Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS199074.roa
File:                     AS199074.roa (raw, json)
Hash identifier:          GETgjvlTswTlcHy+Q3lR0skn5iah8wGdfBoRcncbgyc=
Subject key identifier:   11:95:4B:13:8F:45:EA:25:26:FE:F2:0D:9C:4C:4C:E9:B0:88:46:CA
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       40B148E20869D257C3FED3A2213461DBA6728C4B
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS199074.roa
Signing time:             Tue 14 Apr 2026 13:18:25 +0000
ROA not before:           Tue 14 Apr 2026 13:13:25 +0000
ROA not after:            Tue 13 Apr 2027 13:18:25 +0000
asID:                     199074
IP address blocks:        212.87.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:b1:48:e2:08:69:d2:57:c3:fe:d3:a2:21:34:61:db:a6:72:8c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr 14 13:13:25 2026 GMT
            Not After : Apr 13 13:18:25 2027 GMT
        Subject: CN=11954B138F45EA2526FEF20D9C4C4CE9B08846CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:61:ee:4a:4d:91:81:48:20:e3:ee:6e:19:29:
                    9d:f0:d4:d3:ba:c0:eb:29:3b:7d:f7:a6:80:c0:ee:
                    a8:d0:d1:1e:f1:8f:f6:db:00:cb:c8:69:e1:86:14:
                    73:3e:39:84:61:dc:96:cf:dd:c4:a5:72:0b:c7:51:
                    46:90:0f:e1:16:f7:09:2d:23:43:b6:57:ec:69:e2:
                    b4:41:b7:72:1a:18:d1:6f:88:00:12:fd:86:e9:60:
                    df:57:8c:c1:5b:98:74:05:68:f3:bc:29:e2:db:c6:
                    79:71:37:1d:30:fc:d8:c4:08:af:b0:40:16:24:31:
                    17:d1:5a:0b:9c:03:80:df:8b:bf:6e:3a:3a:91:5e:
                    ca:97:b8:3e:3e:b1:c8:fc:8b:72:59:17:15:39:66:
                    e9:fb:46:cc:1a:27:3c:af:dd:41:2a:ef:2a:59:20:
                    0c:8e:57:03:ba:1f:40:86:30:3c:c6:17:8c:02:0c:
                    d5:67:59:65:5c:35:68:6b:c6:6a:71:cf:fe:6a:8e:
                    82:13:5e:b3:f2:a0:03:89:d7:dc:96:d1:42:a4:db:
                    b1:0f:c7:b2:d1:e2:b5:c6:90:b8:0a:a9:54:81:e4:
                    ee:e5:c0:ad:22:54:d3:5c:19:15:55:be:51:e0:cf:
                    ed:0c:36:94:98:ca:53:33:b3:94:c1:4d:bc:2e:b9:
                    5f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:95:4B:13:8F:45:EA:25:26:FE:F2:0D:9C:4C:4C:E9:B0:88:46:CA
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS199074.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e2:f1:27:92:f6:40:de:2e:a2:b4:94:0a:b1:0e:a9:91:ba:02:
         61:58:e2:31:35:0c:83:d0:b5:6f:9d:93:ef:24:c6:6f:84:6c:
         eb:99:a8:f6:7b:b9:39:18:e7:1e:65:ef:49:d7:e7:ae:e4:00:
         89:07:a8:60:dc:3d:64:37:35:30:2b:53:b4:69:37:8e:54:ec:
         2f:db:b5:f0:dd:da:5f:f9:26:fc:41:27:e0:86:f4:03:68:46:
         a6:d4:73:de:ac:84:05:20:20:09:f5:13:6c:6a:9c:a3:29:e4:
         bc:dc:32:4d:bb:86:e1:b6:aa:72:8b:c7:ac:b7:35:7c:4e:82:
         37:b6:4a:30:ea:bc:7c:43:43:ab:ac:a2:f7:15:e9:0b:f9:0b:
         00:36:c1:b5:6a:3d:80:e7:53:a1:98:dd:e5:dc:ee:0b:ce:d2:
         14:ca:e9:aa:81:d6:f3:b9:3f:db:3a:17:34:0f:d7:9a:63:10:
         75:83:a4:dd:97:f0:dc:dd:7d:54:80:3b:e3:a7:19:24:6b:66:
         4b:7d:bb:27:27:8b:4b:52:f9:34:07:3b:34:c0:9a:6b:62:50:
         d8:02:4e:ed:e6:6e:71:c2:13:04:05:63:75:a2:8c:e9:cd:c9:
         54:28:1d:ed:aa:e7:cd:ff:7b:bd:91:95:dd:db:c8:e4:50:f0:
         6a:10:43:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQLFI4ghp0lfD/tOiITRh26ZyjEswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MTQxMzEzMjVaFw0yNzA0MTMxMzE4MjVaMDMxMTAvBgNV
BAMTKDExOTU0QjEzOEY0NUVBMjUyNkZFRjIwRDlDNEM0Q0U5QjA4ODQ2Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpYe5KTZGBSCDj7m4ZKZ3w1NO6
wOspO333poDA7qjQ0R7xj/bbAMvIaeGGFHM+OYRh3JbP3cSlcgvHUUaQD+EW9wkt
I0O2V+xp4rRBt3IaGNFviAAS/YbpYN9XjMFbmHQFaPO8KeLbxnlxNx0w/NjECK+w
QBYkMRfRWgucA4Dfi79uOjqRXsqXuD4+scj8i3JZFxU5Zun7RswaJzyv3UEq7ypZ
IAyOVwO6H0CGMDzGF4wCDNVnWWVcNWhrxmpxz/5qjoITXrPyoAOJ19yW0UKk27EP
x7LR4rXGkLgKqVSB5O7lwK0iVNNcGRVVvlHgz+0MNpSYylMzs5TBTbwuuV/VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEZVLE49F6iUm/vINnExM6bCIRsowHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMTk5MDc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfE
MA0GCSqGSIb3DQEBCwUAA4IBAQDi8SeS9kDeLqK0lAqxDqmRugJhWOIxNQyD0LVv
nZPvJMZvhGzrmaj2e7k5GOceZe9J1+eu5ACJB6hg3D1kNzUwK1O0aTeOVOwv27Xw
3dpf+Sb8QSfghvQDaEam1HPerIQFICAJ9RNsapyjKeS83DJNu4bhtqpyi8estzV8
ToI3tkow6rx8Q0OrrKL3FekL+QsANsG1aj2A51OhmN3l3O4LztIUyumqgdbzuT/b
Ohc0D9eaYxB1g6Tdl/Dc3X1UgDvjpxkka2ZLfbsnJ4tLUvk0Bzs0wJprYlDYAk7t
5m5xwhMEBWN1oozpzclUKB3tqufN/3u9kZXd28jkUPBqEEO7
-----END CERTIFICATE-----