Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197959.roa
File:                     AS197959.roa (raw, json)
Hash identifier:          xM4p8que6fGJ4qGpM3kTMXlup7WPYhbmxobF/O7Pqvk=
Subject key identifier:   FB:57:3F:77:68:AC:4D:99:1D:40:17:71:7C:32:4E:F4:2C:63:D2:FB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7641AB4B05A0AC6AA977E90351A33F5087DF57E9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197959.roa
Signing time:             Thu 11 Jun 2026 14:59:25 +0000
ROA not before:           Thu 11 Jun 2026 14:54:25 +0000
ROA not after:            Thu 10 Jun 2027 14:59:25 +0000
asID:                     197959
IP address blocks:        84.75.44.0/22 maxlen: 22
                          84.75.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:41:ab:4b:05:a0:ac:6a:a9:77:e9:03:51:a3:3f:50:87:df:57:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 11 14:54:25 2026 GMT
            Not After : Jun 10 14:59:25 2027 GMT
        Subject: CN=FB573F7768AC4D991D4017717C324EF42C63D2FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:55:65:66:d4:33:d4:67:16:7d:44:e2:f3:25:
                    42:9b:e1:15:1b:03:0d:69:cd:43:80:95:ec:8b:58:
                    ac:a3:d5:f1:bf:9f:7c:16:da:4e:4f:59:f3:2e:5d:
                    bd:fd:f7:ae:df:af:d2:e8:a1:79:20:cc:57:dd:0e:
                    45:55:0d:6a:38:51:27:0c:72:38:fa:f1:55:31:f9:
                    b5:b6:15:00:71:dc:b1:93:3b:75:a9:fb:bd:56:12:
                    22:0b:29:ad:29:9c:85:38:90:bd:ee:83:5b:37:b6:
                    d6:f0:db:40:58:a8:f3:f2:24:55:b4:0a:14:06:b6:
                    2d:14:d2:1c:94:1c:d1:46:88:ee:5c:a4:a7:0a:f6:
                    ac:7f:c0:20:fa:c4:87:70:0c:e4:c1:e0:9a:57:f5:
                    7a:a2:82:86:a3:a7:88:62:bb:62:96:01:4a:63:25:
                    c3:bf:dd:db:2b:55:61:77:f6:e5:10:50:1d:c2:1f:
                    4e:15:d3:bc:4a:42:46:ce:ec:9a:c7:72:3d:6b:70:
                    af:3f:0d:4a:77:e8:b6:8a:1c:16:ad:07:d2:c8:ee:
                    09:83:cd:ca:a1:54:14:e6:a7:98:70:48:21:46:ae:
                    84:1d:b6:b2:38:13:23:0a:81:97:20:7a:dc:91:e2:
                    2a:2c:90:9f:27:ca:09:ea:64:2e:60:33:7e:7d:3c:
                    8b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:57:3F:77:68:AC:4D:99:1D:40:17:71:7C:32:4E:F4:2C:63:D2:FB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197959.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.44.0/22
                  84.75.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:70:f9:a6:e8:ef:03:2e:75:66:bd:55:3b:e1:01:c2:d1:59:
         55:f4:0f:dd:41:62:c7:bf:22:44:aa:56:1a:26:49:b1:9d:40:
         35:52:c4:95:fa:ef:be:d4:34:5b:95:d9:68:54:1f:3a:d3:2a:
         00:73:c8:12:a4:d3:2e:d2:ab:64:60:c5:84:4c:2f:a9:98:3c:
         9a:5c:7b:5b:14:94:4c:5d:fe:a7:84:0d:55:28:7c:a3:2b:fe:
         fc:0d:7e:f2:ac:0d:ff:43:33:b7:52:45:da:9d:2c:18:7e:75:
         a2:32:6d:e2:b6:19:24:91:86:cc:8e:95:bb:49:e1:74:da:db:
         2f:a4:72:e4:21:c1:cc:d7:e3:38:c7:d8:78:04:6e:61:7c:df:
         26:3c:f6:92:65:8f:ae:7b:dd:4c:63:3e:7c:ec:50:8a:50:f5:
         4a:74:65:cb:f0:83:2e:31:a3:cc:35:f1:f7:07:41:52:9e:20:
         2a:17:34:dc:e6:d6:6d:55:a6:4f:ca:ce:1b:fd:56:df:55:9c:
         83:55:ff:f0:e9:5b:ba:2c:ac:67:8b:99:1b:7b:c0:84:53:a5:
         a5:33:16:c6:d9:97:bf:63:f3:d9:52:26:51:44:dc:23:65:ee:
         37:6d:4a:ff:82:4b:17:91:13:20:ce:02:4c:2b:36:92:1b:b0:
         b6:b9:0b:2d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdkGrSwWgrGqpd+kDUaM/UIffV+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MTExNDU0MjVaFw0yNzA2MTAxNDU5MjVaMDMxMTAvBgNV
BAMTKEZCNTczRjc3NjhBQzREOTkxRDQwMTc3MTdDMzI0RUY0MkM2M0QyRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqVWVm1DPUZxZ9ROLzJUKb4RUb
Aw1pzUOAleyLWKyj1fG/n3wW2k5PWfMuXb39967fr9LooXkgzFfdDkVVDWo4UScM
cjj68VUx+bW2FQBx3LGTO3Wp+71WEiILKa0pnIU4kL3ug1s3ttbw20BYqPPyJFW0
ChQGti0U0hyUHNFGiO5cpKcK9qx/wCD6xIdwDOTB4JpX9Xqigoajp4hiu2KWAUpj
JcO/3dsrVWF39uUQUB3CH04V07xKQkbO7JrHcj1rcK8/DUp36LaKHBatB9LI7gmD
zcqhVBTmp5hwSCFGroQdtrI4EyMKgZcgetyR4ioskJ8nygnqZC5gM359PIsNAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU+1c/d2isTZkdQBdxfDJO9Cxj0vswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk3OTU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVEss
AwQCVEs4MA0GCSqGSIb3DQEBCwUAA4IBAQB5cPmm6O8DLnVmvVU74QHC0VlV9A/d
QWLHvyJEqlYaJkmxnUA1UsSV+u++1DRbldloVB860yoAc8gSpNMu0qtkYMWETC+p
mDyaXHtbFJRMXf6nhA1VKHyjK/78DX7yrA3/QzO3UkXanSwYfnWiMm3ithkkkYbM
jpW7SeF02tsvpHLkIcHM1+M4x9h4BG5hfN8mPPaSZY+ue91MYz587FCKUPVKdGXL
8IMuMaPMNfH3B0FSniAqFzTc5tZtVaZPys4b/VbfVZyDVf/w6Vu6LKxni5kbe8CE
U6WlMxbG2Ze/Y/PZUiZRRNwjZe43bUr/gksXkRMgzgJMKzaSG7C2uQst
-----END CERTIFICATE-----