Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198071.roa
File:                     AS198071.roa (raw, json)
Hash identifier:          Cu8xv8bgA3c1B9jFvjhDq2CgMvosioXv7g6a6BP0MyA=
Subject key identifier:   44:47:04:92:96:5A:42:51:95:E5:D3:2D:26:C4:C6:49:AE:E5:3A:4D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       CB9233CE57B13D2A43C32A997692433D2F70CB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198071.roa
Signing time:             Wed 15 Apr 2026 05:31:04 +0000
ROA not before:           Wed 15 Apr 2026 05:26:04 +0000
ROA not after:            Wed 14 Apr 2027 05:31:04 +0000
asID:                     198071
IP address blocks:        82.47.48.0/24 maxlen: 24
                          2a13:9500:164::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            cb:92:33:ce:57:b1:3d:2a:43:c3:2a:99:76:92:43:3d:2f:70:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 15 05:26:04 2026 GMT
            Not After : Apr 14 05:31:04 2027 GMT
        Subject: CN=44470492965A425195E5D32D26C4C649AEE53A4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d4:0b:7c:13:cd:60:8c:f8:fb:89:04:a4:47:
                    1b:19:9c:d8:ec:5a:62:9d:86:cb:4b:86:19:15:ea:
                    58:28:a8:4f:9f:27:d0:72:c3:a1:23:29:89:39:9a:
                    01:95:ec:99:3f:0c:a6:8a:46:bd:49:d2:25:d6:8f:
                    49:41:d7:ed:0b:24:df:66:0d:f7:aa:cb:0b:a7:fe:
                    17:dc:47:79:c8:55:95:28:81:e3:35:a8:2b:ec:0a:
                    13:5e:b5:d2:b4:68:3a:3d:ef:13:0c:02:60:6d:9c:
                    f4:e9:42:1f:e9:a7:01:58:a6:29:1e:76:f7:e4:03:
                    6f:c0:77:eb:b4:aa:7c:21:f8:36:d5:ee:7e:46:92:
                    c2:79:21:e6:a6:ea:71:3c:17:b0:52:a9:15:ec:b0:
                    d3:24:dc:f5:41:64:81:24:5a:fc:e6:2e:4f:a0:5a:
                    b3:d4:cd:f1:35:10:d2:9b:74:6c:19:19:f9:cb:86:
                    96:47:62:3b:1c:2c:68:e2:ff:ca:5a:84:8e:31:49:
                    4d:0d:fa:9b:d8:0b:31:0d:00:ca:3b:67:76:55:e8:
                    a1:6c:54:61:95:1c:7a:7f:a8:e6:47:f2:42:dc:e9:
                    e3:c9:11:70:9f:8f:a0:c9:b9:9f:86:e1:e8:28:a9:
                    02:96:e9:99:06:57:27:ae:c7:0f:56:c5:96:e1:bc:
                    37:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:47:04:92:96:5A:42:51:95:E5:D3:2D:26:C4:C6:49:AE:E5:3A:4D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.48.0/24
                IPv6:
                  2a13:9500:164::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:1a:35:1e:89:8d:0f:b9:91:b0:98:28:6d:64:fd:f8:1b:ae:
         b5:62:47:10:39:9c:64:57:e0:7a:69:b0:8e:cc:8c:0e:30:6c:
         0d:92:af:77:9c:12:26:1e:0d:a2:b1:49:82:93:26:ff:1e:6a:
         44:7c:aa:6c:a0:a6:65:4c:2f:68:2f:e0:8a:a5:6f:5a:18:ad:
         2c:6e:ed:9c:fc:e0:bf:b0:0c:62:36:88:ec:4d:4d:d4:d9:bf:
         d9:d4:09:af:92:ee:d8:76:08:e3:ce:d3:86:26:4e:10:41:7e:
         01:24:db:e6:df:67:f2:d5:85:25:c9:b4:9c:bd:33:02:ef:0d:
         d2:f2:9e:be:23:74:ea:23:98:64:76:eb:5d:37:f9:53:88:de:
         29:89:95:89:eb:d1:94:a3:1c:57:7b:de:3b:59:b0:61:44:61:
         b1:61:13:36:76:09:6f:30:1d:01:c0:36:c1:84:18:e0:4a:7b:
         b5:43:ce:0d:c0:73:3a:ff:09:43:d6:2a:59:4d:b4:0c:8c:0c:
         03:7c:6e:ab:4f:65:b5:62:00:dc:c6:14:1b:5e:e6:8f:d3:cd:
         87:7f:f8:45:ba:fb:49:ec:cc:98:63:71:44:76:0d:92:66:aa:
         2e:fb:e6:87:4b:3d:56:a0:41:55:b1:6c:0f:70:be:c3:ab:c9:
         ae:fc:c1:64
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUAMuSM85XsT0qQ8MqmXaSQz0vcMswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTUwNTI2MDRaFw0yNzA0MTQwNTMxMDRaMDMxMTAvBgNV
BAMTKDQ0NDcwNDkyOTY1QTQyNTE5NUU1RDMyRDI2QzRDNjQ5QUVFNTNBNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG1At8E81gjPj7iQSkRxsZnNjs
WmKdhstLhhkV6lgoqE+fJ9Byw6EjKYk5mgGV7Jk/DKaKRr1J0iXWj0lB1+0LJN9m
Dfeqywun/hfcR3nIVZUogeM1qCvsChNetdK0aDo97xMMAmBtnPTpQh/ppwFYpike
dvfkA2/Ad+u0qnwh+DbV7n5GksJ5Ieam6nE8F7BSqRXssNMk3PVBZIEkWvzmLk+g
WrPUzfE1ENKbdGwZGfnLhpZHYjscLGji/8pahI4xSU0N+pvYCzENAMo7Z3ZV6KFs
VGGVHHp/qOZH8kLc6ePJEXCfj6DJuZ+G4egoqQKW6ZkGVyeuxw9WxZbhvDdpAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUREcEkpZaQlGV5dMtJsTGSa7lOk0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4MDcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUi8w
MA8EAgACMAkDBwAqE5UAAWQwDQYJKoZIhvcNAQELBQADggEBABcaNR6JjQ+5kbCY
KG1k/fgbrrViRxA5nGRX4HppsI7MjA4wbA2Sr3ecEiYeDaKxSYKTJv8eakR8qmyg
pmVML2gv4Iqlb1oYrSxu7Zz84L+wDGI2iOxNTdTZv9nUCa+S7th2COPO04YmThBB
fgEk2+bfZ/LVhSXJtJy9MwLvDdLynr4jdOojmGR26103+VOI3imJlYnr0ZSjHFd7
3jtZsGFEYbFhEzZ2CW8wHQHANsGEGOBKe7VDzg3Aczr/CUPWKllNtAyMDAN8bqtP
ZbViANzGFBte5o/TzYd/+EW6+0nszJhjcUR2DZJmqi775odLPVagQVWxbA9wvsOr
ya78wWQ=
-----END CERTIFICATE-----