Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199654.roa
File:                     AS199654.roa (raw, json)
Hash identifier:          fNI+5lO/Vy8SwMM5qxgKtmFWqfXfHPROIld0QEHlljM=
Subject key identifier:   B8:BA:BC:91:66:C1:12:6F:FC:63:CD:2D:80:B0:0F:EC:D7:BA:E8:89
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7BB9776297AD80241EC4FC0E34AFCB3F80AD38F4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199654.roa
Signing time:             Sun 02 Nov 2025 23:55:11 +0000
ROA not before:           Sun 02 Nov 2025 23:50:11 +0000
ROA not after:            Sun 01 Nov 2026 23:55:11 +0000
asID:                     199654
IP address blocks:        191.96.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:b9:77:62:97:ad:80:24:1e:c4:fc:0e:34:af:cb:3f:80:ad:38:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov  2 23:50:11 2025 GMT
            Not After : Nov  1 23:55:11 2026 GMT
        Subject: CN=B8BABC9166C1126FFC63CD2D80B00FECD7BAE889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6a:7b:6e:a8:ca:61:5b:fa:25:1d:b6:d3:44:
                    3e:8f:3a:b3:91:9a:c3:f5:01:2e:41:c8:85:19:16:
                    63:b4:db:df:87:fe:6d:b3:a0:d2:bb:8f:56:56:16:
                    4a:11:17:58:4e:f8:fc:51:a6:22:12:dc:21:54:02:
                    47:d6:e7:12:25:89:d3:a1:b9:77:27:91:7e:d7:e5:
                    84:03:83:5e:16:ba:70:f9:b1:39:c0:14:7e:99:93:
                    19:59:e8:02:4e:c7:5f:88:ac:2b:df:ff:d6:4f:af:
                    1a:fa:60:13:f5:e6:4e:fa:e8:b2:8f:ae:38:de:dd:
                    53:62:f4:2c:66:63:60:6a:1b:a3:ef:c5:b6:cd:27:
                    04:58:76:dc:11:ca:a7:0e:5f:2b:5b:33:ff:a3:74:
                    cf:ac:81:ac:ea:27:63:1d:be:49:c3:da:f4:f5:54:
                    48:11:e8:9c:1e:65:bf:05:5e:4e:a5:a1:7c:44:b6:
                    68:78:37:76:0d:05:41:92:3a:84:d2:bb:7d:81:b4:
                    b4:fe:47:e8:3a:b6:5b:34:2a:fd:4e:4b:f1:57:72:
                    a8:f4:2c:71:fc:40:da:75:c9:9b:e6:e8:e8:37:ee:
                    e1:f9:ea:a5:4d:47:78:b2:d2:7e:8e:f0:ae:5c:9e:
                    ba:24:dd:63:33:3c:04:4e:b3:c3:24:99:23:3f:a0:
                    66:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:BA:BC:91:66:C1:12:6F:FC:63:CD:2D:80:B0:0F:EC:D7:BA:E8:89
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:86:54:15:49:06:d5:a3:d3:3a:cf:b7:8f:cc:06:57:89:31:
         19:5d:36:d6:95:b7:1e:9e:ce:81:15:db:18:88:bf:f2:5d:a9:
         23:92:93:e6:58:96:a3:4d:ba:ee:87:a5:6a:c7:f9:fe:0b:86:
         2e:03:97:96:17:75:15:39:24:ef:27:ce:06:07:a5:df:5b:c4:
         73:45:81:c3:dc:a1:64:9f:5f:c4:1c:d5:f8:ab:f4:d6:a0:60:
         d3:7f:b1:4a:84:d4:5f:76:b9:79:1c:a8:e8:25:4b:56:92:f4:
         1c:28:46:a2:fe:2a:82:df:7e:f4:04:36:1b:02:09:cf:9e:de:
         77:20:64:b6:2b:8f:a8:e3:68:72:7f:1b:d1:24:3e:80:db:26:
         60:3b:8d:17:14:60:25:bd:3d:a0:dc:de:f8:29:5f:b9:6d:f9:
         9d:a7:97:91:53:56:a7:f1:70:4b:07:a9:62:f5:81:6a:d5:c6:
         d5:1b:d5:c1:25:2d:18:c2:54:49:55:0d:ef:8b:33:24:ca:80:
         2d:ff:fa:01:ac:b1:99:7c:47:2b:fd:64:99:6b:e6:e2:ba:3a:
         cb:a6:01:dc:59:c4:ab:cc:b2:48:c2:2d:7a:3c:d5:6e:5a:52:
         ba:3b:d0:96:4b:7f:28:f5:f9:22:d2:dc:8a:88:a0:87:fe:48:
         ec:64:63:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUe7l3YpetgCQexPwONK/LP4CtOPQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTExMDIyMzUwMTFaFw0yNjExMDEyMzU1MTFaMDMxMTAvBgNV
BAMTKEI4QkFCQzkxNjZDMTEyNkZGQzYzQ0QyRDgwQjAwRkVDRDdCQUU4ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFantuqMphW/olHbbTRD6POrOR
msP1AS5ByIUZFmO029+H/m2zoNK7j1ZWFkoRF1hO+PxRpiIS3CFUAkfW5xIlidOh
uXcnkX7X5YQDg14WunD5sTnAFH6ZkxlZ6AJOx1+IrCvf/9ZPrxr6YBP15k766LKP
rjje3VNi9CxmY2BqG6PvxbbNJwRYdtwRyqcOXytbM/+jdM+sgazqJ2MdvknD2vT1
VEgR6JweZb8FXk6loXxEtmh4N3YNBUGSOoTSu32BtLT+R+g6tls0Kv1OS/FXcqj0
LHH8QNp1yZvm6Og37uH56qVNR3iy0n6O8K5cnrok3WMzPAROs8MkmSM/oGY1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuLq8kWbBEm/8Y80tgLAP7Ne66IkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2DP
MA0GCSqGSIb3DQEBCwUAA4IBAQAchlQVSQbVo9M6z7ePzAZXiTEZXTbWlbcens6B
FdsYiL/yXakjkpPmWJajTbruh6Vqx/n+C4YuA5eWF3UVOSTvJ84GB6XfW8RzRYHD
3KFkn1/EHNX4q/TWoGDTf7FKhNRfdrl5HKjoJUtWkvQcKEai/iqC3370BDYbAgnP
nt53IGS2K4+o42hyfxvRJD6A2yZgO40XFGAlvT2g3N74KV+5bfmdp5eRU1an8XBL
B6li9YFq1cbVG9XBJS0YwlRJVQ3vizMkyoAt//oBrLGZfEcr/WSZa+biujrLpgHc
WcSrzLJIwi16PNVuWlK6O9CWS38o9fki0tyKiKCH/kjsZGO7
-----END CERTIFICATE-----