Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          hAmh5/9Bf2QberNQyzpVplX7UW9tyawI9kASWW2Tlyc=
Subject key identifier:   C9:22:93:80:82:F6:DC:B5:6E:DF:3C:FC:C5:2F:24:93:D1:1F:9F:64
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5E1907BDB66D9CC2C62AA197D70BC0CD2F2AEF24
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
Signing time:             Tue 17 Feb 2026 02:27:44 +0000
ROA not before:           Tue 17 Feb 2026 02:22:44 +0000
ROA not after:            Tue 16 Feb 2027 02:27:44 +0000
asID:                     25198
IP address blocks:        147.79.16.0/24 maxlen: 24
                          150.241.240.0/24 maxlen: 24
                          168.222.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:54:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:19:07:bd:b6:6d:9c:c2:c6:2a:a1:97:d7:0b:c0:cd:2f:2a:ef:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 17 02:22:44 2026 GMT
            Not After : Feb 16 02:27:44 2027 GMT
        Subject: CN=C922938082F6DCB56EDF3CFCC52F2493D11F9F64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1f:48:53:f0:7b:98:d5:ed:89:31:9d:a9:ca:
                    a5:5d:35:89:e6:bd:80:d2:20:2d:cb:6a:eb:c5:c1:
                    44:52:2c:3b:87:71:e8:7d:f2:e9:9d:75:0a:a0:c6:
                    1e:12:42:52:8a:8a:c1:c9:5c:03:43:3a:4e:29:f5:
                    b6:55:13:a2:f4:42:c3:6d:31:7e:7b:7a:68:cf:df:
                    92:ab:13:ef:29:20:be:8d:61:c0:d7:08:82:98:47:
                    d0:c0:ab:19:4a:2f:90:a9:25:47:f1:9e:8c:36:cf:
                    11:e1:64:17:97:17:58:ee:1e:fc:e3:ec:26:71:7a:
                    c8:7f:bb:32:a2:35:7f:74:2b:ac:db:b7:36:33:67:
                    f3:33:33:0d:8c:f8:c7:70:ad:7e:48:8c:e5:0b:05:
                    14:0d:66:c6:24:72:fa:ce:79:d7:21:91:0b:28:cc:
                    9f:9b:10:04:e7:10:ff:59:a7:66:f6:a8:45:26:c5:
                    69:fe:e2:4e:d5:52:2b:ba:ae:6b:30:f8:6e:8f:85:
                    99:e2:a7:93:05:aa:e1:b0:c6:37:dc:00:8a:e5:aa:
                    b3:a9:34:fe:5c:c4:f5:09:ab:c3:21:50:f2:5e:ec:
                    4e:38:61:ab:7b:b7:dc:df:12:91:ca:2b:e4:d9:8a:
                    5b:ec:19:c2:1b:ef:56:3d:73:99:52:b6:a9:0f:1d:
                    0e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:22:93:80:82:F6:DC:B5:6E:DF:3C:FC:C5:2F:24:93:D1:1F:9F:64
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.16.0/24
                  150.241.240.0/24
                  168.222.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:ef:8b:de:47:e3:54:7e:96:03:6e:3b:b7:49:94:f2:46:c1:
         10:a6:6c:59:2b:d0:6d:40:5f:1f:38:4b:52:aa:cc:d1:b5:09:
         9b:c7:98:b9:be:eb:8d:bb:e0:13:1b:bb:76:69:89:9c:bc:ee:
         a6:fa:b2:34:d7:f2:ae:53:73:6d:f7:5c:ea:1c:ec:e9:00:7e:
         d8:3e:b0:9c:1c:ce:30:a9:b7:09:ac:2d:6d:b2:c4:d4:42:07:
         78:bc:16:58:6c:ac:7a:f2:e2:0b:30:ca:0e:dc:be:05:9c:33:
         4f:23:cf:a4:5b:89:44:d3:c2:27:48:8d:d1:71:52:03:34:1f:
         d6:df:7e:b7:c3:85:1d:97:04:8b:31:9a:ed:7f:dc:f6:b6:bf:
         6a:aa:c8:ad:16:cc:41:79:53:5f:76:50:06:90:9e:d2:f0:59:
         df:94:4a:9a:ed:fd:a8:69:58:5f:e5:49:bf:c7:d4:94:15:3f:
         69:e1:af:af:f6:30:4d:aa:3c:5e:d8:7a:3a:b2:00:01:a2:40:
         39:ac:69:77:7b:74:3c:2f:13:9a:d2:33:99:29:ea:91:ed:b7:
         9f:23:8a:d3:30:fb:a0:b8:6c:8d:ef:9d:a5:cd:72:05:e5:d8:
         38:4a:a3:45:06:43:ba:96:bf:76:64:ac:30:9e:e0:f8:7e:dd:
         de:15:78:ee
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUXhkHvbZtnMLGKqGX1wvAzS8q7yQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTcwMjIyNDRaFw0yNzAyMTYwMjI3NDRaMDMxMTAvBgNV
BAMTKEM5MjI5MzgwODJGNkRDQjU2RURGM0NGQ0M1MkYyNDkzRDExRjlGNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6H0hT8HuY1e2JMZ2pyqVdNYnm
vYDSIC3LauvFwURSLDuHceh98umddQqgxh4SQlKKisHJXANDOk4p9bZVE6L0QsNt
MX57emjP35KrE+8pIL6NYcDXCIKYR9DAqxlKL5CpJUfxnow2zxHhZBeXF1juHvzj
7CZxesh/uzKiNX90K6zbtzYzZ/MzMw2M+MdwrX5IjOULBRQNZsYkcvrOedchkQso
zJ+bEATnEP9Zp2b2qEUmxWn+4k7VUiu6rmsw+G6PhZnip5MFquGwxjfcAIrlqrOp
NP5cxPUJq8MhUPJe7E44Yat7t9zfEpHKK+TZilvsGcIb71Y9c5lStqkPHQ4HAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUySKTgIL23LVu3zz8xS8kk9Efn2QwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACTTxAD
BACW8fADBAKo3mgwDQYJKoZIhvcNAQELBQADggEBAFrvi95H41R+lgNuO7dJlPJG
wRCmbFkr0G1AXx84S1KqzNG1CZvHmLm+64274BMbu3ZpiZy87qb6sjTX8q5Tc233
XOoc7OkAftg+sJwczjCptwmsLW2yxNRCB3i8FlhsrHry4gswyg7cvgWcM08jz6Rb
iUTTwidIjdFxUgM0H9bffrfDhR2XBIsxmu1/3Pa2v2qqyK0WzEF5U192UAaQntLw
Wd+USprt/ahpWF/lSb/H1JQVP2nhr6/2ME2qPF7YejqyAAGiQDmsaXd7dDwvE5rS
M5kp6pHtt58jitMw+6C4bI3vnaXNcgXl2DhKo0UGQ7qWv3ZkrDCe4Ph+3d4VeO4=
-----END CERTIFICATE-----