Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS199133.roa
File:                     AS199133.roa (raw, json)
Hash identifier:          N2S9081s9VLAqucNPUTtSmPk9L654h3DOHOXPnabUqQ=
Subject key identifier:   04:99:19:33:E8:80:AC:6D:4F:D8:84:AD:48:49:4C:8A:63:18:F2:F9
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       6506D7F0C08D3A392F4A164700B01244E674E10B
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS199133.roa
Signing time:             Fri 10 Apr 2026 16:53:10 +0000
ROA not before:           Fri 10 Apr 2026 16:48:10 +0000
ROA not after:            Fri 09 Apr 2027 16:53:10 +0000
asID:                     199133
IP address blocks:        2a14:7583:e304::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 18:07:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:06:d7:f0:c0:8d:3a:39:2f:4a:16:47:00:b0:12:44:e6:74:e1:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr 10 16:48:10 2026 GMT
            Not After : Apr  9 16:53:10 2027 GMT
        Subject: CN=04991933E880AC6D4FD884AD48494C8A6318F2F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:99:d0:1a:6d:57:2d:06:48:de:eb:ac:f8:34:
                    2c:c1:36:ef:2d:e4:18:50:dc:4f:6a:45:0f:17:ab:
                    f6:37:46:a6:80:33:6b:3b:04:45:1e:30:51:05:0f:
                    45:f7:a4:29:ef:b1:99:da:ab:62:93:42:0e:68:69:
                    f4:a8:7a:37:c2:a9:bd:c4:98:32:73:64:68:8c:da:
                    53:a4:80:28:2c:a4:57:31:ae:19:1e:42:00:b1:56:
                    ac:af:bc:c3:f4:76:d6:bb:8f:64:11:70:a6:a3:b2:
                    ad:68:e6:43:ed:fa:38:e6:dd:a5:76:c3:38:38:b6:
                    e4:a2:ff:78:1a:ef:91:a2:9c:93:d5:29:91:71:8d:
                    e7:55:80:07:1d:ec:fc:6e:65:e3:7a:19:58:b6:6d:
                    b1:2d:06:9f:e9:fd:2f:11:dd:7a:15:05:35:2e:86:
                    10:7d:7e:de:7f:b6:4e:4d:3a:22:25:ea:aa:4a:9b:
                    46:80:7b:f7:6d:b4:3c:db:06:54:40:df:76:fe:3d:
                    9c:27:55:c6:9e:39:43:2b:f0:4c:ce:24:34:2c:2f:
                    f6:6a:ae:9d:f1:ba:9b:95:6e:c6:68:98:71:40:2a:
                    d4:c2:ba:78:6b:81:ed:1a:1f:bf:e1:b5:70:fc:fe:
                    ea:25:b2:97:20:de:22:fa:6c:27:a6:cd:af:e2:59:
                    02:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:99:19:33:E8:80:AC:6D:4F:D8:84:AD:48:49:4C:8A:63:18:F2:F9
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS199133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:e304::/46

    Signature Algorithm: sha256WithRSAEncryption
         8a:b7:2b:ba:d3:b9:8a:82:6e:54:20:49:e6:f7:01:53:16:61:
         eb:00:25:c7:f0:fe:6e:3c:94:b7:10:ad:f6:c2:33:7c:87:ac:
         c8:bf:64:54:d3:48:4e:c4:df:b3:b5:ca:f8:b9:7c:2c:ac:06:
         df:af:32:4d:e4:cd:4e:e5:44:c7:47:6c:81:0d:6b:da:a1:f0:
         90:db:c5:3f:b4:ae:44:3e:8d:bb:b2:bd:86:23:9f:61:86:84:
         d3:f2:f9:99:c0:4e:6e:a1:84:46:5f:e8:06:81:de:03:9d:2b:
         7b:aa:1a:0a:23:d2:db:fc:34:3f:1d:8c:36:1c:88:69:99:f6:
         ad:ff:dc:b1:9a:34:7f:f9:ab:05:30:70:6e:2e:a8:56:ee:f7:
         43:39:51:71:c7:27:a6:1b:6f:2f:0a:3a:8b:d7:fc:88:b6:ac:
         4a:55:9b:ae:93:ec:d0:27:1e:c6:9a:7f:d7:db:1d:df:c2:02:
         05:aa:e7:11:fe:81:04:02:d2:bf:0d:6a:18:18:d9:07:25:2a:
         b0:be:33:11:c6:4c:6b:68:16:b5:3c:a1:ad:a2:25:5c:e3:9e:
         1d:57:cd:6a:42:e1:3d:0c:50:d8:51:4e:2a:45:b1:7f:79:0e:
         c6:af:77:ae:40:c6:50:5a:aa:65:12:2e:6d:00:ed:d2:c2:c9:
         08:78:26:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZQbX8MCNOjkvShZHALASROZ04QswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA0MTAxNjQ4MTBaFw0yNzA0MDkxNjUzMTBaMDMxMTAvBgNV
BAMTKDA0OTkxOTMzRTg4MEFDNkQ0RkQ4ODRBRDQ4NDk0QzhBNjMxOEYyRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmdAabVctBkje66z4NCzBNu8t
5BhQ3E9qRQ8Xq/Y3RqaAM2s7BEUeMFEFD0X3pCnvsZnaq2KTQg5oafSoejfCqb3E
mDJzZGiM2lOkgCgspFcxrhkeQgCxVqyvvMP0dta7j2QRcKajsq1o5kPt+jjm3aV2
wzg4tuSi/3ga75GinJPVKZFxjedVgAcd7PxuZeN6GVi2bbEtBp/p/S8R3XoVBTUu
hhB9ft5/tk5NOiIl6qpKm0aAe/dttDzbBlRA33b+PZwnVcaeOUMr8EzOJDQsL/Zq
rp3xupuVbsZomHFAKtTCunhrge0aH7/htXD8/uolspcg3iL6bCemza/iWQLHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUBJkZM+iArG1P2IStSElMimMY8vkwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTk5MTMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhR1
g+MEMA0GCSqGSIb3DQEBCwUAA4IBAQCKtyu607mKgm5UIEnm9wFTFmHrACXH8P5u
PJS3EK32wjN8h6zIv2RU00hOxN+ztcr4uXwsrAbfrzJN5M1O5UTHR2yBDWvaofCQ
28U/tK5EPo27sr2GI59hhoTT8vmZwE5uoYRGX+gGgd4DnSt7qhoKI9Lb/DQ/HYw2
HIhpmfat/9yxmjR/+asFMHBuLqhW7vdDOVFxxyemG28vCjqL1/yItqxKVZuuk+zQ
Jx7Gmn/X2x3fwgIFqucR/oEEAtK/DWoYGNkHJSqwvjMRxkxraBa1PKGtoiVc454d
V81qQuE9DFDYUU4qRbF/eQ7Gr3euQMZQWqplEi5tAO3SwskIeCai
-----END CERTIFICATE-----