Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS198487.roa
File:                     AS198487.roa (raw, json)
Hash identifier:          mdm2byf8jWPBMZrWvgA+7XhUdotKmUU++Mf8e/7ae5Y=
Subject key identifier:   78:49:04:20:CA:34:24:49:74:72:B1:70:62:AB:35:EA:63:EA:63:26
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       72091C306C9DA76DC6C576261729DA57F4700DE6
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS198487.roa
Signing time:             Thu 11 Jun 2026 07:25:36 +0000
ROA not before:           Thu 11 Jun 2026 07:20:36 +0000
ROA not after:            Thu 10 Jun 2027 07:25:36 +0000
asID:                     198487
IP address blocks:        51.194.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:09:1c:30:6c:9d:a7:6d:c6:c5:76:26:17:29:da:57:f4:70:0d:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 11 07:20:36 2026 GMT
            Not After : Jun 10 07:25:36 2027 GMT
        Subject: CN=78490420CA3424497472B17062AB35EA63EA6326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fb:12:10:6d:58:2a:63:7a:df:3a:f6:72:b3:
                    53:35:89:e6:5a:63:6a:25:de:5d:d7:31:6c:62:a7:
                    40:db:ef:39:2f:39:fb:d6:7e:a4:95:1e:e2:ab:e0:
                    54:ed:8b:79:8c:ad:ee:5b:e8:7d:eb:34:0e:e8:9d:
                    5d:ff:85:33:0d:58:67:d9:c3:e7:cc:79:8a:47:5d:
                    1b:1d:dd:60:08:05:a4:18:72:d5:58:43:9c:66:63:
                    b9:b9:36:11:a4:f5:65:a2:84:06:7a:43:20:96:d2:
                    16:fe:93:25:21:cc:99:79:a1:03:1b:36:4e:c4:6b:
                    6a:ce:f9:3f:7c:c6:3b:b2:f9:99:c5:c4:b7:26:97:
                    74:4a:7c:e2:23:bb:3c:03:17:42:8f:23:25:33:e1:
                    26:5d:95:94:5f:0c:41:42:0b:04:19:df:a8:35:1a:
                    2e:9c:7f:23:47:37:ec:7e:c4:a6:1c:17:97:16:5a:
                    fd:f2:3e:e4:d8:5d:ee:54:e2:65:4c:ee:b4:01:f0:
                    57:29:66:ee:c6:60:3f:24:69:46:5d:e5:8d:81:ae:
                    7f:82:99:31:79:e9:dc:d8:74:12:63:b5:ef:c6:d2:
                    22:4d:43:41:1d:15:1c:21:d7:62:2d:d4:23:fe:81:
                    8e:22:59:e7:fb:e6:5a:ce:b6:7c:2a:59:a2:b4:ac:
                    de:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:49:04:20:CA:34:24:49:74:72:B1:70:62:AB:35:EA:63:EA:63:26
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS198487.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e0:20:67:c8:98:7b:ee:08:ab:b1:0f:f0:23:b2:74:43:c9:
         e1:6f:5a:13:3b:40:62:bd:64:0a:fc:ce:16:16:fc:ea:df:e7:
         fa:b1:28:55:56:bf:cc:71:45:dc:00:60:13:af:59:5f:1d:af:
         4f:7b:51:8c:37:d8:96:c4:e2:cc:a6:6c:08:a3:3b:a0:4c:e0:
         de:64:53:c5:8b:bd:81:9a:10:06:44:22:62:c0:32:7d:cc:a6:
         8a:00:19:a4:60:81:48:a6:77:b8:d4:17:f8:5e:a7:a8:e7:96:
         1d:43:d5:5b:7f:45:3f:09:9b:43:2c:b7:89:db:85:44:41:12:
         05:df:70:57:f0:2b:40:82:9d:9c:ce:bf:5e:fc:58:95:f7:dd:
         c2:70:25:42:e2:88:53:ab:93:4e:06:eb:7c:da:3e:93:11:c9:
         ed:31:cf:8f:df:70:2f:52:78:fe:e2:a1:11:05:39:d8:f9:81:
         63:8f:51:8e:ed:a0:ae:65:83:6c:93:19:31:d6:7a:c2:e5:ef:
         18:64:46:6d:b2:f6:62:71:bc:22:e4:95:c1:64:bd:10:6b:38:
         09:30:41:c1:f6:95:bb:87:3f:8d:a1:cb:6a:eb:18:0f:0f:95:
         cc:f3:f0:7f:7f:82:48:44:ac:c7:21:5d:a6:b4:bf:ff:72:5c:
         11:04:ff:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcgkcMGydp23GxXYmFynaV/RwDeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MTEwNzIwMzZaFw0yNzA2MTAwNzI1MzZaMDMxMTAvBgNV
BAMTKDc4NDkwNDIwQ0EzNDI0NDk3NDcyQjE3MDYyQUIzNUVBNjNFQTYzMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+xIQbVgqY3rfOvZys1M1ieZa
Y2ol3l3XMWxip0Db7zkvOfvWfqSVHuKr4FTti3mMre5b6H3rNA7onV3/hTMNWGfZ
w+fMeYpHXRsd3WAIBaQYctVYQ5xmY7m5NhGk9WWihAZ6QyCW0hb+kyUhzJl5oQMb
Nk7Ea2rO+T98xjuy+ZnFxLcml3RKfOIjuzwDF0KPIyUz4SZdlZRfDEFCCwQZ36g1
Gi6cfyNHN+x+xKYcF5cWWv3yPuTYXe5U4mVM7rQB8FcpZu7GYD8kaUZd5Y2Brn+C
mTF56dzYdBJjte/G0iJNQ0EdFRwh12It1CP+gY4iWef75lrOtnwqWaK0rN5RAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeEkEIMo0JEl0crFwYqs16mPqYyYwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTk4NDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAM8JA
MA0GCSqGSIb3DQEBCwUAA4IBAQAS4CBnyJh77girsQ/wI7J0Q8nhb1oTO0BivWQK
/M4WFvzq3+f6sShVVr/McUXcAGATr1lfHa9Pe1GMN9iWxOLMpmwIozugTODeZFPF
i72BmhAGRCJiwDJ9zKaKABmkYIFIpne41Bf4Xqeo55YdQ9Vbf0U/CZtDLLeJ24VE
QRIF33BX8CtAgp2czr9e/FiV993CcCVC4ohTq5NOBut82j6TEcntMc+P33AvUnj+
4qERBTnY+YFjj1GO7aCuZYNskxkx1nrC5e8YZEZtsvZicbwi5JXBZL0QazgJMEHB
9pW7hz+Noctq6xgPD5XM8/B/f4JIRKzHIV2mtL//clwRBP+1
-----END CERTIFICATE-----