Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa
File:                     AS199925.roa (raw, json)
Hash identifier:          e46QuXA46B2+SacYXSCG1IfIBcOrd/tPCnTwnFs4WPM=
Subject key identifier:   1D:A0:DD:5C:D1:7E:89:74:B8:92:5B:93:59:D8:7B:D5:1D:5A:58:B4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5FCE5EEECFA9D740C2712D01B94E56CD4DD857CA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa
Signing time:             Mon 28 Jul 2025 10:54:13 +0000
ROA not before:           Mon 28 Jul 2025 10:49:13 +0000
ROA not after:            Mon 27 Jul 2026 10:54:13 +0000
asID:                     199925
IP address blocks:        181.41.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:ce:5e:ee:cf:a9:d7:40:c2:71:2d:01:b9:4e:56:cd:4d:d8:57:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 28 10:49:13 2025 GMT
            Not After : Jul 27 10:54:13 2026 GMT
        Subject: CN=1DA0DD5CD17E8974B8925B9359D87BD51D5A58B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:92:9a:3f:bf:be:0c:93:f3:4f:e5:d6:12:91:
                    6a:cc:b6:94:2a:81:3e:30:d2:ad:69:1a:04:61:db:
                    69:fe:62:aa:8b:96:1a:2e:a3:5d:7f:01:92:b4:a4:
                    12:40:34:83:65:75:93:66:47:f9:9a:ce:0d:17:77:
                    95:dc:f4:9f:a7:d5:4b:02:f6:7e:2d:cd:74:b7:0b:
                    5f:a4:ac:61:a6:8e:a5:ff:38:e3:c6:1d:09:dc:49:
                    84:52:f6:30:6a:42:2c:ff:a9:b7:8c:b2:8a:08:dd:
                    5e:a8:55:8f:c1:27:76:41:34:49:81:c6:5f:94:e4:
                    c2:c7:8b:2d:f0:eb:45:1f:2b:43:45:a7:cc:65:d9:
                    42:e3:be:23:e3:09:a7:8e:b3:45:d7:f2:a8:22:c8:
                    2f:10:7b:f7:14:76:c2:20:b2:59:c5:a8:d8:40:91:
                    5c:a1:56:85:0d:b6:f9:40:b4:e3:f0:5c:39:28:9c:
                    32:d0:01:b0:d8:fa:cf:11:64:79:1e:ec:70:3a:8d:
                    c0:b3:b3:66:ed:09:41:2a:89:5e:5e:8f:9d:d2:4e:
                    c3:bb:8a:20:81:83:0c:7a:42:1d:ec:b4:e1:55:f4:
                    f5:60:5b:83:fa:37:f0:59:e8:cd:8d:f3:f9:60:5d:
                    4e:c6:92:52:34:34:8c:85:28:7d:b0:a1:65:65:91:
                    55:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:A0:DD:5C:D1:7E:89:74:B8:92:5B:93:59:D8:7B:D5:1D:5A:58:B4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:e1:01:b6:a8:e2:b9:1f:b1:93:1a:90:6b:14:b5:f3:02:80:
         dd:2e:f5:d2:9e:0e:09:25:63:ef:67:c7:fa:8a:27:8d:a1:64:
         da:ca:97:58:27:dd:43:7c:fb:72:53:c1:59:e0:77:e0:0d:9d:
         da:bf:d0:02:68:83:e1:bf:ee:a1:07:ff:e9:44:84:72:2c:20:
         74:9a:34:4f:54:fd:0e:7e:29:b2:14:85:92:78:7d:92:2e:35:
         cc:f8:5f:df:8c:6c:b6:f2:7a:18:e2:1d:ed:79:67:87:52:68:
         ef:c1:78:21:d0:51:25:a2:de:ea:c1:f1:34:09:ce:7b:87:3b:
         8b:7e:c1:73:ad:13:fe:05:c2:95:00:fa:ca:9d:d8:80:0d:43:
         b7:5d:bb:f5:aa:87:97:fe:de:2d:55:61:c1:2b:8e:70:b0:5e:
         ed:13:e6:fb:67:ae:a4:12:c5:70:a9:c8:03:e5:e4:5a:f9:37:
         e3:1d:39:ba:6f:1c:3e:5c:45:06:ee:47:61:93:92:96:64:cd:
         b1:29:af:3f:bb:a5:18:dd:f8:a5:84:16:53:82:0b:30:fc:32:
         e2:a2:99:b3:65:9c:28:43:6a:29:6b:6d:d8:0a:f7:65:5e:ea:
         5f:b2:bc:24:6d:e1:6b:76:9c:79:e2:ca:79:09:34:dc:36:37:
         11:3b:63:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUX85e7s+p10DCcS0BuU5WzU3YV8owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MjgxMDQ5MTNaFw0yNjA3MjcxMDU0MTNaMDMxMTAvBgNV
BAMTKDFEQTBERDVDRDE3RTg5NzRCODkyNUI5MzU5RDg3QkQ1MUQ1QTU4QjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYkpo/v74Mk/NP5dYSkWrMtpQq
gT4w0q1pGgRh22n+YqqLlhouo11/AZK0pBJANINldZNmR/mazg0Xd5Xc9J+n1UsC
9n4tzXS3C1+krGGmjqX/OOPGHQncSYRS9jBqQiz/qbeMsooI3V6oVY/BJ3ZBNEmB
xl+U5MLHiy3w60UfK0NFp8xl2ULjviPjCaeOs0XX8qgiyC8Qe/cUdsIgslnFqNhA
kVyhVoUNtvlAtOPwXDkonDLQAbDY+s8RZHke7HA6jcCzs2btCUEqiV5ej53STsO7
iiCBgwx6Qh3stOFV9PVgW4P6N/BZ6M2N8/lgXU7GklI0NIyFKH2woWVlkVVPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHaDdXNF+iXS4kluTWdh71R1aWLQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5OTI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtSnB
MA0GCSqGSIb3DQEBCwUAA4IBAQCv4QG2qOK5H7GTGpBrFLXzAoDdLvXSng4JJWPv
Z8f6iieNoWTaypdYJ91DfPtyU8FZ4HfgDZ3av9ACaIPhv+6hB//pRIRyLCB0mjRP
VP0OfimyFIWSeH2SLjXM+F/fjGy28noY4h3teWeHUmjvwXgh0FElot7qwfE0Cc57
hzuLfsFzrRP+BcKVAPrKndiADUO3Xbv1qoeX/t4tVWHBK45wsF7tE+b7Z66kEsVw
qcgD5eRa+TfjHTm6bxw+XEUG7kdhk5KWZM2xKa8/u6UY3filhBZTggsw/DLiopmz
ZZwoQ2opa23YCvdlXupfsrwkbeFrdpx54sp5CTTcNjcRO2MV
-----END CERTIFICATE-----