Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199550.roa
File:                     AS199550.roa (raw, json)
Hash identifier:          BY2KOoBv5W7e09DG7XxjoUVIf1U2KoTlTS55AOV9FOE=
Subject key identifier:   18:6E:B1:5C:24:6A:9F:A5:CB:F9:79:CB:0C:D7:AC:00:E5:1E:8E:E0
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       415A90FF517BA5D2E06D9CFD524064C7ECA0165C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199550.roa
Signing time:             Wed 10 Jun 2026 10:33:26 +0000
ROA not before:           Wed 10 Jun 2026 10:28:26 +0000
ROA not after:            Wed 09 Jun 2027 10:33:26 +0000
asID:                     199550
IP address blocks:        91.206.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:5a:90:ff:51:7b:a5:d2:e0:6d:9c:fd:52:40:64:c7:ec:a0:16:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 10 10:28:26 2026 GMT
            Not After : Jun  9 10:33:26 2027 GMT
        Subject: CN=186EB15C246A9FA5CBF979CB0CD7AC00E51E8EE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a6:7f:9b:58:76:55:b9:c3:ce:15:ad:a2:23:
                    3e:2e:16:63:1e:b8:f7:10:3f:0b:44:4c:4a:b5:8b:
                    ae:a3:3a:87:ce:94:b4:fa:f1:61:22:af:72:d5:f8:
                    9d:73:dc:eb:4e:55:21:34:7a:1e:e4:ec:88:da:93:
                    08:53:39:88:10:dd:ec:df:40:60:a1:be:b7:a8:75:
                    d1:36:19:f1:f7:5f:4a:eb:c8:33:2f:83:c0:a8:78:
                    bb:ec:3d:3c:0d:65:a1:30:bb:7b:06:9a:79:fe:38:
                    01:81:11:d3:a2:23:04:45:e5:ef:61:f4:9a:ab:fc:
                    1b:9d:71:1c:90:8d:39:44:8b:e5:e9:47:34:cc:7c:
                    51:e4:4e:59:90:48:ae:ad:7c:d3:65:6b:26:7f:dd:
                    32:15:6e:fc:17:b4:6b:25:30:c5:b4:24:a6:32:e1:
                    a5:fb:05:8c:ff:5b:fb:d5:dc:67:c4:87:f2:fe:d8:
                    0e:3c:f0:86:cf:87:31:2a:82:4d:7c:60:3a:a1:a8:
                    14:33:16:88:f4:27:14:d6:f0:48:62:88:b9:26:df:
                    77:d6:59:eb:43:87:f2:ec:74:34:f5:59:bb:12:9a:
                    f8:13:6a:f8:ac:34:e4:22:d5:e5:46:b1:a5:1f:21:
                    d2:ff:2e:c1:68:f0:2d:2e:f3:0d:d4:90:d6:32:a9:
                    da:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:6E:B1:5C:24:6A:9F:A5:CB:F9:79:CB:0C:D7:AC:00:E5:1E:8E:E0
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS199550.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:40:96:7e:fe:1b:90:ac:f7:5d:c4:09:08:7d:f1:10:f8:ef:
         24:c0:68:d3:bf:f6:f9:bb:0a:1e:8f:4f:3b:0c:42:e9:dc:8d:
         59:5c:6f:b2:b3:b2:0a:25:b5:7a:bd:e6:73:85:64:c9:cb:49:
         9d:6c:0e:f5:d0:ce:fe:7f:e3:24:f2:76:55:1d:7b:c1:a3:c8:
         70:e2:da:04:26:56:3e:3a:db:7a:48:af:5c:d4:28:6e:da:9c:
         2a:6e:9b:cf:04:ff:69:6c:3e:65:93:d3:fc:e4:25:99:4d:6f:
         15:ed:2d:9e:79:65:c6:f0:3d:b8:17:6f:41:d2:96:54:24:c0:
         30:39:7c:e4:8a:c0:fb:64:b4:7c:47:3c:23:0d:52:c4:01:e0:
         8d:93:1a:00:17:2b:01:1a:8e:ff:92:3a:cd:64:57:2a:a4:a7:
         ff:0f:83:56:dd:5c:9a:91:98:c9:75:81:02:01:db:b4:04:ee:
         52:95:b5:b1:87:60:7a:30:9a:4d:b5:68:6c:a7:7a:3a:39:08:
         10:e7:2b:1b:f3:c6:07:19:ae:3c:39:f4:8e:20:da:63:9e:88:
         c5:05:e8:87:05:1d:8e:c3:f5:36:7b:f8:76:de:79:53:2b:bc:
         35:0e:35:a9:28:73:59:c5:b3:7e:61:e6:38:2a:85:27:e9:1b:
         94:91:b9:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQVqQ/1F7pdLgbZz9UkBkx+ygFlwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MTAxMDI4MjZaFw0yNzA2MDkxMDMzMjZaMDMxMTAvBgNV
BAMTKDE4NkVCMTVDMjQ2QTlGQTVDQkY5NzlDQjBDRDdBQzAwRTUxRThFRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjpn+bWHZVucPOFa2iIz4uFmMe
uPcQPwtETEq1i66jOofOlLT68WEir3LV+J1z3OtOVSE0eh7k7IjakwhTOYgQ3ezf
QGChvreoddE2GfH3X0rryDMvg8CoeLvsPTwNZaEwu3sGmnn+OAGBEdOiIwRF5e9h
9Jqr/BudcRyQjTlEi+XpRzTMfFHkTlmQSK6tfNNlayZ/3TIVbvwXtGslMMW0JKYy
4aX7BYz/W/vV3GfEh/L+2A488IbPhzEqgk18YDqhqBQzFoj0JxTW8EhiiLkm33fW
WetDh/LsdDT1WbsSmvgTavisNOQi1eVGsaUfIdL/LsFo8C0u8w3UkNYyqdoHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGG6xXCRqn6XL+XnLDNesAOUejuAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTk5NTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW84C
MA0GCSqGSIb3DQEBCwUAA4IBAQBNQJZ+/huQrPddxAkIffEQ+O8kwGjTv/b5uwoe
j087DELp3I1ZXG+ys7IKJbV6veZzhWTJy0mdbA710M7+f+Mk8nZVHXvBo8hw4toE
JlY+Ott6SK9c1Chu2pwqbpvPBP9pbD5lk9P85CWZTW8V7S2eeWXG8D24F29B0pZU
JMAwOXzkisD7ZLR8RzwjDVLEAeCNkxoAFysBGo7/kjrNZFcqpKf/D4NW3VyakZjJ
dYECAdu0BO5SlbWxh2B6MJpNtWhsp3o6OQgQ5ysb88YHGa48OfSOINpjnojFBeiH
BR2Ow/U2e/h23nlTK7w1DjWpKHNZxbN+YeY4KoUn6RuUkbny
-----END CERTIFICATE-----