Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199986.roa
File:                     AS199986.roa (raw, json)
Hash identifier:          6vZTCUPzbQpGIlZxtIK1zphl/n+nMp85cIxx5SshHg0=
Subject key identifier:   47:65:21:89:1E:8F:EB:13:5F:1B:BA:CF:3E:C7:78:9E:E2:1E:9C:B7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       52CE419F55E8966B9C2FD92EA4AA4D60263B2D9A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199986.roa
Signing time:             Mon 30 Mar 2026 06:38:48 +0000
ROA not before:           Mon 30 Mar 2026 06:33:48 +0000
ROA not after:            Mon 29 Mar 2027 06:38:48 +0000
asID:                     199986
IP address blocks:        82.41.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:ce:41:9f:55:e8:96:6b:9c:2f:d9:2e:a4:aa:4d:60:26:3b:2d:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 30 06:33:48 2026 GMT
            Not After : Mar 29 06:38:48 2027 GMT
        Subject: CN=476521891E8FEB135F1BBACF3EC7789EE21E9CB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:00:4b:6d:b8:5c:3e:34:ef:52:0c:6a:e8:5c:
                    7b:01:ce:c7:29:8d:a6:14:85:d6:52:e0:64:66:c6:
                    ec:49:23:91:fa:e6:ed:0b:8f:f3:03:9f:1b:50:23:
                    c1:58:c4:94:c6:1d:cb:85:1f:7b:65:42:c1:38:d1:
                    08:19:cd:17:e4:11:d0:9a:fc:21:2f:3b:70:16:80:
                    3d:69:65:13:a7:f4:fb:7b:10:3e:79:9f:c7:e7:cb:
                    cf:8b:99:09:0d:42:44:36:11:96:4a:8a:c6:0a:a9:
                    47:3b:c1:94:c7:c2:62:0b:26:9a:06:63:8d:20:06:
                    da:50:34:01:60:9b:17:1b:94:bc:60:0b:f7:08:d5:
                    89:37:b2:d0:e2:36:0b:b0:69:c2:5d:d5:31:97:99:
                    7c:5b:98:80:ed:7a:fe:92:31:0a:ec:f8:6e:08:99:
                    e1:22:55:cb:bd:a1:8c:4c:b7:64:4b:d0:f2:22:cb:
                    84:77:9a:05:5c:5d:2f:8f:47:9d:e2:05:0f:f2:0a:
                    7f:73:a3:a3:ad:42:c4:7f:ac:46:9e:3f:48:a9:e2:
                    39:a6:83:f8:90:47:38:b3:68:c4:c6:9b:22:ae:53:
                    7c:19:5d:9a:d4:6e:bf:df:a9:24:6b:7f:52:d2:0d:
                    64:9c:57:fa:a8:eb:d6:10:55:00:30:32:db:aa:ce:
                    3e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:65:21:89:1E:8F:EB:13:5F:1B:BA:CF:3E:C7:78:9E:E2:1E:9C:B7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199986.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:d8:d6:d9:09:60:0e:62:98:00:5a:ba:78:95:99:41:2d:31:
         5e:da:aa:d7:33:fc:c6:21:05:5c:29:73:9a:7e:22:f0:db:cf:
         7e:c8:53:99:33:bf:cc:7a:f5:3f:aa:19:e8:15:5b:39:3e:d6:
         c3:fb:f0:83:34:cf:bf:1c:02:1a:42:10:ad:f1:fc:d1:d4:fa:
         4f:d0:0a:de:28:89:c8:80:f1:22:18:81:16:8a:fb:3c:ca:71:
         e5:f5:7d:b2:d4:46:0d:71:b0:b4:66:92:a1:8c:54:7c:4c:f8:
         7d:93:f9:1c:40:a2:c8:1d:2a:5d:ce:5f:6c:60:5d:0b:62:f1:
         82:df:0a:0a:5e:5c:29:47:08:68:ab:ea:21:38:47:f3:97:49:
         96:37:1b:d5:fc:7a:48:e9:20:95:2f:92:40:b7:d5:ee:49:3d:
         73:34:8b:ba:8c:16:d0:86:7b:09:17:84:b7:6d:60:e6:c5:82:
         a0:00:0f:75:3b:00:09:32:e6:bf:23:a0:4d:a5:5a:b9:06:05:
         fd:16:78:70:e9:a1:44:99:b0:45:fc:ee:2b:8e:d5:00:99:dc:
         b6:f4:42:4b:c7:2b:08:1d:ab:12:e2:02:1c:25:02:db:46:df:
         3b:b5:71:70:c7:3f:d9:6c:1f:a8:11:06:fe:11:a9:24:68:54:
         2b:ff:11:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUs5Bn1XolmucL9kupKpNYCY7LZowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMzAwNjMzNDhaFw0yNzAzMjkwNjM4NDhaMDMxMTAvBgNV
BAMTKDQ3NjUyMTg5MUU4RkVCMTM1RjFCQkFDRjNFQzc3ODlFRTIxRTlDQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcAEttuFw+NO9SDGroXHsBzscp
jaYUhdZS4GRmxuxJI5H65u0Lj/MDnxtQI8FYxJTGHcuFH3tlQsE40QgZzRfkEdCa
/CEvO3AWgD1pZROn9Pt7ED55n8fny8+LmQkNQkQ2EZZKisYKqUc7wZTHwmILJpoG
Y40gBtpQNAFgmxcblLxgC/cI1Yk3stDiNguwacJd1TGXmXxbmIDtev6SMQrs+G4I
meEiVcu9oYxMt2RL0PIiy4R3mgVcXS+PR53iBQ/yCn9zo6OtQsR/rEaeP0ip4jmm
g/iQRzizaMTGmyKuU3wZXZrUbr/fqSRrf1LSDWScV/qo69YQVQAwMtuqzj6dAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUR2UhiR6P6xNfG7rPPsd4nuIenLcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk5OTg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUika
MA0GCSqGSIb3DQEBCwUAA4IBAQAX2NbZCWAOYpgAWrp4lZlBLTFe2qrXM/zGIQVc
KXOafiLw289+yFOZM7/MevU/qhnoFVs5PtbD+/CDNM+/HAIaQhCt8fzR1PpP0Are
KInIgPEiGIEWivs8ynHl9X2y1EYNcbC0ZpKhjFR8TPh9k/kcQKLIHSpdzl9sYF0L
YvGC3woKXlwpRwhoq+ohOEfzl0mWNxvV/HpI6SCVL5JAt9XuST1zNIu6jBbQhnsJ
F4S3bWDmxYKgAA91OwAJMua/I6BNpVq5BgX9Fnhw6aFEmbBF/O4rjtUAmdy29EJL
xysIHasS4gIcJQLbRt87tXFwxz/ZbB+oEQb+EakkaFQr/xHx
-----END CERTIFICATE-----