Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198825.roa
File:                     AS198825.roa (raw, json)
Hash identifier:          hV4y7WM8gjQhnKNy0FnPgG+d2QQuTmEtAPz1GeOQEIk=
Subject key identifier:   EF:42:F7:58:4E:14:58:74:C6:3B:1B:1A:7A:B2:70:EE:22:A4:46:94
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7F6DD58E3888DF0ADF73B7904CD7315B9B3029D4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198825.roa
Signing time:             Tue 21 Oct 2025 12:10:20 +0000
ROA not before:           Tue 21 Oct 2025 12:05:20 +0000
ROA not after:            Tue 20 Oct 2026 12:10:20 +0000
asID:                     198825
IP address blocks:        82.22.7.0/24 maxlen: 24
                          82.22.77.0/24 maxlen: 24
                          82.26.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:6d:d5:8e:38:88:df:0a:df:73:b7:90:4c:d7:31:5b:9b:30:29:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 21 12:05:20 2025 GMT
            Not After : Oct 20 12:10:20 2026 GMT
        Subject: CN=EF42F7584E145874C63B1B1A7AB270EE22A44694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:48:22:21:ac:ac:de:4b:30:48:4f:0a:44:41:
                    8e:6d:99:9a:e4:66:05:16:21:b2:b7:1e:16:89:23:
                    e2:74:d4:13:b4:13:8f:ff:c3:fc:1a:a3:f6:fa:5a:
                    3e:73:4f:96:16:3c:e6:eb:b4:2a:53:bb:1a:0e:7b:
                    b9:0a:66:0d:32:e1:fb:82:02:f3:03:30:35:71:d1:
                    7c:63:48:f8:8b:85:f2:9e:74:1a:3e:ab:ac:39:96:
                    d0:f1:ce:5c:03:80:98:1f:64:54:2e:29:90:70:3f:
                    8a:e0:63:ba:99:ca:25:c0:b9:ce:68:f6:61:4e:fa:
                    be:fe:b8:5f:cc:bd:a7:b6:c0:2c:10:f4:c3:89:2c:
                    d8:a6:0b:9a:03:06:ff:8d:d4:b7:b2:80:09:51:e9:
                    49:9c:29:65:0c:bc:ee:f6:4e:9f:52:21:61:f9:3c:
                    6b:e2:88:79:2d:99:e1:94:4d:2a:3c:f7:c2:69:6d:
                    81:62:c7:d0:ed:ea:ec:9d:fb:45:05:88:40:be:55:
                    23:09:7b:93:5f:52:22:2f:45:09:e9:8a:a0:67:4a:
                    33:b9:16:73:56:c6:0b:fc:b7:07:04:30:c7:6d:10:
                    38:5b:29:4b:91:0d:b2:90:71:c6:83:61:8d:78:3a:
                    1b:36:e3:8d:72:e8:a4:b3:01:d7:2f:e3:d0:3d:61:
                    bb:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:42:F7:58:4E:14:58:74:C6:3B:1B:1A:7A:B2:70:EE:22:A4:46:94
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198825.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.7.0/24
                  82.22.77.0/24
                  82.26.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:85:ee:8b:4a:7d:dd:23:6f:f3:f3:e1:9e:9a:0b:cc:1a:4c:
         ae:47:77:ec:55:5a:f1:e7:80:2b:a3:73:1c:93:28:4a:85:f0:
         6a:e1:d0:90:f5:f1:96:72:98:c6:6b:50:8a:e8:5a:fb:56:99:
         ec:18:20:b6:a1:64:39:39:14:46:bc:b1:62:c0:11:f5:9d:d1:
         89:36:46:56:b7:22:bc:fd:94:b5:bd:21:e0:87:83:aa:9a:8e:
         54:da:58:e7:07:22:b3:35:2a:7c:81:11:0e:d4:d9:d7:1d:25:
         cd:10:27:76:3d:c4:d4:68:03:e5:f4:f3:0e:03:ed:30:be:64:
         bc:c4:91:b3:e4:1a:d9:87:1a:e8:b9:8c:a9:a1:b2:f9:f5:8f:
         f3:76:f7:47:29:ab:15:11:91:58:62:da:85:83:01:2f:54:ab:
         23:8a:76:d3:8e:79:90:ef:77:a9:c0:6f:e8:01:75:cc:cf:9e:
         2e:96:c6:65:22:e7:8a:16:23:7e:ca:ab:3e:a5:4b:cb:05:e7:
         03:fe:7e:9c:08:2d:fb:4b:8f:b7:fd:10:b6:9f:be:03:e3:98:
         b2:de:76:25:ad:fb:52:f0:ea:43:62:da:d7:5c:22:58:9b:e0:
         ad:0d:d8:af:19:23:cf:3b:1b:60:ae:64:2b:f9:73:e3:6c:77:
         f3:81:6c:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUf23VjjiI3wrfc7eQTNcxW5swKdQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjExMjA1MjBaFw0yNjEwMjAxMjEwMjBaMDMxMTAvBgNV
BAMTKEVGNDJGNzU4NEUxNDU4NzRDNjNCMUIxQTdBQjI3MEVFMjJBNDQ2OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/SCIhrKzeSzBITwpEQY5tmZrk
ZgUWIbK3HhaJI+J01BO0E4//w/wao/b6Wj5zT5YWPObrtCpTuxoOe7kKZg0y4fuC
AvMDMDVx0XxjSPiLhfKedBo+q6w5ltDxzlwDgJgfZFQuKZBwP4rgY7qZyiXAuc5o
9mFO+r7+uF/Mvae2wCwQ9MOJLNimC5oDBv+N1LeygAlR6UmcKWUMvO72Tp9SIWH5
PGviiHktmeGUTSo898JpbYFix9Dt6uyd+0UFiEC+VSMJe5NfUiIvRQnpiqBnSjO5
FnNWxgv8twcEMMdtEDhbKUuRDbKQccaDYY14Ohs2441y6KSzAdcv49A9YbthAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU70L3WE4UWHTGOxsaerJw7iKkRpQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4ODI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUhYH
AwQAUhZNAwQAUhqdMA0GCSqGSIb3DQEBCwUAA4IBAQCUhe6LSn3dI2/z8+GemgvM
GkyuR3fsVVrx54Aro3MckyhKhfBq4dCQ9fGWcpjGa1CK6Fr7VpnsGCC2oWQ5ORRG
vLFiwBH1ndGJNkZWtyK8/ZS1vSHgh4Oqmo5U2ljnByKzNSp8gREO1NnXHSXNECd2
PcTUaAPl9PMOA+0wvmS8xJGz5BrZhxrouYypobL59Y/zdvdHKasVEZFYYtqFgwEv
VKsjinbTjnmQ73epwG/oAXXMz54ulsZlIueKFiN+yqs+pUvLBecD/n6cCC37S4+3
/RC2n74D45iy3nYlrftS8OpDYtrXXCJYm+CtDdivGSPPOxtgrmQr+XPjbHfzgWwM
-----END CERTIFICATE-----