Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS197196.roa
File:                     AS197196.roa (raw, json)
Hash identifier:          JZhiT+5XgmjfVFyv5l+98Q3waiCGAyhauIEMXfG8xuw=
Subject key identifier:   74:9E:84:A8:05:BE:BF:9B:42:17:B8:67:3E:4E:9E:AD:82:CE:33:E8
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1B1AE31C6CCF954113A62EF861D1CD48DDA64CBE
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS197196.roa
Signing time:             Fri 12 Jun 2026 14:09:33 +0000
ROA not before:           Fri 12 Jun 2026 14:04:33 +0000
ROA not after:            Fri 11 Jun 2027 14:09:33 +0000
asID:                     197196
IP address blocks:        193.142.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:1a:e3:1c:6c:cf:95:41:13:a6:2e:f8:61:d1:cd:48:dd:a6:4c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 12 14:04:33 2026 GMT
            Not After : Jun 11 14:09:33 2027 GMT
        Subject: CN=749E84A805BEBF9B4217B8673E4E9EAD82CE33E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:e9:d2:63:31:9b:f7:2c:9e:6f:b7:53:75:79:
                    74:dd:61:0e:33:ee:3c:78:e1:de:19:91:62:0c:83:
                    cd:1e:19:bc:af:68:eb:6a:a0:9f:03:af:af:18:2e:
                    8e:23:d8:e2:99:31:9d:9b:0c:3c:e0:b7:38:3c:ff:
                    9c:84:41:45:78:55:93:f6:57:ac:b7:93:1d:20:9d:
                    30:68:ea:cc:0b:fc:9b:b5:d9:9d:3b:e2:06:32:69:
                    54:b1:79:91:e1:e1:6d:e8:dd:98:10:65:a2:d6:b5:
                    bc:ab:1d:5e:ff:25:58:56:fb:44:c6:77:83:03:89:
                    f9:bb:6b:80:a2:49:f9:8b:bd:68:a7:7a:70:38:5a:
                    4e:da:38:c8:f1:97:d5:77:ff:02:c7:b8:ed:27:29:
                    bb:32:ba:0a:9e:39:f4:2a:07:19:d4:1a:ff:09:00:
                    a4:11:22:1e:65:37:d3:ca:9f:79:3b:8a:84:39:a4:
                    27:08:61:aa:6a:b2:cd:30:a6:79:7a:64:2e:b4:b5:
                    b2:5e:d2:93:18:7c:d9:07:a6:02:af:97:c1:72:e4:
                    55:b6:a7:3a:65:3e:31:6e:09:47:ae:ae:7d:5e:12:
                    7b:0f:12:da:b1:06:7f:27:1a:2d:89:c7:db:b0:56:
                    57:2f:cf:ac:8b:51:9d:8b:5a:bc:70:26:d3:db:22:
                    36:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:9E:84:A8:05:BE:BF:9B:42:17:B8:67:3E:4E:9E:AD:82:CE:33:E8
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS197196.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:0f:cf:16:eb:18:f1:ce:00:26:a0:58:dc:8a:33:f5:c2:76:
         6c:99:18:c7:50:39:61:e9:4e:35:72:a6:c2:49:1f:c8:6c:d8:
         af:6f:b1:bf:ff:fe:55:86:00:fa:b2:9c:c0:7a:b3:05:01:78:
         b4:8d:14:da:72:6c:86:79:e4:30:42:0c:33:f2:f1:21:6b:12:
         fe:9e:74:8d:43:61:88:04:9d:90:cf:18:c6:4f:da:59:76:16:
         44:89:3d:d9:d2:15:25:05:c9:d4:a0:f4:41:0e:7d:02:d8:57:
         5e:07:2a:c3:3d:a3:a2:f4:1e:40:11:7e:72:4f:94:86:5e:e2:
         ed:53:81:db:c7:32:ba:4e:b4:9d:7d:05:94:98:44:25:af:a5:
         9b:31:09:de:1f:4c:c8:8d:4b:b3:7c:d2:e6:95:82:54:43:b7:
         58:ca:29:6b:d5:f2:cb:4b:51:0b:6e:c1:e3:af:79:16:0d:3f:
         d1:6f:44:ec:82:64:56:ae:ca:2b:c9:47:1b:9a:c0:ec:34:92:
         47:d5:49:02:8e:dd:93:82:40:bf:0e:b0:fd:ce:64:ba:8d:eb:
         73:ea:ab:16:e9:93:d8:38:0b:0c:3a:3f:e5:64:85:16:33:fa:
         ed:8d:a4:46:72:2f:a8:39:f4:0a:ab:16:45:c6:a4:d6:38:0b:
         d0:b5:50:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGxrjHGzPlUETpi74YdHNSN2mTL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MTIxNDA0MzNaFw0yNzA2MTExNDA5MzNaMDMxMTAvBgNV
BAMTKDc0OUU4NEE4MDVCRUJGOUI0MjE3Qjg2NzNFNEU5RUFEODJDRTMzRTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD46dJjMZv3LJ5vt1N1eXTdYQ4z
7jx44d4ZkWIMg80eGbyvaOtqoJ8Dr68YLo4j2OKZMZ2bDDzgtzg8/5yEQUV4VZP2
V6y3kx0gnTBo6swL/Ju12Z074gYyaVSxeZHh4W3o3ZgQZaLWtbyrHV7/JVhW+0TG
d4MDifm7a4CiSfmLvWinenA4Wk7aOMjxl9V3/wLHuO0nKbsyugqeOfQqBxnUGv8J
AKQRIh5lN9PKn3k7ioQ5pCcIYapqss0wpnl6ZC60tbJe0pMYfNkHpgKvl8Fy5FW2
pzplPjFuCUeurn1eEnsPEtqxBn8nGi2Jx9uwVlcvz6yLUZ2LWrxwJtPbIjbVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdJ6EqAW+v5tCF7hnPk6erYLOM+gwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTk3MTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY4S
MA0GCSqGSIb3DQEBCwUAA4IBAQATD88W6xjxzgAmoFjcijP1wnZsmRjHUDlh6U41
cqbCSR/IbNivb7G///5VhgD6spzAerMFAXi0jRTacmyGeeQwQgwz8vEhaxL+nnSN
Q2GIBJ2QzxjGT9pZdhZEiT3Z0hUlBcnUoPRBDn0C2FdeByrDPaOi9B5AEX5yT5SG
XuLtU4HbxzK6TrSdfQWUmEQlr6WbMQneH0zIjUuzfNLmlYJUQ7dYyilr1fLLS1EL
bsHjr3kWDT/Rb0TsgmRWrsoryUcbmsDsNJJH1UkCjt2TgkC/DrD9zmS6jetz6qsW
6ZPYOAsMOj/lZIUWM/rtjaRGci+oOfQKqxZFxqTWOAvQtVCa
-----END CERTIFICATE-----