Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198831.roa
File:                     AS198831.roa (raw, json)
Hash identifier:          JvK4yH99V9yiYEVg1ENhdYnqh4GoK16YRnvnxg0Vz/0=
Subject key identifier:   2E:11:04:8E:C8:D5:97:EB:EF:C0:A1:01:33:FD:42:06:5C:38:7E:B4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       615FC20E7E9764D4C6C7415868DCF88181E20CDC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198831.roa
Signing time:             Sun 08 Jun 2025 17:10:25 +0000
ROA not before:           Sun 08 Jun 2025 17:05:25 +0000
ROA not after:            Sun 07 Jun 2026 17:10:25 +0000
asID:                     198831
IP address blocks:        82.24.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:5f:c2:0e:7e:97:64:d4:c6:c7:41:58:68:dc:f8:81:81:e2:0c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  8 17:05:25 2025 GMT
            Not After : Jun  7 17:10:25 2026 GMT
        Subject: CN=2E11048EC8D597EBEFC0A10133FD42065C387EB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d5:7b:f3:72:d5:32:43:99:6f:e9:a5:ab:72:
                    4a:cf:87:52:3d:e3:e6:fe:1b:20:81:ba:8c:dd:58:
                    c6:18:28:ad:a8:2e:ab:05:e2:d8:9f:61:18:a5:dc:
                    46:7d:42:12:9b:d6:52:f1:0e:62:40:e9:02:f4:a2:
                    d9:10:a3:c3:68:c5:7a:29:58:23:df:fd:dd:fc:ba:
                    1b:6c:d8:59:51:2a:5b:6e:97:c2:65:36:78:3e:49:
                    1d:96:3c:7e:d8:8c:d8:d2:70:c9:8d:aa:df:7c:e5:
                    d1:6a:89:01:a8:e3:c9:3d:aa:ad:4f:e5:79:1a:c9:
                    2a:4a:a4:1c:f5:d8:5d:31:7f:40:d4:e7:90:2d:43:
                    62:da:0b:4c:15:29:2d:ef:6f:25:a9:78:00:fe:dd:
                    7e:27:a1:ee:f7:a7:a9:1f:ec:51:4e:26:05:85:33:
                    00:80:4f:6b:42:6a:05:d1:78:cf:0f:ae:23:ea:85:
                    84:36:b8:98:56:a9:f2:a9:20:6f:8c:fb:bc:fd:3c:
                    ca:04:95:c4:4c:cc:eb:2a:8d:7a:fd:b5:b9:d5:e3:
                    f3:e1:0d:f4:7c:f0:e4:a0:99:af:13:7b:7b:46:5b:
                    66:16:bc:62:cb:bf:9e:aa:ec:60:d5:8e:54:dc:bf:
                    7f:ab:31:f2:48:d0:03:8f:68:5d:63:88:f2:46:33:
                    04:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:11:04:8E:C8:D5:97:EB:EF:C0:A1:01:33:FD:42:06:5C:38:7E:B4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS198831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:70:3c:21:cc:e2:57:99:79:81:51:02:24:07:c8:29:74:e5:
         20:a5:ed:45:d2:89:85:d1:88:28:3d:0f:9d:d7:aa:07:de:d2:
         cc:22:f5:5e:dd:d8:3b:df:ac:e1:10:23:da:b4:cb:ea:39:de:
         20:19:6e:b8:43:ae:c9:53:fb:5b:d4:5b:98:8b:0f:e2:78:59:
         59:13:66:91:4c:a4:e8:e2:75:63:fe:d8:70:49:67:ab:f5:42:
         ac:1d:c8:f1:81:a0:bd:80:3e:8f:70:73:5b:7d:3f:17:7b:4e:
         14:b0:34:ee:bc:15:65:0a:87:61:d1:65:30:c0:65:73:0d:66:
         ae:21:79:fe:5e:73:c5:bf:bf:e7:bf:c8:c2:73:0a:37:17:f6:
         79:f3:00:50:b9:fa:6c:5b:46:28:0d:58:80:4f:e0:ac:a2:98:
         39:39:0f:05:a9:fe:23:03:bd:cc:91:28:6d:96:6e:9c:56:51:
         ca:e3:9e:a2:cc:8b:73:c9:c9:ec:ed:6c:66:a3:a8:1a:88:21:
         51:d3:1c:24:5f:9f:75:55:4d:fd:77:dd:18:70:3c:bc:aa:b3:
         67:fc:a6:4c:0b:41:d6:23:50:a9:3a:97:df:9d:a6:b9:64:8b:
         0a:c1:e3:86:68:6f:a9:c4:d9:85:5e:e9:1f:a5:fe:aa:bf:b3:
         af:04:67:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYV/CDn6XZNTGx0FYaNz4gYHiDNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDgxNzA1MjVaFw0yNjA2MDcxNzEwMjVaMDMxMTAvBgNV
BAMTKDJFMTEwNDhFQzhENTk3RUJFRkMwQTEwMTMzRkQ0MjA2NUMzODdFQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH1XvzctUyQ5lv6aWrckrPh1I9
4+b+GyCBuozdWMYYKK2oLqsF4tifYRil3EZ9QhKb1lLxDmJA6QL0otkQo8NoxXop
WCPf/d38uhts2FlRKltul8JlNng+SR2WPH7YjNjScMmNqt985dFqiQGo48k9qq1P
5XkaySpKpBz12F0xf0DU55AtQ2LaC0wVKS3vbyWpeAD+3X4noe73p6kf7FFOJgWF
MwCAT2tCagXReM8PriPqhYQ2uJhWqfKpIG+M+7z9PMoElcRMzOsqjXr9tbnV4/Ph
DfR88OSgma8Te3tGW2YWvGLLv56q7GDVjlTcv3+rMfJI0AOPaF1jiPJGMwSTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULhEEjsjVl+vvwKEBM/1CBlw4frQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk4ODMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhi3
MA0GCSqGSIb3DQEBCwUAA4IBAQBbcDwhzOJXmXmBUQIkB8gpdOUgpe1F0omF0Ygo
PQ+d16oH3tLMIvVe3dg736zhECPatMvqOd4gGW64Q67JU/tb1FuYiw/ieFlZE2aR
TKTo4nVj/thwSWer9UKsHcjxgaC9gD6PcHNbfT8Xe04UsDTuvBVlCodh0WUwwGVz
DWauIXn+XnPFv7/nv8jCcwo3F/Z58wBQufpsW0YoDViAT+Csopg5OQ8Fqf4jA73M
kShtlm6cVlHK456izItzycns7Wxmo6gaiCFR0xwkX591VU39d90YcDy8qrNn/KZM
C0HWI1CpOpffnaa5ZIsKweOGaG+pxNmFXukfpf6qv7OvBGct
-----END CERTIFICATE-----