Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199737.roa
File:                     AS199737.roa (raw, json)
Hash identifier:          18mm2HCvivcy0xxmITZYcsUnnhC8uXTN0Wu/USk0RSs=
Subject key identifier:   FC:C2:49:BC:C2:00:40:ED:29:A9:4F:ED:56:D9:09:33:F6:C2:2C:79
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       172F8F7612A629B3945A9420DD8DB1DD92944B31
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199737.roa
Signing time:             Sun 08 Feb 2026 08:55:37 +0000
ROA not before:           Sun 08 Feb 2026 08:50:37 +0000
ROA not after:            Sun 07 Feb 2027 08:55:37 +0000
asID:                     199737
IP address blocks:        181.214.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:2f:8f:76:12:a6:29:b3:94:5a:94:20:dd:8d:b1:dd:92:94:4b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  8 08:50:37 2026 GMT
            Not After : Feb  7 08:55:37 2027 GMT
        Subject: CN=FCC249BCC20040ED29A94FED56D90933F6C22C79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c6:10:b0:4c:63:fc:36:41:81:ff:13:7c:19:
                    b5:72:49:fc:60:8a:51:ff:f0:1f:3f:5a:0f:e5:c4:
                    9b:53:54:02:3a:15:26:6f:3a:4d:18:9a:9f:c9:4e:
                    c6:8d:69:92:e8:db:9a:88:51:0f:66:c2:81:38:05:
                    d4:e9:a4:d2:c1:1b:8c:82:40:5d:73:eb:2b:8c:4d:
                    2f:64:11:50:1c:c2:4a:46:4e:3a:14:5a:35:b2:17:
                    41:5e:da:6f:06:e8:1b:00:94:52:dd:e9:c1:f1:9e:
                    62:18:75:e9:90:23:e7:70:4e:69:94:8c:4a:e3:5e:
                    4d:5d:9c:8c:9f:cd:ee:6b:ae:b7:9a:5b:3e:0d:8f:
                    75:1b:46:39:c7:83:c6:4f:82:09:b7:af:74:32:03:
                    e5:d0:15:a2:67:10:ac:bc:5e:24:81:d5:6b:d8:0c:
                    ab:3b:94:e3:ab:77:85:d1:02:3a:2d:00:9b:20:3d:
                    cf:29:49:1c:80:4f:5e:77:02:73:9e:4a:15:b7:cb:
                    e1:7c:2f:ca:7f:a8:84:ba:04:16:29:98:09:9a:1a:
                    e1:f0:3b:ee:68:57:8c:e7:93:4b:38:e0:8d:64:6f:
                    e2:4c:6e:cc:bf:a5:a5:2e:41:80:79:d2:35:6a:ef:
                    04:e2:0a:ec:b9:a0:a9:9e:32:00:a4:a5:14:7c:eb:
                    9b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:C2:49:BC:C2:00:40:ED:29:A9:4F:ED:56:D9:09:33:F6:C2:2C:79
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:d5:e0:2a:16:cd:9f:b9:d0:5f:38:14:63:38:73:7d:a2:e9:
         77:47:09:08:5f:e6:8d:00:3e:41:b8:77:88:44:53:4c:c8:4e:
         a8:1c:c0:95:99:b3:e1:d0:5a:ad:3f:cc:66:b2:23:e2:44:25:
         6d:9b:78:d4:de:64:0f:14:6f:2c:c0:a4:27:f4:4d:32:fe:cb:
         df:5c:3c:7f:ed:18:bc:88:ed:32:f8:85:df:9d:c2:c1:be:0d:
         07:5e:14:40:7f:6b:d6:65:30:91:5e:52:50:b9:5c:49:b0:c9:
         ef:24:73:81:98:c1:df:a6:fe:00:75:88:20:bf:90:4a:32:2f:
         5e:c5:84:12:b8:f9:c8:d7:5c:dd:7c:57:ee:99:15:00:00:f4:
         d9:57:11:d6:d7:79:19:4e:6b:f4:25:6d:37:a0:04:f8:b9:c4:
         85:45:64:cc:da:4b:19:9c:95:51:15:cd:8e:41:17:73:c6:b0:
         17:67:62:f5:af:18:43:47:cc:84:8d:3d:6e:02:ad:e0:0b:46:
         c1:97:b6:bf:ab:4a:47:38:b6:71:fe:1e:da:a4:8b:6c:7d:86:
         2d:d9:9e:56:bd:c9:20:31:e0:48:96:01:ca:8f:f8:e5:5d:86:
         40:b6:ba:65:11:77:c9:9e:cd:ff:5c:8a:e2:cb:c2:7d:55:7f:
         09:42:17:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFy+PdhKmKbOUWpQg3Y2x3ZKUSzEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMDgwODUwMzdaFw0yNzAyMDcwODU1MzdaMDMxMTAvBgNV
BAMTKEZDQzI0OUJDQzIwMDQwRUQyOUE5NEZFRDU2RDkwOTMzRjZDMjJDNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1xhCwTGP8NkGB/xN8GbVySfxg
ilH/8B8/Wg/lxJtTVAI6FSZvOk0Ymp/JTsaNaZLo25qIUQ9mwoE4BdTppNLBG4yC
QF1z6yuMTS9kEVAcwkpGTjoUWjWyF0Fe2m8G6BsAlFLd6cHxnmIYdemQI+dwTmmU
jErjXk1dnIyfze5rrreaWz4Nj3UbRjnHg8ZPggm3r3QyA+XQFaJnEKy8XiSB1WvY
DKs7lOOrd4XRAjotAJsgPc8pSRyAT153AnOeShW3y+F8L8p/qIS6BBYpmAmaGuHw
O+5oV4znk0s44I1kb+JMbsy/paUuQYB50jVq7wTiCuy5oKmeMgCkpRR865tVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/MJJvMIAQO0pqU/tVtkJM/bCLHkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5NzM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdab
MA0GCSqGSIb3DQEBCwUAA4IBAQAH1eAqFs2fudBfOBRjOHN9oul3RwkIX+aNAD5B
uHeIRFNMyE6oHMCVmbPh0FqtP8xmsiPiRCVtm3jU3mQPFG8swKQn9E0y/svfXDx/
7Ri8iO0y+IXfncLBvg0HXhRAf2vWZTCRXlJQuVxJsMnvJHOBmMHfpv4AdYggv5BK
Mi9exYQSuPnI11zdfFfumRUAAPTZVxHW13kZTmv0JW03oAT4ucSFRWTM2ksZnJVR
Fc2OQRdzxrAXZ2L1rxhDR8yEjT1uAq3gC0bBl7a/q0pHOLZx/h7apItsfYYt2Z5W
vckgMeBIlgHKj/jlXYZAtrplEXfJns3/XIriy8J9VX8JQhd9
-----END CERTIFICATE-----