Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198690.roa
File:                     AS198690.roa (raw, json)
Hash identifier:          7uGuNA840YjlLSUe0AlfAsu2ztPXALVwmTRE0IzFMhg=
Subject key identifier:   6D:20:ED:29:A9:9F:25:B5:31:04:1F:DE:5A:0C:BE:0B:50:47:73:09
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       503C1B30CDCD55C51DF0EBF8F5D2DF93C06075D9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198690.roa
Signing time:             Sun 12 Apr 2026 13:59:21 +0000
ROA not before:           Sun 12 Apr 2026 13:54:21 +0000
ROA not after:            Sun 11 Apr 2027 13:59:21 +0000
asID:                     198690
IP address blocks:        82.41.65.0/24 maxlen: 24
                          2a13:9500:162::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:3c:1b:30:cd:cd:55:c5:1d:f0:eb:f8:f5:d2:df:93:c0:60:75:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 12 13:54:21 2026 GMT
            Not After : Apr 11 13:59:21 2027 GMT
        Subject: CN=6D20ED29A99F25B531041FDE5A0CBE0B50477309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:be:0f:da:f3:e2:d0:92:3f:81:8d:76:bf:46:
                    b5:cb:ff:3e:a7:b3:61:c5:e9:3a:48:5e:0f:70:8f:
                    cf:42:45:2a:9f:f0:78:78:25:94:50:a9:ed:4b:3f:
                    62:f9:45:42:8a:93:8b:d2:71:46:33:ec:b7:37:48:
                    af:e7:78:1a:a4:50:90:71:19:93:cd:e0:b5:dc:8e:
                    7a:52:c2:b5:ec:70:30:a5:da:01:c9:02:72:e1:a3:
                    c5:5f:53:b5:44:cd:0c:6b:88:21:c9:52:e2:31:a1:
                    62:3b:83:aa:6b:24:8e:f1:07:54:6b:b1:88:95:2b:
                    cc:ff:50:99:89:7d:d7:55:74:0d:7c:48:9c:e6:a3:
                    52:81:89:06:32:f1:0b:62:2f:c7:a5:a6:3f:b1:4f:
                    e8:a9:56:97:a4:9e:91:1f:1e:32:6f:7e:53:aa:6a:
                    ef:16:5d:ab:99:af:3c:da:34:06:e8:6f:a5:a1:6b:
                    8e:b7:89:2d:f1:b9:7b:68:b1:8f:0f:53:5d:cd:f4:
                    f3:5d:df:22:64:2e:de:09:b8:24:85:a0:2a:35:a5:
                    2b:27:67:98:84:7f:c6:64:08:2c:8c:fd:56:d8:52:
                    8b:1c:c4:43:93:53:7b:5b:03:9e:06:32:87:ed:88:
                    27:eb:96:34:49:ff:88:6f:56:00:3d:85:5e:e6:6b:
                    49:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:20:ED:29:A9:9F:25:B5:31:04:1F:DE:5A:0C:BE:0B:50:47:73:09
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.65.0/24
                IPv6:
                  2a13:9500:162::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:53:fd:5e:cf:0f:62:3a:af:ce:61:ee:cb:92:bb:74:0d:b1:
         55:7a:4e:83:d6:0a:57:34:39:a3:0d:88:69:b2:cf:8b:dc:b8:
         3f:16:7f:97:4f:b1:cc:e8:96:bb:6b:79:f0:fd:59:22:2d:ed:
         8e:14:24:1f:31:e8:fe:bf:4c:14:ff:7e:0a:7a:66:ec:03:d6:
         de:92:42:29:6e:ab:d6:3e:e6:5d:5d:b9:28:e6:15:83:03:0d:
         c4:23:39:f9:df:2b:30:ac:28:c6:96:db:6a:01:33:98:3d:36:
         0a:56:ca:37:ef:6d:f3:2e:84:d6:72:3e:d9:dd:77:6a:c0:40:
         3f:57:76:54:57:c6:d2:c2:fd:5c:bb:83:54:92:4c:c5:b1:1c:
         53:be:94:b2:23:58:5b:6b:f8:f7:a8:2a:c4:4d:72:0b:9c:ca:
         ad:53:7d:dd:fb:e4:75:be:26:ef:23:da:e9:a1:bd:fb:c7:2d:
         b0:60:af:df:2b:92:e2:69:9c:e3:5b:50:ad:b2:69:ba:a8:41:
         7b:50:fe:d7:c9:6d:39:93:72:f9:6f:72:73:bc:7b:ce:e2:9f:
         c3:22:8e:c0:70:0b:ef:a2:5e:c2:ab:09:3b:b5:4c:28:9c:05:
         6b:62:33:5d:c9:c1:82:33:ed:ec:a6:26:08:85:26:73:b0:ea:
         f2:98:62:6b
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUUDwbMM3NVcUd8Ov49dLfk8BgddkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTIxMzU0MjFaFw0yNzA0MTExMzU5MjFaMDMxMTAvBgNV
BAMTKDZEMjBFRDI5QTk5RjI1QjUzMTA0MUZERTVBMENCRTBCNTA0NzczMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOvg/a8+LQkj+BjXa/RrXL/z6n
s2HF6TpIXg9wj89CRSqf8Hh4JZRQqe1LP2L5RUKKk4vScUYz7Lc3SK/neBqkUJBx
GZPN4LXcjnpSwrXscDCl2gHJAnLho8VfU7VEzQxriCHJUuIxoWI7g6prJI7xB1Rr
sYiVK8z/UJmJfddVdA18SJzmo1KBiQYy8QtiL8elpj+xT+ipVpeknpEfHjJvflOq
au8WXauZrzzaNAbob6Wha463iS3xuXtosY8PU13N9PNd3yJkLt4JuCSFoCo1pSsn
Z5iEf8ZkCCyM/VbYUoscxEOTU3tbA54GMoftiCfrljRJ/4hvVgA9hV7ma0kHAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUbSDtKamfJbUxBB/eWgy+C1BHcwkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4NjkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUilB
MA8EAgACMAkDBwAqE5UAAWIwDQYJKoZIhvcNAQELBQADggEBAIpT/V7PD2I6r85h
7suSu3QNsVV6ToPWClc0OaMNiGmyz4vcuD8Wf5dPsczolrtrefD9WSIt7Y4UJB8x
6P6/TBT/fgp6ZuwD1t6SQiluq9Y+5l1duSjmFYMDDcQjOfnfKzCsKMaW22oBM5g9
NgpWyjfvbfMuhNZyPtndd2rAQD9XdlRXxtLC/Vy7g1SSTMWxHFO+lLIjWFtr+Peo
KsRNcgucyq1Tfd375HW+Ju8j2umhvfvHLbBgr98rkuJpnONbUK2yabqoQXtQ/tfJ
bTmTcvlvcnO8e87in8MijsBwC++iXsKrCTu1TCicBWtiM13JwYIz7eymJgiFJnOw
6vKYYms=
-----END CERTIFICATE-----