Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          /D0mNf1ersNvpedBDNtQWqqB21UW/VmAnzav3etUQts=
Subject key identifier:   32:64:05:0E:E4:AF:F1:72:43:45:9F:04:63:6A:DC:6E:8A:20:C3:33
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3CEAE4F2665F691FC9889F65C4624ED9DD07009D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
Signing time:             Wed 10 Jun 2026 06:08:30 +0000
ROA not before:           Wed 10 Jun 2026 06:03:30 +0000
ROA not after:            Wed 09 Jun 2027 06:08:30 +0000
asID:                     25198
IP address blocks:        82.47.51.0/24 maxlen: 24
                          178.83.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ea:e4:f2:66:5f:69:1f:c9:88:9f:65:c4:62:4e:d9:dd:07:00:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 10 06:03:30 2026 GMT
            Not After : Jun  9 06:08:30 2027 GMT
        Subject: CN=3264050EE4AFF17243459F04636ADC6E8A20C333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:83:be:87:23:1e:13:40:ce:1a:a2:94:54:9c:
                    1c:d9:6b:43:cd:f6:fe:0a:5d:19:24:31:25:1c:fd:
                    0a:94:63:5f:64:a3:3e:0d:ff:69:3a:68:61:d9:c3:
                    26:c1:c9:97:b1:cd:bc:62:5b:8c:a1:e1:8a:86:9a:
                    2e:63:c5:70:34:a7:b1:4f:70:b3:c3:e7:b3:96:e2:
                    ac:57:fd:e2:d5:d4:4e:d4:5e:98:eb:ec:42:78:74:
                    02:df:2c:44:f3:bb:98:b6:d6:f7:3d:13:44:c5:12:
                    77:2d:eb:c7:95:21:79:9a:04:8c:da:68:03:cc:06:
                    11:03:c9:30:93:6d:9c:b1:44:c4:da:21:26:89:bc:
                    27:5c:27:b8:c1:45:07:f2:a4:7b:fc:fa:89:e9:d1:
                    50:ce:78:64:e8:2b:73:7a:83:30:83:44:9c:11:17:
                    7e:08:97:2b:0b:f8:0a:56:be:5f:d3:e9:f8:ee:9c:
                    d6:c6:62:73:57:2d:39:65:81:0a:57:dd:22:51:fb:
                    62:27:f3:24:24:3f:cb:c7:71:83:8f:ac:bb:91:8b:
                    2b:73:88:88:c2:14:8a:66:ec:57:af:e0:c8:12:84:
                    41:4c:30:50:2d:fb:2a:53:5b:ce:97:ce:c8:cd:8f:
                    10:19:53:e5:59:85:ac:3c:a3:df:13:c8:d1:58:3f:
                    44:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:64:05:0E:E4:AF:F1:72:43:45:9F:04:63:6A:DC:6E:8A:20:C3:33
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.51.0/24
                  178.83.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:3b:dc:dc:fc:d7:e7:7d:e1:f3:b3:d2:bb:a7:eb:b2:8f:57:
         c8:c0:92:19:8c:cc:88:84:b8:07:2e:79:d3:04:b5:2f:68:29:
         6d:45:b1:39:b3:a5:0e:a3:eb:24:d9:a7:32:f9:b4:ef:44:4a:
         92:9b:84:f1:2a:73:be:c4:23:fb:fc:a1:f3:e1:0e:47:00:f7:
         81:c3:fc:b4:bc:d3:de:bb:22:f7:13:ae:33:6f:dc:73:2c:e9:
         d7:ff:f2:34:6a:cf:bd:9c:93:8b:ee:fa:75:e6:29:a7:9c:2d:
         b8:b7:7c:e6:da:8f:8f:bd:1e:0a:0d:b6:62:42:f9:39:13:c6:
         11:63:bb:92:ba:ae:e2:09:5b:70:53:21:4a:92:60:31:80:19:
         e3:d6:23:e9:d6:8d:91:ef:83:b3:72:94:0a:53:90:dc:3b:a3:
         97:dc:bc:a2:92:d0:32:aa:61:c4:12:1d:b0:b3:88:74:1a:a3:
         f9:73:d5:5c:ef:93:07:0b:21:12:5e:1a:82:7c:ad:fd:eb:36:
         1a:0f:ca:9e:45:c2:ad:7e:eb:3e:0e:b2:99:18:11:e2:15:32:
         18:4e:17:ae:aa:24:08:62:f3:42:65:ec:3c:c8:24:50:4a:07:
         c7:ca:8d:36:18:be:59:07:88:98:e4:79:c2:e0:1c:dd:ce:f7:
         70:8c:04:9b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUPOrk8mZfaR/JiJ9lxGJO2d0HAJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MTAwNjAzMzBaFw0yNzA2MDkwNjA4MzBaMDMxMTAvBgNV
BAMTKDMyNjQwNTBFRTRBRkYxNzI0MzQ1OUYwNDYzNkFEQzZFOEEyMEMzMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHg76HIx4TQM4aopRUnBzZa0PN
9v4KXRkkMSUc/QqUY19koz4N/2k6aGHZwybByZexzbxiW4yh4YqGmi5jxXA0p7FP
cLPD57OW4qxX/eLV1E7UXpjr7EJ4dALfLETzu5i21vc9E0TFEnct68eVIXmaBIza
aAPMBhEDyTCTbZyxRMTaISaJvCdcJ7jBRQfypHv8+onp0VDOeGToK3N6gzCDRJwR
F34IlysL+ApWvl/T6fjunNbGYnNXLTllgQpX3SJR+2In8yQkP8vHcYOPrLuRiytz
iIjCFIpm7Fev4MgShEFMMFAt+ypTW86XzsjNjxAZU+VZhaw8o98TyNFYP0SXAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUMmQFDuSv8XJDRZ8EY2rcboogwzMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSLzMD
BACyU50wDQYJKoZIhvcNAQELBQADggEBAA473Nz81+d94fOz0run67KPV8jAkhmM
zIiEuAcuedMEtS9oKW1FsTmzpQ6j6yTZpzL5tO9ESpKbhPEqc77EI/v8ofPhDkcA
94HD/LS80967IvcTrjNv3HMs6df/8jRqz72ck4vu+nXmKaecLbi3fObaj4+9HgoN
tmJC+TkTxhFju5K6ruIJW3BTIUqSYDGAGePWI+nWjZHvg7NylApTkNw7o5fcvKKS
0DKqYcQSHbCziHQao/lz1VzvkwcLIRJeGoJ8rf3rNhoPyp5Fwq1+6z4OspkYEeIV
MhhOF66qJAhi80Jl7DzIJFBKB8fKjTYYvlkHiJjkecLgHN3O93CMBJs=
-----END CERTIFICATE-----