Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS198487.roa
File:                     AS198487.roa (raw, json)
Hash identifier:          iGs+NheygotnO+wtsw/p3Ks6JLyu7Z4GCZoIr229V4Q=
Subject key identifier:   1F:42:31:76:00:69:7F:F9:3E:34:23:72:55:99:20:A4:14:A4:A8:68
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1C6E520A2D94DCD0F4448C62F5EB90A9CAFD9F4E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS198487.roa
Signing time:             Fri 05 Jun 2026 03:07:44 +0000
ROA not before:           Fri 05 Jun 2026 03:02:44 +0000
ROA not after:            Fri 04 Jun 2027 03:07:44 +0000
asID:                     198487
IP address blocks:        179.61.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:6e:52:0a:2d:94:dc:d0:f4:44:8c:62:f5:eb:90:a9:ca:fd:9f:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  5 03:02:44 2026 GMT
            Not After : Jun  4 03:07:44 2027 GMT
        Subject: CN=1F42317600697FF93E342372559920A414A4A868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:38:e7:bd:f6:02:6e:6a:8c:bc:58:71:d2:14:
                    0e:0a:65:3e:41:a7:88:5e:40:e0:3a:36:f8:cb:5d:
                    f3:bd:5d:0b:53:04:0c:ea:89:31:a5:9e:92:42:e1:
                    0a:e4:98:a0:26:85:2c:7b:d8:18:a1:1d:3f:ec:c0:
                    8c:82:6c:f3:dc:62:e7:b1:8f:91:05:c3:e4:5a:aa:
                    7b:04:fe:06:77:ab:a6:e5:a5:5d:7b:dc:81:3b:4b:
                    cb:d3:bd:fa:24:78:7f:64:96:65:5c:0f:35:4d:b5:
                    9c:64:3c:26:48:67:f0:94:3c:19:1a:8d:79:2f:02:
                    e9:d1:30:5c:91:81:0e:a2:da:4f:0c:fa:e8:36:42:
                    f7:06:24:7d:ff:eb:4b:76:bf:6a:d7:5d:5e:e3:87:
                    63:0a:8a:bd:d7:25:24:df:a1:da:f9:42:1d:cb:05:
                    8b:c2:f9:ac:f3:f7:54:ab:5a:76:2e:5a:91:27:d6:
                    28:45:59:1b:92:69:1a:85:2c:b3:74:77:85:00:e5:
                    dd:2f:c4:bc:58:2f:58:0c:82:81:b3:ec:9a:1a:a5:
                    60:34:b9:4c:e1:33:8c:4a:60:50:42:41:cb:4a:6f:
                    69:30:77:4c:54:ea:4e:a6:cf:ab:6a:9a:32:45:91:
                    f3:20:69:69:49:49:25:c8:94:02:12:19:ee:56:97:
                    ff:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:42:31:76:00:69:7F:F9:3E:34:23:72:55:99:20:A4:14:A4:A8:68
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS198487.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:39:18:50:a5:53:e5:60:a8:17:74:f7:07:71:20:ab:d0:ca:
         31:9f:9d:f0:99:a7:ad:56:86:84:85:43:75:a8:01:31:45:cd:
         ab:5b:99:b6:e9:a3:a1:9d:0d:97:13:72:73:b5:81:62:a4:68:
         b7:c8:a2:80:bf:2f:30:32:f7:bc:fd:19:c7:94:cf:2c:32:d8:
         34:f8:46:d4:05:fa:eb:10:a0:98:ac:6c:73:ba:2e:4e:c6:52:
         c5:68:dd:3e:fd:f6:26:6d:62:ba:21:4f:13:72:01:37:0a:27:
         e4:94:f4:47:22:80:aa:16:04:e0:93:c4:92:fa:1f:27:39:c4:
         ef:ba:25:4a:eb:2e:35:1d:f7:25:c5:8a:6b:f6:f0:ca:e9:21:
         ea:18:a4:db:15:7a:a6:19:fe:dd:a3:a2:2f:20:9f:23:be:8d:
         45:45:55:c3:bb:09:74:3e:b6:f1:ea:2f:e2:cd:eb:db:bf:42:
         c4:a3:a3:32:30:29:19:77:04:10:05:86:1f:9b:df:0b:da:7a:
         88:bb:07:e6:ce:bb:09:a1:d4:d5:db:79:27:99:27:54:7a:64:
         15:34:bc:0c:7e:50:d0:98:f7:2d:55:7a:15:df:b6:c2:21:95:
         3a:33:cf:b7:33:3a:e6:e3:26:16:f6:7a:62:22:14:d3:69:d2:
         ec:0a:86:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHG5SCi2U3ND0RIxi9euQqcr9n04wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MDUwMzAyNDRaFw0yNzA2MDQwMzA3NDRaMDMxMTAvBgNV
BAMTKDFGNDIzMTc2MDA2OTdGRjkzRTM0MjM3MjU1OTkyMEE0MTRBNEE4NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClOOe99gJuaoy8WHHSFA4KZT5B
p4heQOA6NvjLXfO9XQtTBAzqiTGlnpJC4QrkmKAmhSx72BihHT/swIyCbPPcYuex
j5EFw+RaqnsE/gZ3q6blpV173IE7S8vTvfokeH9klmVcDzVNtZxkPCZIZ/CUPBka
jXkvAunRMFyRgQ6i2k8M+ug2QvcGJH3/60t2v2rXXV7jh2MKir3XJSTfodr5Qh3L
BYvC+azz91SrWnYuWpEn1ihFWRuSaRqFLLN0d4UA5d0vxLxYL1gMgoGz7JoapWA0
uUzhM4xKYFBCQctKb2kwd0xU6k6mz6tqmjJFkfMgaWlJSSXIlAISGe5Wl/+vAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUH0IxdgBpf/k+NCNyVZkgpBSkqGgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk4NDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz24
MA0GCSqGSIb3DQEBCwUAA4IBAQBVORhQpVPlYKgXdPcHcSCr0Moxn53wmaetVoaE
hUN1qAExRc2rW5m26aOhnQ2XE3JztYFipGi3yKKAvy8wMve8/RnHlM8sMtg0+EbU
BfrrEKCYrGxzui5OxlLFaN0+/fYmbWK6IU8TcgE3CifklPRHIoCqFgTgk8SS+h8n
OcTvuiVK6y41HfclxYpr9vDK6SHqGKTbFXqmGf7do6IvIJ8jvo1FRVXDuwl0Prbx
6i/izevbv0LEo6MyMCkZdwQQBYYfm98L2nqIuwfmzrsJodTV23knmSdUemQVNLwM
flDQmPctVXoV37bCIZU6M8+3Mzrm4yYW9npiIhTTadLsCoZ7
-----END CERTIFICATE-----