Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS197200.roa
File:                     AS197200.roa (raw, json)
Hash identifier:          YUZAwJceZC0BXFqNmKstht5FMs4ecnSg4TjAs52FtXk=
Subject key identifier:   F9:DA:9F:E8:D0:50:CD:D8:3A:B3:2C:22:C1:00:38:8B:17:A1:B9:6D
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       57893E5746D9F137A7523C63D4E3A0E47FA89939
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS197200.roa
Signing time:             Fri 05 Jun 2026 09:05:09 +0000
ROA not before:           Fri 05 Jun 2026 09:00:09 +0000
ROA not after:            Fri 04 Jun 2027 09:05:09 +0000
asID:                     197200
IP address blocks:        188.220.35.0/24 maxlen: 24
                          188.220.47.0/24 maxlen: 24
                          188.220.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:89:3e:57:46:d9:f1:37:a7:52:3c:63:d4:e3:a0:e4:7f:a8:99:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  5 09:00:09 2026 GMT
            Not After : Jun  4 09:05:09 2027 GMT
        Subject: CN=F9DA9FE8D050CDD83AB32C22C100388B17A1B96D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:64:a0:a2:0a:ae:4e:e3:93:2d:96:e2:f7:56:
                    14:66:ad:4a:eb:f9:dc:4d:bb:8f:63:ac:bb:5d:aa:
                    ef:b8:78:28:16:ce:28:b5:87:f5:74:bc:fe:a4:f4:
                    95:1e:25:10:44:00:3f:57:b9:4f:e1:88:e5:6a:38:
                    86:4a:38:62:73:a7:2d:ed:eb:31:cc:fc:5c:2e:4a:
                    39:c0:ed:01:96:f3:77:a0:97:c4:cf:7f:44:e9:a0:
                    1c:8c:37:1a:cf:bd:33:53:59:a0:7a:2f:bf:e1:0a:
                    55:11:43:70:b6:55:d0:2b:db:24:e8:77:dd:23:16:
                    12:0d:de:81:c8:30:b8:33:94:bd:b3:d3:ae:51:65:
                    d9:b9:90:28:5b:7c:1a:34:dd:9e:ac:31:6a:cd:74:
                    e4:b7:ca:46:ec:18:5f:9e:60:79:b5:33:e1:a6:26:
                    a9:1a:0b:a9:fc:de:bb:01:45:6b:27:47:81:0c:96:
                    a9:1b:10:5f:c1:d9:0d:05:52:fa:d9:cf:5d:f4:eb:
                    d8:dc:3f:0b:53:4c:8f:b0:37:01:d6:39:bc:b0:14:
                    56:48:79:29:51:86:f0:02:8c:30:25:1b:21:27:94:
                    f8:49:c1:47:c7:1f:04:fe:e0:eb:23:52:b0:4e:04:
                    29:e3:9f:39:31:57:d1:7e:42:6f:14:a9:2a:2e:25:
                    bf:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:DA:9F:E8:D0:50:CD:D8:3A:B3:2C:22:C1:00:38:8B:17:A1:B9:6D
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS197200.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.35.0/24
                  188.220.47.0/24
                  188.220.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:71:15:c2:97:a3:5c:f3:eb:92:00:4b:9f:bc:72:cc:dc:8e:
         ba:02:04:a4:dc:62:30:bf:41:54:eb:12:ad:fb:9d:b2:94:b3:
         7a:d4:74:b6:b2:4a:1d:44:bd:b4:60:0a:e7:5a:ff:0c:39:a3:
         12:ee:f4:39:51:92:4d:ce:70:78:35:48:56:45:9e:d9:bf:da:
         ad:3a:45:72:3e:e9:80:97:b5:ce:92:93:7f:70:76:08:e5:36:
         80:91:61:e0:c5:53:8f:70:06:55:7e:b3:01:f3:fd:68:8d:4a:
         1c:5c:fa:98:6f:f4:05:60:78:06:61:1a:f5:58:09:6c:66:22:
         0f:be:7a:0f:a0:ca:a2:cd:04:c4:fa:f6:d9:ad:03:9b:46:dd:
         d5:e1:b8:1b:9a:50:d1:14:35:6f:20:5c:6e:17:31:b6:38:e1:
         1d:dd:d7:6d:c6:60:ea:ca:16:8f:86:1e:25:dd:ea:fb:63:7d:
         c2:92:28:c2:97:b1:d1:64:dc:73:d5:21:a6:5c:1e:21:57:5a:
         34:01:ae:eb:bb:c2:1b:35:c8:5f:da:a2:ff:bd:2f:00:4b:e4:
         42:20:0a:51:40:99:e8:57:30:27:d9:76:2a:76:cd:e7:87:14:
         3c:5d:90:bb:5b:cf:64:ca:e7:1e:7b:88:97:8b:2e:df:f1:ce:
         35:3d:c4:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUV4k+V0bZ8TenUjxj1OOg5H+omTkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDUwOTAwMDlaFw0yNzA2MDQwOTA1MDlaMDMxMTAvBgNV
BAMTKEY5REE5RkU4RDA1MENERDgzQUIzMkMyMkMxMDAzODhCMTdBMUI5NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnZKCiCq5O45MtluL3VhRmrUrr
+dxNu49jrLtdqu+4eCgWzii1h/V0vP6k9JUeJRBEAD9XuU/hiOVqOIZKOGJzpy3t
6zHM/FwuSjnA7QGW83egl8TPf0TpoByMNxrPvTNTWaB6L7/hClURQ3C2VdAr2yTo
d90jFhIN3oHIMLgzlL2z065RZdm5kChbfBo03Z6sMWrNdOS3ykbsGF+eYHm1M+Gm
JqkaC6n83rsBRWsnR4EMlqkbEF/B2Q0FUvrZz13069jcPwtTTI+wNwHWObywFFZI
eSlRhvACjDAlGyEnlPhJwUfHHwT+4OsjUrBOBCnjnzkxV9F+Qm8UqSouJb+rAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU+dqf6NBQzdg6sywiwQA4ixehuW0wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTk3MjAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvNwj
AwQAvNwvAwQAvNw4MA0GCSqGSIb3DQEBCwUAA4IBAQAWcRXCl6Nc8+uSAEufvHLM
3I66AgSk3GIwv0FU6xKt+52ylLN61HS2skodRL20YArnWv8MOaMS7vQ5UZJNznB4
NUhWRZ7Zv9qtOkVyPumAl7XOkpN/cHYI5TaAkWHgxVOPcAZVfrMB8/1ojUocXPqY
b/QFYHgGYRr1WAlsZiIPvnoPoMqizQTE+vbZrQObRt3V4bgbmlDRFDVvIFxuFzG2
OOEd3ddtxmDqyhaPhh4l3er7Y33CkijCl7HRZNxz1SGmXB4hV1o0Aa7ru8IbNchf
2qL/vS8AS+RCIApRQJnoVzAn2XYqds3nhxQ8XZC7W89kyucee4iXiy7f8c41PcQm
-----END CERTIFICATE-----