Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199626.roa
File:                     AS199626.roa (raw, json)
Hash identifier:          DV5natku+z73xqPmw+A/1VqYs9FMKmy4muDsvuet1nY=
Subject key identifier:   4D:94:94:40:35:1E:63:30:D5:E3:9D:EE:00:E7:BD:19:69:65:3E:81
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6F156873BEF97EB43233FDCBC98880E666D0A783
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199626.roa
Signing time:             Tue 31 Mar 2026 12:16:45 +0000
ROA not before:           Tue 31 Mar 2026 12:11:45 +0000
ROA not after:            Tue 30 Mar 2027 12:16:45 +0000
asID:                     199626
IP address blocks:        2a13:9500:15a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:15:68:73:be:f9:7e:b4:32:33:fd:cb:c9:88:80:e6:66:d0:a7:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 31 12:11:45 2026 GMT
            Not After : Mar 30 12:16:45 2027 GMT
        Subject: CN=4D949440351E6330D5E39DEE00E7BD1969653E81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:70:34:52:a7:73:d4:71:47:d9:d4:82:f2:df:
                    f0:f3:83:e1:96:90:55:e7:02:f9:f0:d2:a9:d2:65:
                    4a:dc:46:cb:7a:ed:07:6a:b5:21:fe:e2:be:67:c2:
                    ab:59:54:51:f1:77:fd:0c:13:e4:10:07:5d:30:38:
                    3e:2d:04:53:fb:8c:11:f0:ff:67:a8:5f:d0:08:2a:
                    39:3d:63:00:4e:4b:e2:06:1c:df:85:3e:28:e5:4d:
                    ca:9e:b8:d1:09:e0:0a:92:97:e8:a8:7e:72:15:24:
                    91:52:c5:2b:d9:24:44:76:bf:ba:35:0b:2a:0a:75:
                    9e:19:74:7d:be:53:33:b7:69:84:27:5e:6d:08:92:
                    02:92:fb:0c:63:57:aa:ae:a9:05:6f:e7:a3:78:05:
                    1f:f6:ec:7b:06:40:71:a6:1d:a9:40:b2:55:32:d1:
                    73:f2:30:f9:20:51:13:e3:18:00:e1:d6:3c:ed:cb:
                    19:8f:b5:d5:ef:18:11:39:4d:4a:31:fc:4a:d6:8a:
                    db:17:84:e3:64:b5:70:cd:dc:75:c6:db:07:52:74:
                    29:12:1c:17:25:ce:12:dd:7d:72:6c:85:b9:b4:66:
                    43:f9:0e:fd:64:f7:34:f4:4d:cd:c7:32:7e:18:df:
                    fe:9d:75:99:73:e9:88:65:32:9e:b1:b0:05:59:24:
                    3d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:94:94:40:35:1E:63:30:D5:E3:9D:EE:00:E7:BD:19:69:65:3E:81
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199626.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:15a::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:e6:da:66:8a:6f:22:41:6f:6c:44:8c:ab:19:3f:3f:00:76:
         8c:a1:c3:f5:7f:fb:f4:d0:5d:e1:c0:33:f5:5f:0d:e1:b0:7c:
         80:d4:82:dd:ac:9c:d5:77:42:fb:4b:ca:9d:7c:d1:0f:69:7d:
         f2:a2:3f:c4:d6:c4:3d:d1:b8:ef:6f:a7:9e:4a:b5:db:44:b9:
         f2:92:08:d3:5c:58:c8:03:54:5f:2e:2f:09:0e:e8:27:17:da:
         cf:bd:d8:02:df:06:a7:c0:71:1e:20:d5:b8:3a:4f:46:3a:f8:
         43:e6:8a:ca:03:82:38:67:f8:21:e8:5a:c8:60:39:47:99:50:
         41:25:5e:36:10:23:79:10:d0:0d:79:71:cd:3b:ac:d5:df:b8:
         94:02:66:00:93:ed:c7:55:c6:74:f0:ea:2c:e1:42:10:4e:20:
         dc:0b:92:39:fe:f7:a8:30:34:38:58:96:b6:4a:00:d8:38:f8:
         71:d8:9f:c2:0e:4b:78:58:6f:0b:9d:b6:51:22:0d:12:72:d0:
         e1:73:32:cb:44:3c:93:31:62:79:14:00:8a:df:b5:a7:72:67:
         31:76:dd:54:a5:c9:c1:22:44:97:51:a9:cd:fd:cf:19:e6:1b:
         1b:51:db:3b:0c:13:6f:0a:f0:4a:bb:1a:c9:6a:6c:48:c9:65:
         2e:46:96:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbxVoc775frQyM/3LyYiA5mbQp4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMzExMjExNDVaFw0yNzAzMzAxMjE2NDVaMDMxMTAvBgNV
BAMTKDREOTQ5NDQwMzUxRTYzMzBENUUzOURFRTAwRTdCRDE5Njk2NTNFODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4cDRSp3PUcUfZ1ILy3/Dzg+GW
kFXnAvnw0qnSZUrcRst67QdqtSH+4r5nwqtZVFHxd/0ME+QQB10wOD4tBFP7jBHw
/2eoX9AIKjk9YwBOS+IGHN+FPijlTcqeuNEJ4AqSl+iofnIVJJFSxSvZJER2v7o1
CyoKdZ4ZdH2+UzO3aYQnXm0IkgKS+wxjV6quqQVv56N4BR/27HsGQHGmHalAslUy
0XPyMPkgURPjGADh1jztyxmPtdXvGBE5TUox/ErWitsXhONktXDN3HXG2wdSdCkS
HBclzhLdfXJshbm0ZkP5Dv1k9zT0Tc3HMn4Y3/6ddZlz6YhlMp6xsAVZJD1hAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUTZSUQDUeYzDV453uAOe9GWllPoEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk5NjI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFaMA0GCSqGSIb3DQEBCwUAA4IBAQBZ5tpmim8iQW9sRIyrGT8/AHaMocP1f/v0
0F3hwDP1Xw3hsHyA1ILdrJzVd0L7S8qdfNEPaX3yoj/E1sQ90bjvb6eeSrXbRLny
kgjTXFjIA1RfLi8JDugnF9rPvdgC3wanwHEeINW4Ok9GOvhD5orKA4I4Z/gh6FrI
YDlHmVBBJV42ECN5ENANeXHNO6zV37iUAmYAk+3HVcZ08Oos4UIQTiDcC5I5/veo
MDQ4WJa2SgDYOPhx2J/CDkt4WG8LnbZRIg0SctDhczLLRDyTMWJ5FACK37Wncmcx
dt1UpcnBIkSXUanN/c8Z5hsbUds7DBNvCvBKuxrJamxIyWUuRpbm
-----END CERTIFICATE-----