Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          CCnsq2vsfk775w/3K3jWx94uGydEOpfDWn7bLZtLzhg=
Subject key identifier:   F0:5A:96:EE:BE:95:59:D5:B6:1F:71:67:CE:7F:E4:6D:A8:81:7D:5E
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       76B0E69522159B835F1CD28485F9D55E1751233B
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS25198.roa
Signing time:             Sat 28 Feb 2026 08:55:49 +0000
ROA not before:           Sat 28 Feb 2026 08:50:49 +0000
ROA not after:            Sat 27 Feb 2027 08:55:49 +0000
asID:                     25198
IP address blocks:        46.236.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:b0:e6:95:22:15:9b:83:5f:1c:d2:84:85:f9:d5:5e:17:51:23:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Feb 28 08:50:49 2026 GMT
            Not After : Feb 27 08:55:49 2027 GMT
        Subject: CN=F05A96EEBE9559D5B61F7167CE7FE46DA8817D5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0e:8f:ac:65:e1:33:93:71:d8:32:0b:94:d5:
                    fe:90:8a:67:f7:1e:09:2b:3f:e5:24:64:05:6c:9b:
                    6f:1d:85:0d:a1:90:9f:0f:61:43:8a:c6:bc:23:c1:
                    df:7d:bd:e3:b7:67:6a:6c:d9:85:cf:0c:bb:10:fe:
                    bc:69:19:cb:eb:eb:fc:9d:ce:e0:91:22:e6:dd:28:
                    03:c5:4b:e5:73:92:b9:57:5b:f9:38:ac:c8:ca:e7:
                    12:4a:38:1f:9d:d4:4c:44:53:68:04:b7:2b:cb:de:
                    ef:99:90:64:b5:80:41:41:20:42:2c:21:49:32:0e:
                    1b:a5:60:bc:19:5b:09:09:a4:dc:06:8f:6b:e0:6a:
                    44:14:ee:84:4b:2f:8f:d3:f7:fc:4f:5c:08:80:65:
                    09:74:63:e5:fa:89:ca:30:ad:12:65:ef:84:ed:9e:
                    51:09:7e:00:01:09:73:35:a7:8b:73:04:7d:f2:22:
                    0d:4e:13:8a:f8:e6:20:d4:0e:07:e2:44:fd:90:e5:
                    a2:d2:a6:04:1f:8c:b5:f4:0b:22:c2:fe:33:63:fb:
                    e3:95:af:66:7f:f7:3b:cc:cc:65:fd:b8:85:7b:e4:
                    0b:c3:83:2d:f1:bf:fc:f0:fe:26:c0:16:c8:20:61:
                    4b:27:99:2e:73:6c:22:b5:d6:73:21:09:c4:ac:d5:
                    80:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:5A:96:EE:BE:95:59:D5:B6:1F:71:67:CE:7F:E4:6D:A8:81:7D:5E
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:f8:f2:ca:8c:8b:67:33:d6:81:53:7e:02:5c:57:24:8a:c4:
         90:74:37:c3:b4:80:c4:d6:65:d9:ee:7b:32:86:c5:56:9c:20:
         b7:bf:7b:69:9c:20:bb:a5:71:fb:f6:79:ea:a5:4c:b7:79:5b:
         14:30:53:ee:cd:0a:79:eb:75:b2:3d:7c:5e:f2:36:f7:b2:53:
         ed:8e:b2:3b:e4:da:88:01:14:75:17:32:b3:58:75:d3:86:08:
         4e:de:9d:08:f7:3f:1b:e6:35:51:5f:0b:da:f4:69:63:6c:e2:
         8a:3e:da:ca:50:04:e0:56:c9:87:bd:39:9e:68:c6:df:63:55:
         be:94:31:b4:1f:b3:f7:22:6a:77:4b:9e:e4:da:73:c9:08:4c:
         1e:98:52:dc:a5:dc:5e:3a:b3:b5:39:43:72:14:90:58:22:a1:
         c4:73:be:49:81:54:09:6e:cd:bd:fc:8f:bd:3c:5b:cc:91:52:
         42:b7:85:02:01:78:0f:e1:47:25:7a:79:28:da:3e:91:6d:31:
         5b:2f:0d:fe:24:ca:66:74:00:86:a2:5e:62:42:a1:ee:2d:cd:
         6d:c5:b3:4f:60:a4:07:6e:26:73:22:fb:31:36:5c:d9:a7:00:
         85:57:02:cd:06:fc:81:bf:6e:a2:fb:ab:14:99:33:19:99:61:
         04:5c:37:d3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdrDmlSIVm4NfHNKEhfnVXhdRIzswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAyMjgwODUwNDlaFw0yNzAyMjcwODU1NDlaMDMxMTAvBgNV
BAMTKEYwNUE5NkVFQkU5NTU5RDVCNjFGNzE2N0NFN0ZFNDZEQTg4MTdENUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Do+sZeEzk3HYMguU1f6Qimf3
HgkrP+UkZAVsm28dhQ2hkJ8PYUOKxrwjwd99veO3Z2ps2YXPDLsQ/rxpGcvr6/yd
zuCRIubdKAPFS+VzkrlXW/k4rMjK5xJKOB+d1ExEU2gEtyvL3u+ZkGS1gEFBIEIs
IUkyDhulYLwZWwkJpNwGj2vgakQU7oRLL4/T9/xPXAiAZQl0Y+X6icowrRJl74Tt
nlEJfgABCXM1p4tzBH3yIg1OE4r45iDUDgfiRP2Q5aLSpgQfjLX0CyLC/jNj++OV
r2Z/9zvMzGX9uIV75AvDgy3xv/zw/ibAFsggYUsnmS5zbCK11nMhCcSs1YDbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU8FqW7r6VWdW2H3Fnzn/kbaiBfV4wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAu7MAw
DQYJKoZIhvcNAQELBQADggEBAAP48sqMi2cz1oFTfgJcVySKxJB0N8O0gMTWZdnu
ezKGxVacILe/e2mcILulcfv2eeqlTLd5WxQwU+7NCnnrdbI9fF7yNveyU+2Osjvk
2ogBFHUXMrNYddOGCE7enQj3PxvmNVFfC9r0aWNs4oo+2spQBOBWyYe9OZ5oxt9j
Vb6UMbQfs/ciandLnuTac8kITB6YUtyl3F46s7U5Q3IUkFgiocRzvkmBVAluzb38
j708W8yRUkK3hQIBeA/hRyV6eSjaPpFtMVsvDf4kymZ0AIaiXmJCoe4tzW3Fs09g
pAduJnMi+zE2XNmnAIVXAs0G/IG/bqL7qxSZMxmZYQRcN9M=
-----END CERTIFICATE-----