyQzIyNTYzOTk1NDNEQUIyQzhGQzk3NzQwRjEyQ0JCNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPEUYM9vzNTaqMpQwahls95vL9
ExU6hSo//Xb6dLu1GnO1E4owJBTH/L8UMMih8EYkAi5iBB9//ksOOSe8+HlXGeMf
novE6bC/t10G2erNaBdeZcdTBEXpB1r7mGjNBw7a7L04wbLyHHtbeHLdvN9DfmgD
4+Of9KaeoZauakAaKXVd0cZcXnI9jdNlUBfU9stlS2opSlQlqsZWnPUrD1XUebWQ
2GRJZ3t7chhfh1XURUvj7TCRCQFgJyGuvPD/q4IcSw6WMZD/PQLXCcdk+V7Zakzq
g1PmB/Ycs6X4IEoAYJ/Jrqx7gUCZ6i1HclXFIshoXlnt7OqvO90RDqpnI+7TAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNYCcEsIlY5lUPassj8l3QPEsu2owHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk5NjI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo2m
MA0GCSqGSIb3DQEBCwUAA4IBAQAxpbQRmx1hdMjaikPI8chSk7jYnZAF7OzRKMWR
ZckIVfqiB59zDK0oRYLGqTc7QFxF/LM2YrB27iuXCJmuAnqID07y9paREKCTjYzs
9f2PZIohhEH+nH6hm4A3Q2m0eMFlzcBQMC6eJwYo4DPS8Lloyz/xWXdTHowotgio
426R3htK9rzRcO46e90YXKIBp/xeZsOHfEv6XK7hbXFKdP0lPnet0cdaDcMuQKys
KeAwi1kUmGUcdLVoLr18DhS0fxXNZBmmD0beuyCLaLMIf0QkK6TG3ruC+mZgocKw
C5GjaDTJsdFp96iW07poQtwPjRMDZl07y//die0CuG9U0pSY
-----END CERTIFICATE-----