Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa
File:                     AS198087.roa (raw, json)
Hash identifier:          AsoOmMnEK/NqVL4gMWjl1RthXfb9z3xqEtJM7cRqmkQ=
Subject key identifier:   7D:B1:1F:94:14:8E:C3:70:68:75:26:E4:61:EE:95:D3:1D:5A:54:75
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       66C0E42C42EB89C62F0CCC86BB8C885D3B6D2479
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa
Signing time:             Wed 08 Apr 2026 06:49:30 +0000
ROA not before:           Wed 08 Apr 2026 06:44:30 +0000
ROA not after:            Wed 07 Apr 2027 06:49:30 +0000
asID:                     198087
IP address blocks:        178.83.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:c0:e4:2c:42:eb:89:c6:2f:0c:cc:86:bb:8c:88:5d:3b:6d:24:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  8 06:44:30 2026 GMT
            Not After : Apr  7 06:49:30 2027 GMT
        Subject: CN=7DB11F94148EC370687526E461EE95D31D5A5475
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:27:03:4e:c7:36:eb:eb:e7:b5:37:de:fb:5b:
                    ea:a7:2f:19:b8:5d:c8:42:32:64:40:0e:75:4a:ee:
                    ea:9a:0d:52:fc:5b:cd:b2:f9:d5:28:32:80:e0:cb:
                    11:bb:c8:02:c1:3b:a5:92:db:1f:63:b6:96:6d:cb:
                    c9:cd:81:c8:d9:3a:81:2c:bd:c4:74:6a:9f:44:0d:
                    d8:70:3c:12:5f:d3:b2:a8:b4:f4:3e:7e:71:0b:e6:
                    29:5b:92:be:3d:bb:88:c7:0b:77:c4:13:1a:04:8c:
                    49:6e:f5:0a:a7:29:36:bd:fd:62:33:db:3d:1c:9b:
                    cb:26:22:c6:5a:ce:4a:ca:21:a2:cd:d7:ae:2b:4a:
                    7d:33:ce:62:11:bf:e4:63:d1:9e:d5:9a:07:a7:a7:
                    6e:c4:79:09:a3:bf:ce:02:52:a8:51:5a:6b:6e:c6:
                    e3:4a:65:2e:12:27:b0:6b:70:bb:a2:22:47:b1:15:
                    70:49:48:7c:64:22:bb:b4:05:b8:0f:fa:7c:dc:c8:
                    1c:d5:bb:db:6e:f5:17:9f:41:4e:45:ae:aa:7f:da:
                    ae:fa:35:67:60:85:67:0f:da:11:72:b5:8e:3c:89:
                    b3:05:f4:9d:45:b8:9b:35:c3:3a:e7:bd:99:95:2d:
                    94:32:b5:84:dc:f1:4c:c2:d2:fd:00:68:d0:3e:78:
                    da:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B1:1F:94:14:8E:C3:70:68:75:26:E4:61:EE:95:D3:1D:5A:54:75
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198087.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:0e:91:46:dd:75:fa:ff:55:dc:9b:20:23:9b:88:5b:d7:09:
         b7:d3:8f:89:cb:71:b0:25:87:c1:50:e4:b5:18:cc:b7:48:49:
         e3:93:b8:95:57:65:d2:be:92:22:76:57:0c:de:a0:0d:44:1b:
         a3:df:67:6c:ca:57:b0:ca:69:96:01:37:99:2e:5d:32:0f:ea:
         ab:6b:d9:88:da:a5:48:2d:ba:66:b6:97:9e:b1:8c:ae:ea:78:
         26:a1:21:72:e7:9f:b5:ef:71:c6:3a:0c:95:6b:34:03:04:24:
         7f:8b:84:98:e5:28:f7:a5:ba:4a:b8:f7:c4:80:5e:3a:6b:f0:
         29:0f:33:ba:94:c4:0e:92:f9:6d:d5:c5:68:2e:ac:ab:e4:ea:
         24:9b:87:1b:2e:3e:b9:70:11:01:8b:60:3b:86:3e:1f:0d:51:
         4a:c7:91:e0:d4:ab:db:9b:c0:31:74:97:24:62:a0:14:18:09:
         ef:78:f0:54:bd:0b:3e:c7:30:68:8e:3d:89:e1:bb:5a:74:33:
         05:36:a8:ce:da:36:75:f3:80:fe:00:d9:da:3b:9b:87:8a:0e:
         72:d6:de:98:82:42:22:0d:ef:91:fa:d0:02:c8:71:71:7f:cb:
         00:8d:f2:ab:5d:17:87:92:df:5e:f5:6c:60:35:09:dc:c5:2b:
         a9:f1:b0:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZsDkLELricYvDMyGu4yIXTttJHkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDgwNjQ0MzBaFw0yNzA0MDcwNjQ5MzBaMDMxMTAvBgNV
BAMTKDdEQjExRjk0MTQ4RUMzNzA2ODc1MjZFNDYxRUU5NUQzMUQ1QTU0NzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpJwNOxzbr6+e1N977W+qnLxm4
XchCMmRADnVK7uqaDVL8W82y+dUoMoDgyxG7yALBO6WS2x9jtpZty8nNgcjZOoEs
vcR0ap9EDdhwPBJf07KotPQ+fnEL5ilbkr49u4jHC3fEExoEjElu9QqnKTa9/WIz
2z0cm8smIsZazkrKIaLN164rSn0zzmIRv+Rj0Z7Vmgenp27EeQmjv84CUqhRWmtu
xuNKZS4SJ7BrcLuiIkexFXBJSHxkIru0BbgP+nzcyBzVu9tu9RefQU5Frqp/2q76
NWdghWcP2hFytY48ibMF9J1FuJs1wzrnvZmVLZQytYTc8UzC0v0AaNA+eNoBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfbEflBSOw3BodSbkYe6V0x1aVHUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4MDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslOW
MA0GCSqGSIb3DQEBCwUAA4IBAQAODpFG3XX6/1XcmyAjm4hb1wm304+Jy3GwJYfB
UOS1GMy3SEnjk7iVV2XSvpIidlcM3qANRBuj32dsylewymmWATeZLl0yD+qra9mI
2qVILbpmtpeesYyu6ngmoSFy55+173HGOgyVazQDBCR/i4SY5Sj3pbpKuPfEgF46
a/ApDzO6lMQOkvlt1cVoLqyr5Ookm4cbLj65cBEBi2A7hj4fDVFKx5Hg1Kvbm8Ax
dJckYqAUGAnvePBUvQs+xzBojj2J4btadDMFNqjO2jZ184D+ANnaO5uHig5y1t6Y
gkIiDe+R+tACyHFxf8sAjfKrXReHkt9e9WxgNQncxSup8bAe
-----END CERTIFICATE-----