Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199737.roa
File:                     AS199737.roa (raw, json)
Hash identifier:          gQin8FqvXO/MBgl64yjUG9mYVtlPgTNCxVzIW2Vqfdk=
Subject key identifier:   02:CF:F0:AA:71:7C:C1:29:96:6C:96:34:1A:81:A9:75:18:EF:D8:05
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       58E3E4724E7D726CAA4161280100F4C85677030B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199737.roa
Signing time:             Wed 01 Apr 2026 11:46:57 +0000
ROA not before:           Wed 01 Apr 2026 11:41:57 +0000
ROA not after:            Wed 31 Mar 2027 11:46:57 +0000
asID:                     199737
IP address blocks:        140.150.234.0/24 maxlen: 24
                          146.103.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e3:e4:72:4e:7d:72:6c:aa:41:61:28:01:00:f4:c8:56:77:03:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  1 11:41:57 2026 GMT
            Not After : Mar 31 11:46:57 2027 GMT
        Subject: CN=02CFF0AA717CC129966C96341A81A97518EFD805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:22:ef:36:02:b2:29:dc:c6:03:7e:b7:4c:a9:
                    0f:52:8a:38:71:57:14:b7:e5:7c:02:07:1a:44:24:
                    f5:67:e5:e5:45:4a:d2:8f:36:78:33:71:4b:4a:a0:
                    00:1f:40:8a:7c:b3:30:1d:a4:cb:d5:ff:45:19:3e:
                    93:e2:40:34:25:f0:3b:42:ae:92:8f:99:16:ac:df:
                    ef:24:22:d5:e2:4a:2f:7d:ea:e2:5b:de:47:53:3b:
                    84:eb:8c:1c:c5:89:a1:dc:12:8b:0b:93:49:79:1c:
                    9a:16:63:d1:e4:81:4a:67:85:5f:11:78:70:89:65:
                    8d:e0:6b:ce:1b:9d:a5:2e:2d:55:75:cc:c4:36:59:
                    f8:78:72:17:b9:f3:6b:c8:f3:ce:f4:84:ed:ca:eb:
                    d7:a6:4a:6d:2e:97:f6:23:d9:37:62:3c:ac:57:79:
                    e4:38:17:8c:1e:0c:6b:5e:ac:c1:05:3c:f8:41:ae:
                    52:3e:23:e2:d0:93:5e:1a:8d:f3:92:bc:3d:37:28:
                    b2:d2:a8:65:f2:53:b2:65:ce:98:6a:8d:24:fa:c3:
                    9b:17:d0:f4:5a:aa:ea:05:00:80:1b:e1:4b:f5:ab:
                    7c:fe:72:b7:5b:66:77:18:20:59:07:52:45:cf:de:
                    44:c2:c9:b0:7a:05:16:1a:9f:89:89:a0:9b:3b:a2:
                    f2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:CF:F0:AA:71:7C:C1:29:96:6C:96:34:1A:81:A9:75:18:EF:D8:05
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.234.0/24
                  146.103.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:e3:9e:c8:f1:67:ce:40:2a:fd:1b:5c:ca:fe:a0:dc:36:72:
         bc:11:68:f6:5e:03:47:98:17:ab:33:fb:f5:1f:af:53:1c:94:
         20:2f:e7:ec:95:0e:77:5c:91:b3:58:3b:d8:0f:d7:2d:ec:51:
         ee:04:f2:e7:0e:3a:ad:56:77:96:59:06:fd:f8:f1:07:28:6a:
         ed:7e:fd:4f:26:0a:f8:85:55:b5:a0:e4:fe:bf:e1:1f:01:a5:
         bb:bc:b8:29:b6:0a:36:b9:a0:81:40:f6:4f:22:5e:bb:03:2c:
         6d:6f:3d:2b:1e:7b:a5:0b:77:ec:b4:8f:1a:e6:26:ab:07:e6:
         65:b0:0c:19:a3:6f:48:74:e9:0e:43:59:0c:41:54:a4:b9:4e:
         1a:3f:10:17:73:68:1b:49:a9:29:6a:76:53:a6:1f:df:b3:48:
         85:07:97:95:1a:7a:fd:ca:f2:23:1f:d7:47:30:21:ec:0d:88:
         20:7e:9b:74:da:ed:f3:91:36:12:29:3a:bf:65:e1:12:ea:30:
         2f:ab:bd:8e:f2:1f:be:22:1b:75:8c:8f:63:82:69:9f:e8:bf:
         13:83:fb:e3:34:16:52:8f:9e:4d:fa:a1:df:0f:09:f4:2f:e3:
         29:7b:21:17:2e:cd:7f:ff:17:40:67:11:ce:9e:e4:5b:da:8a:
         41:ea:bb:ae
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUWOPkck59cmyqQWEoAQD0yFZ3AwswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDExMTQxNTdaFw0yNzAzMzExMTQ2NTdaMDMxMTAvBgNV
BAMTKDAyQ0ZGMEFBNzE3Q0MxMjk5NjZDOTYzNDFBODFBOTc1MThFRkQ4MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtIu82ArIp3MYDfrdMqQ9Sijhx
VxS35XwCBxpEJPVn5eVFStKPNngzcUtKoAAfQIp8szAdpMvV/0UZPpPiQDQl8DtC
rpKPmRas3+8kItXiSi996uJb3kdTO4TrjBzFiaHcEosLk0l5HJoWY9HkgUpnhV8R
eHCJZY3ga84bnaUuLVV1zMQ2Wfh4che582vI8870hO3K69emSm0ul/Yj2TdiPKxX
eeQ4F4weDGterMEFPPhBrlI+I+LQk14ajfOSvD03KLLSqGXyU7JlzphqjST6w5sX
0PRaquoFAIAb4Uv1q3z+crdbZncYIFkHUkXP3kTCybB6BRYan4mJoJs7ovLHAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAs/wqnF8wSmWbJY0GoGpdRjv2AUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk5NzM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjJbq
AwQAkmc9MA0GCSqGSIb3DQEBCwUAA4IBAQBv457I8WfOQCr9G1zK/qDcNnK8EWj2
XgNHmBerM/v1H69THJQgL+fslQ53XJGzWDvYD9ct7FHuBPLnDjqtVneWWQb9+PEH
KGrtfv1PJgr4hVW1oOT+v+EfAaW7vLgptgo2uaCBQPZPIl67Ayxtbz0rHnulC3fs
tI8a5iarB+ZlsAwZo29IdOkOQ1kMQVSkuU4aPxAXc2gbSakpanZTph/fs0iFB5eV
Gnr9yvIjH9dHMCHsDYggfpt02u3zkTYSKTq/ZeES6jAvq72O8h++Iht1jI9jgmmf
6L8Tg/vjNBZSj55N+qHfDwn0L+MpeyEXLs1//xdAZxHOnuRb2opB6ruu
-----END CERTIFICATE-----