Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          M2nEWA5x3QlbkM6ldWu7nW1vGmjnFX8Jr/ugQit2maA=
Subject key identifier:   BE:4F:F3:D3:CD:ED:90:E5:97:95:90:89:C0:38:B1:FE:F0:1F:63:28
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4018133066D6901CC31B1EDB8003B9188CAC6D3B
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS25198.roa
Signing time:             Wed 10 Jun 2026 10:09:10 +0000
ROA not before:           Wed 10 Jun 2026 10:04:10 +0000
ROA not after:            Wed 09 Jun 2027 10:09:10 +0000
asID:                     25198
IP address blocks:        193.142.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:18:13:30:66:d6:90:1c:c3:1b:1e:db:80:03:b9:18:8c:ac:6d:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 10 10:04:10 2026 GMT
            Not After : Jun  9 10:09:10 2027 GMT
        Subject: CN=BE4FF3D3CDED90E597959089C038B1FEF01F6328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7e:b7:a8:2d:b0:5e:fb:c2:98:c5:32:44:4a:
                    62:2b:8a:f5:fb:eb:26:3b:9c:19:db:5d:8c:b8:b0:
                    20:54:94:9f:dc:96:34:9c:08:08:bd:73:51:7b:53:
                    ae:db:4c:88:ae:d8:d1:8f:7e:da:27:a0:f4:db:3e:
                    61:14:ce:7d:98:01:4f:7e:84:1a:6d:78:2e:9b:52:
                    cd:1a:e6:66:e0:18:e0:7e:44:58:2d:9b:fe:81:f3:
                    8e:3c:2e:e6:14:3b:cb:3f:e8:4a:ea:ff:ac:ef:00:
                    c1:e4:74:09:19:21:57:19:df:48:b8:00:d3:5b:fb:
                    5a:d0:05:f3:f6:f1:04:36:52:ae:d1:86:1e:ef:cc:
                    b4:17:fb:f0:1d:3a:23:83:6a:d3:e7:00:78:63:c5:
                    dc:70:6d:86:41:31:17:15:14:8e:78:09:0e:a5:67:
                    90:8f:7a:62:46:96:7f:9e:f3:79:23:ec:5d:15:79:
                    52:3d:3d:53:a5:45:be:0b:82:3e:7f:fe:c3:6f:f1:
                    44:b5:28:15:6d:f0:c8:8e:ac:3b:e8:d1:5a:84:31:
                    0b:6c:cd:6f:c4:e7:b5:b5:f4:80:52:d4:e1:da:4f:
                    ac:e1:ea:3c:71:de:6a:40:a1:25:bb:27:74:53:7c:
                    c2:cb:ec:97:e6:c0:ca:d6:43:24:b9:e8:58:dc:36:
                    85:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4F:F3:D3:CD:ED:90:E5:97:95:90:89:C0:38:B1:FE:F0:1F:63:28
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:0d:61:a8:1d:df:b0:46:88:6c:35:91:eb:81:7b:5e:ed:d8:
         16:00:c6:de:ae:91:80:d1:37:d6:4f:65:42:3e:5f:6d:ef:7b:
         de:72:5f:27:3d:87:7f:6f:18:6c:27:d8:d7:88:1b:30:4f:55:
         9b:ba:43:85:84:75:f2:29:e2:93:ee:f9:eb:2d:0e:1a:c8:be:
         77:7f:94:b9:a1:9d:49:6d:12:e2:d1:c1:3c:a4:18:7c:70:4d:
         3b:ef:6e:62:ec:80:6d:c9:9c:e5:4f:e2:9a:ef:df:19:0a:9a:
         cf:d0:d5:7c:51:4a:6c:16:60:74:47:ca:3f:8b:ee:07:c7:2a:
         38:ad:eb:8d:be:a1:3f:1c:17:21:a8:3d:5e:0d:60:dd:9b:b2:
         fb:50:c3:91:31:05:44:f8:ea:ba:c6:fb:e0:b3:ff:ec:ae:09:
         87:d7:b8:fe:f1:27:6f:98:ba:84:96:af:2a:64:3f:39:27:12:
         a3:a3:8f:f2:c7:c7:e2:2d:81:ef:35:b7:8d:10:7b:3d:8a:7e:
         8c:63:d7:54:09:d8:79:07:a8:38:35:88:e3:a5:18:63:8e:61:
         6e:82:36:d3:07:22:e0:e7:b0:c9:bb:10:24:cf:bb:e8:b6:06:
         e8:f7:ed:27:32:aa:42:f9:4f:37:81:3b:07:70:9d:b5:6d:a5:
         00:d7:ad:e8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQBgTMGbWkBzDGx7bgAO5GIysbTswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MTAxMDA0MTBaFw0yNzA2MDkxMDA5MTBaMDMxMTAvBgNV
BAMTKEJFNEZGM0QzQ0RFRDkwRTU5Nzk1OTA4OUMwMzhCMUZFRjAxRjYzMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2freoLbBe+8KYxTJESmIrivX7
6yY7nBnbXYy4sCBUlJ/cljScCAi9c1F7U67bTIiu2NGPftonoPTbPmEUzn2YAU9+
hBpteC6bUs0a5mbgGOB+RFgtm/6B8448LuYUO8s/6Erq/6zvAMHkdAkZIVcZ30i4
ANNb+1rQBfP28QQ2Uq7Rhh7vzLQX+/AdOiODatPnAHhjxdxwbYZBMRcVFI54CQ6l
Z5CPemJGln+e83kj7F0VeVI9PVOlRb4Lgj5//sNv8US1KBVt8MiOrDvo0VqEMQts
zW/E57W19IBS1OHaT6zh6jxx3mpAoSW7J3RTfMLL7JfmwMrWQyS56FjcNoUjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUvk/z083tkOWXlZCJwDix/vAfYygwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBjgQw
DQYJKoZIhvcNAQELBQADggEBALwNYagd37BGiGw1keuBe17t2BYAxt6ukYDRN9ZP
ZUI+X23ve95yXyc9h39vGGwn2NeIGzBPVZu6Q4WEdfIp4pPu+estDhrIvnd/lLmh
nUltEuLRwTykGHxwTTvvbmLsgG3JnOVP4prv3xkKms/Q1XxRSmwWYHRHyj+L7gfH
Kjit642+oT8cFyGoPV4NYN2bsvtQw5ExBUT46rrG++Cz/+yuCYfXuP7xJ2+YuoSW
rypkPzknEqOjj/LHx+Itge81t40Qez2Kfoxj11QJ2HkHqDg1iOOlGGOOYW6CNtMH
IuDnsMm7ECTPu+i2Buj37ScyqkL5TzeBOwdwnbVtpQDXreg=
-----END CERTIFICATE-----