Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS199241.roa
File:                     AS199241.roa (raw, json)
Hash identifier:          GNfwcAvcR6hidrEzH+r67zUwfrQhdjaCm0pzrZ7HWT0=
Subject key identifier:   3E:EE:CA:30:D5:9A:76:EC:64:5E:92:93:27:43:5C:9F:05:B6:3F:46
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       22D31996118E7A181CAF379C02D779CB3F9C81DF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS199241.roa
Signing time:             Tue 03 Feb 2026 18:08:21 +0000
ROA not before:           Tue 03 Feb 2026 18:03:21 +0000
ROA not after:            Tue 02 Feb 2027 18:08:21 +0000
asID:                     199241
IP address blocks:        2a0f:85c1:b71::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d3:19:96:11:8e:7a:18:1c:af:37:9c:02:d7:79:cb:3f:9c:81:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb  3 18:03:21 2026 GMT
            Not After : Feb  2 18:08:21 2027 GMT
        Subject: CN=3EEECA30D59A76EC645E929327435C9F05B63F46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0e:5e:a8:d5:1b:87:63:5e:b8:74:c0:fa:62:
                    e6:43:11:62:b1:43:c0:cd:b2:29:cb:f3:97:0d:80:
                    2e:6b:eb:c2:fb:ab:7e:58:32:b6:9e:e4:be:e2:78:
                    7f:ea:14:8d:71:0f:10:90:8f:77:c8:80:cb:e1:97:
                    a0:1d:21:c9:0e:41:2f:9b:33:56:3d:70:86:91:58:
                    8d:00:ec:4e:1b:95:49:23:c8:95:91:14:ab:81:5b:
                    55:d3:53:6e:81:b1:1d:7d:dc:cc:2b:e6:8a:52:13:
                    9a:92:d1:40:90:d7:b2:d1:35:77:d3:69:b4:4c:ea:
                    88:0f:d1:c6:35:7d:7d:12:20:b3:9d:13:a6:62:5f:
                    18:be:ff:fc:e6:54:87:88:e1:46:4d:6e:f7:77:60:
                    83:b3:5e:45:4a:57:80:15:ae:94:b8:4e:1e:e9:44:
                    ab:f0:ef:ec:80:54:0b:56:29:14:64:e3:76:49:df:
                    f2:fb:97:d0:6c:96:90:35:20:f3:1d:3c:2b:cd:91:
                    26:24:cd:89:f2:db:a8:45:7d:5b:3e:69:ff:c5:fa:
                    2a:8e:fc:5e:6a:8a:c3:2a:16:73:ca:53:b5:df:4b:
                    a1:95:86:9a:ee:2e:16:07:1c:38:ad:ed:38:11:45:
                    fe:5a:d2:d2:9e:c1:b1:50:d3:12:5a:cb:48:fc:5f:
                    8a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:EE:CA:30:D5:9A:76:EC:64:5E:92:93:27:43:5C:9F:05:B6:3F:46
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS199241.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b71::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:d7:79:14:67:f1:b0:4d:a2:1e:27:24:3e:ad:5c:cf:3f:f8:
         b1:bf:02:7b:cf:30:f8:9a:b9:eb:a3:06:4a:01:29:80:98:26:
         36:1f:0b:a9:6f:48:2d:f0:fa:cd:d6:6d:85:55:df:d9:88:45:
         92:8c:ce:ac:7f:d7:72:0a:bc:54:aa:bb:1d:0a:e6:e1:36:65:
         3f:72:3f:bc:54:dc:a5:d3:b6:36:82:88:79:e2:7d:71:3d:21:
         39:5f:ea:24:38:71:22:0b:ce:d3:3d:08:be:e4:65:9c:23:c0:
         ac:64:63:77:31:b6:25:c4:41:ef:38:4f:7b:d3:4b:28:87:ad:
         23:78:d3:0b:2d:67:61:d4:0e:f2:a3:7a:f6:0d:f4:8f:a0:49:
         12:fd:c2:f9:1f:be:96:bd:5c:9e:d8:03:c0:4b:26:21:b1:e9:
         ab:21:bf:e6:57:8d:05:81:de:d6:87:ab:81:f6:2e:43:a3:9d:
         dd:53:35:d2:31:27:86:80:8c:27:7c:75:22:99:4b:ce:68:28:
         4b:1b:01:a1:52:d9:75:5e:6e:67:95:9f:8b:ed:5e:9f:3c:e3:
         6f:87:3f:43:93:16:49:cf:b9:3d:34:f9:91:07:74:1d:ba:c7:
         37:ec:ae:5e:87:26:99:8f:0d:8c:fc:a5:98:48:7d:41:7a:01:
         ec:3f:c6:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUItMZlhGOehgcrzecAtd5yz+cgd8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMDMxODAzMjFaFw0yNzAyMDIxODA4MjFaMDMxMTAvBgNV
BAMTKDNFRUVDQTMwRDU5QTc2RUM2NDVFOTI5MzI3NDM1QzlGMDVCNjNGNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTDl6o1RuHY164dMD6YuZDEWKx
Q8DNsinL85cNgC5r68L7q35YMrae5L7ieH/qFI1xDxCQj3fIgMvhl6AdIckOQS+b
M1Y9cIaRWI0A7E4blUkjyJWRFKuBW1XTU26BsR193Mwr5opSE5qS0UCQ17LRNXfT
abRM6ogP0cY1fX0SILOdE6ZiXxi+//zmVIeI4UZNbvd3YIOzXkVKV4AVrpS4Th7p
RKvw7+yAVAtWKRRk43ZJ3/L7l9BslpA1IPMdPCvNkSYkzYny26hFfVs+af/F+iqO
/F5qisMqFnPKU7XfS6GVhpruLhYHHDit7TgRRf5a0tKewbFQ0xJay0j8X4rJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUPu7KMNWaduxkXpKTJ0NcnwW2P0YwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMTk5MjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQtxMA0GCSqGSIb3DQEBCwUAA4IBAQDI13kUZ/GwTaIeJyQ+rVzPP/ixvwJ7zzD4
mrnrowZKASmAmCY2Hwupb0gt8PrN1m2FVd/ZiEWSjM6sf9dyCrxUqrsdCubhNmU/
cj+8VNyl07Y2goh54n1xPSE5X+okOHEiC87TPQi+5GWcI8CsZGN3MbYlxEHvOE97
00soh60jeNMLLWdh1A7yo3r2DfSPoEkS/cL5H76WvVye2APASyYhsemrIb/mV40F
gd7Wh6uB9i5Do53dUzXSMSeGgIwnfHUimUvOaChLGwGhUtl1Xm5nlZ+L7V6fPONv
hz9DkxZJz7k9NPmRB3Qdusc37K5ehyaZjw2M/KWYSH1BegHsP8aR
-----END CERTIFICATE-----