Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS199746.roa
File:                     AS199746.roa (raw, json)
Hash identifier:          cNsk3lzrI8gyA1J9BF0KFAZgun3o7cY5JkBixWFm+tg=
Subject key identifier:   22:A1:52:EF:86:64:80:7D:36:C3:95:1A:61:5B:E9:A8:98:31:F6:1D
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1801012C607B7034A40095E2D91361EAE17D6E9D
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS199746.roa
Signing time:             Wed 08 Apr 2026 23:48:55 +0000
ROA not before:           Wed 08 Apr 2026 23:43:55 +0000
ROA not after:            Wed 07 Apr 2027 23:48:55 +0000
asID:                     199746
IP address blocks:        2a14:7585::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 18:07:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:01:01:2c:60:7b:70:34:a4:00:95:e2:d9:13:61:ea:e1:7d:6e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr  8 23:43:55 2026 GMT
            Not After : Apr  7 23:48:55 2027 GMT
        Subject: CN=22A152EF8664807D36C3951A615BE9A89831F61D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f4:54:19:19:f2:06:4d:5c:8f:74:be:f2:d7:
                    21:dc:ec:4d:50:51:42:c5:bf:c0:1f:ba:12:64:40:
                    1e:fe:be:dc:74:01:57:52:c2:49:83:3c:f8:3c:cf:
                    bf:25:47:bb:da:16:98:df:a3:50:ae:4c:4d:ac:64:
                    7d:8f:c5:51:b8:ee:67:e2:5f:6e:2d:88:69:63:78:
                    f6:d0:4a:86:64:43:df:cd:ac:e2:2b:9c:28:99:9a:
                    44:ee:5d:03:a4:c0:6a:92:da:61:70:2d:c2:87:b4:
                    54:24:05:b2:dd:11:63:33:1e:0a:6a:84:8d:7f:74:
                    91:84:0f:84:f5:bf:6a:83:09:55:6e:bd:cb:65:c1:
                    f2:8b:96:37:0d:ff:23:c2:53:49:b2:0c:60:ef:7c:
                    f3:c5:ce:eb:70:d4:90:62:d6:02:f4:e2:8e:a1:5e:
                    50:73:64:81:c1:97:57:7a:e8:7f:54:6d:09:8c:29:
                    ea:4b:0f:2b:20:07:0a:64:31:54:34:4b:62:dc:0b:
                    4b:e1:be:6c:44:01:17:2f:f0:4d:3b:5c:69:ec:a4:
                    60:5b:bc:da:e8:c4:52:23:b8:9e:2c:27:15:1c:28:
                    4e:fd:32:28:ce:eb:6c:dc:1f:12:1b:1b:c3:9a:a8:
                    b4:aa:5c:31:3a:4b:5d:52:1a:eb:af:86:3a:b6:22:
                    68:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A1:52:EF:86:64:80:7D:36:C3:95:1A:61:5B:E9:A8:98:31:F6:1D
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS199746.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7585::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:dc:40:a0:97:39:30:b2:4a:fa:bb:b7:62:ef:bf:76:d7:d3:
         36:09:92:ac:2d:e0:7d:c5:c2:c9:b5:41:77:01:bd:6a:8d:03:
         e0:0e:4e:22:9c:26:18:a7:fe:6d:42:3e:ce:a9:fe:97:43:2b:
         9e:5a:26:74:fd:d0:0d:89:c9:16:de:85:98:ab:a8:f8:55:6f:
         34:84:76:7c:9d:30:f4:80:47:53:93:4d:e4:a5:d0:81:04:d7:
         e6:69:c5:7f:88:a0:55:ce:6c:a2:92:12:06:5d:54:cd:fb:bc:
         41:55:83:8c:0f:89:26:11:8c:8b:a6:78:a6:e5:09:67:27:8c:
         1c:05:a3:b0:0e:1b:bb:e2:4f:67:85:9e:86:07:28:da:23:be:
         28:b2:ad:f2:f4:ae:5e:f7:f2:14:38:df:78:42:33:98:77:90:
         b4:88:1b:ca:89:38:6f:41:3d:8a:bb:2f:52:da:16:b3:be:b8:
         f0:cd:6f:e7:4a:92:3e:ac:ff:53:2d:c2:49:75:45:ac:09:3f:
         1d:03:eb:f4:e8:cc:7c:91:02:a4:8f:20:ae:4f:1b:4e:8f:de:
         0f:18:00:19:39:84:5a:b2:98:c1:60:cf:0e:69:6d:a8:d0:e9:
         18:e4:b6:35:7e:cf:8f:bf:74:8c:c9:7a:4b:c4:be:35:d8:4f:
         a0:50:c9:4e
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUGAEBLGB7cDSkAJXi2RNh6uF9bp0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA0MDgyMzQzNTVaFw0yNzA0MDcyMzQ4NTVaMDMxMTAvBgNV
BAMTKDIyQTE1MkVGODY2NDgwN0QzNkMzOTUxQTYxNUJFOUE4OTgzMUY2MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC89FQZGfIGTVyPdL7y1yHc7E1Q
UULFv8AfuhJkQB7+vtx0AVdSwkmDPPg8z78lR7vaFpjfo1CuTE2sZH2PxVG47mfi
X24tiGljePbQSoZkQ9/NrOIrnCiZmkTuXQOkwGqS2mFwLcKHtFQkBbLdEWMzHgpq
hI1/dJGED4T1v2qDCVVuvctlwfKLljcN/yPCU0myDGDvfPPFzutw1JBi1gL04o6h
XlBzZIHBl1d66H9UbQmMKepLDysgBwpkMVQ0S2LcC0vhvmxEARcv8E07XGnspGBb
vNroxFIjuJ4sJxUcKE79MijO62zcHxIbG8OaqLSqXDE6S11SGuuvhjq2ImhlAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUIqFS74ZkgH02w5UaYVvpqJgx9h0wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTk5NzQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhR1
hTANBgkqhkiG9w0BAQsFAAOCAQEAhtxAoJc5MLJK+ru3Yu+/dtfTNgmSrC3gfcXC
ybVBdwG9ao0D4A5OIpwmGKf+bUI+zqn+l0MrnlomdP3QDYnJFt6FmKuo+FVvNIR2
fJ0w9IBHU5NN5KXQgQTX5mnFf4igVc5sopISBl1Uzfu8QVWDjA+JJhGMi6Z4puUJ
ZyeMHAWjsA4bu+JPZ4Wehgco2iO+KLKt8vSuXvfyFDjfeEIzmHeQtIgbyok4b0E9
irsvUtoWs7648M1v50qSPqz/Uy3CSXVFrAk/HQPr9OjMfJECpI8grk8bTo/eDxgA
GTmEWrKYwWDPDmltqNDpGOS2NX7Pj790jMl6S8S+NdhPoFDJTg==
-----END CERTIFICATE-----