Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa
File:                     AS199218.roa (raw, json)
Hash identifier:          R+mYKAtjGWaTC8+VgsMcsoNryF6et4uLNWtmOse1gl4=
Subject key identifier:   32:32:FF:12:20:7E:A4:48:3D:77:E5:E1:81:DF:4D:24:19:8C:9B:1E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       55B0220508E2C092E224D964F9B922570FAC8472
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa
Signing time:             Fri 10 Apr 2026 12:47:05 +0000
ROA not before:           Fri 10 Apr 2026 12:42:05 +0000
ROA not after:            Fri 09 Apr 2027 12:47:05 +0000
asID:                     199218
IP address blocks:        181.214.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:b0:22:05:08:e2:c0:92:e2:24:d9:64:f9:b9:22:57:0f:ac:84:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 10 12:42:05 2026 GMT
            Not After : Apr  9 12:47:05 2027 GMT
        Subject: CN=3232FF12207EA4483D77E5E181DF4D24198C9B1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:61:64:33:ce:ec:ab:cd:17:15:bd:1d:d9:e2:
                    55:ec:92:4f:eb:fa:e2:10:d8:4e:a0:57:eb:74:d5:
                    82:b8:f3:e1:19:6a:16:c9:48:7e:95:70:e7:63:9a:
                    42:0e:68:cb:5c:8b:2e:ae:29:4e:6f:e4:bb:2f:4f:
                    0e:49:d4:71:aa:91:0f:d2:21:03:2d:3b:03:2c:1b:
                    23:49:72:96:d4:9f:aa:8a:1d:7b:71:0a:ee:23:39:
                    a4:d0:28:6b:c6:6b:c4:a0:8b:eb:7d:de:56:ad:a3:
                    34:86:99:22:43:67:22:33:03:08:80:64:94:28:a7:
                    66:f4:7f:f6:fe:50:c1:4e:c4:6c:a5:c7:1c:c7:60:
                    28:ae:5d:29:10:c6:02:05:76:e4:fc:06:b2:9e:a6:
                    70:e0:a0:d5:27:c6:70:89:5c:98:83:a2:66:de:6b:
                    90:ae:f5:c0:12:64:93:09:08:5f:b1:53:f9:24:6b:
                    f0:8d:a7:18:86:4a:30:bc:26:f0:8e:c8:86:a4:e3:
                    62:c1:b1:40:b4:33:a0:5a:c8:16:1c:48:a6:91:4d:
                    67:43:65:a6:b3:2c:13:e5:bf:d0:4b:44:5b:2c:ac:
                    35:c7:4e:9f:68:4b:4a:7d:7f:48:fa:5e:f3:fa:fe:
                    ea:86:83:8a:c9:54:54:b1:11:e0:d5:1a:80:5e:fa:
                    78:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:32:FF:12:20:7E:A4:48:3D:77:E5:E1:81:DF:4D:24:19:8C:9B:1E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:ad:5e:02:0a:5c:d3:1b:b8:34:02:cf:9f:e1:b4:b9:5d:31:
         8d:6b:d8:67:5c:4c:a5:3f:06:14:75:5a:f8:cf:8f:f3:d5:85:
         f9:1d:8b:c3:22:85:6b:45:f6:12:f4:51:bd:60:6f:e1:4d:76:
         96:a1:49:aa:6d:75:e0:4e:1e:ec:27:3f:79:0b:8a:7d:9b:f1:
         8d:be:5c:0d:2f:c0:bc:10:d8:5c:fb:24:34:18:45:5f:9e:82:
         e4:be:90:1d:c6:6f:64:21:ce:87:d5:a2:05:07:0d:af:f5:7c:
         77:47:39:5a:8e:a7:47:d2:6c:2a:2a:a2:1d:3b:21:a7:d7:54:
         82:fc:85:19:a6:60:b9:fd:b8:d8:c5:72:57:31:77:bd:22:55:
         41:aa:bf:62:bd:58:23:cd:ef:01:d8:21:72:86:1b:df:b1:ec:
         ae:a3:c3:7a:61:61:50:94:d5:fe:ea:ac:6e:42:fa:27:e5:69:
         b6:75:2e:4e:75:35:ff:4d:36:06:6d:c2:bb:f1:48:df:9e:7c:
         8b:3e:70:b5:5a:a1:bf:d5:69:9a:66:cd:6e:ae:d3:d8:4f:67:
         53:c6:1e:9a:92:57:02:29:f2:3c:c0:3e:84:34:a1:30:5a:85:
         00:ae:dd:72:17:0b:d5:04:ab:eb:36:df:cb:be:cd:f0:40:bd:
         42:f0:a7:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVbAiBQjiwJLiJNlk+bkiVw+shHIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MTAxMjQyMDVaFw0yNzA0MDkxMjQ3MDVaMDMxMTAvBgNV
BAMTKDMyMzJGRjEyMjA3RUE0NDgzRDc3RTVFMTgxREY0RDI0MTk4QzlCMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPYWQzzuyrzRcVvR3Z4lXskk/r
+uIQ2E6gV+t01YK48+EZahbJSH6VcOdjmkIOaMtciy6uKU5v5LsvTw5J1HGqkQ/S
IQMtOwMsGyNJcpbUn6qKHXtxCu4jOaTQKGvGa8Sgi+t93latozSGmSJDZyIzAwiA
ZJQop2b0f/b+UMFOxGylxxzHYCiuXSkQxgIFduT8BrKepnDgoNUnxnCJXJiDombe
a5Cu9cASZJMJCF+xU/kka/CNpxiGSjC8JvCOyIak42LBsUC0M6BayBYcSKaRTWdD
ZaazLBPlv9BLRFssrDXHTp9oS0p9f0j6XvP6/uqGg4rJVFSxEeDVGoBe+njJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMjL/EiB+pEg9d+Xhgd9NJBmMmx4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5MjE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdaD
MA0GCSqGSIb3DQEBCwUAA4IBAQBurV4CClzTG7g0As+f4bS5XTGNa9hnXEylPwYU
dVr4z4/z1YX5HYvDIoVrRfYS9FG9YG/hTXaWoUmqbXXgTh7sJz95C4p9m/GNvlwN
L8C8ENhc+yQ0GEVfnoLkvpAdxm9kIc6H1aIFBw2v9Xx3RzlajqdH0mwqKqIdOyGn
11SC/IUZpmC5/bjYxXJXMXe9IlVBqr9ivVgjze8B2CFyhhvfseyuo8N6YWFQlNX+
6qxuQvon5Wm2dS5OdTX/TTYGbcK78UjfnnyLPnC1WqG/1WmaZs1urtPYT2dTxh6a
klcCKfI8wD6ENKEwWoUArt1yFwvVBKvrNt/Lvs3wQL1C8Kfw
-----END CERTIFICATE-----