Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS198810.roa
File:                     AS198810.roa (raw, json)
Hash identifier:          E8PyNjwEWOthMk10xtUfysjpObjV4xZTmbz8IIOBU2I=
Subject key identifier:   17:EC:25:CD:CE:CE:17:21:6E:2C:E8:E5:62:E6:94:89:FE:4C:B1:23
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       59DCBA9B19B50574B637FC2D70F85715672BD39C
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS198810.roa
Signing time:             Fri 05 Jun 2026 09:05:10 +0000
ROA not before:           Fri 05 Jun 2026 09:00:10 +0000
ROA not after:            Fri 04 Jun 2027 09:05:10 +0000
asID:                     198810
IP address blocks:        188.220.35.0/24 maxlen: 24
                          188.220.47.0/24 maxlen: 24
                          188.220.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:dc:ba:9b:19:b5:05:74:b6:37:fc:2d:70:f8:57:15:67:2b:d3:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  5 09:00:10 2026 GMT
            Not After : Jun  4 09:05:10 2027 GMT
        Subject: CN=17EC25CDCECE17216E2CE8E562E69489FE4CB123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:bc:fe:6e:95:df:10:97:f6:60:97:44:a9:ba:
                    70:db:9c:f7:5a:94:48:d9:14:f0:4c:1a:d0:b5:0d:
                    cd:47:68:4a:29:a6:9a:56:4c:35:9b:78:a0:41:50:
                    5d:18:9b:26:c8:ff:84:10:af:4f:64:29:55:69:84:
                    c4:c1:b8:65:54:bf:78:76:07:f6:91:7b:f3:ac:24:
                    8b:ff:ab:b8:de:c9:76:11:42:c8:00:80:6b:50:e3:
                    ce:60:c2:0b:4c:fd:6b:45:e6:f1:25:84:c2:5c:f0:
                    5b:da:f9:bf:44:ac:ae:5d:ac:30:c2:f4:b3:7e:4b:
                    ac:63:53:f9:22:da:69:5a:89:aa:c8:8f:6d:a2:3f:
                    a8:8d:f0:17:82:f4:43:a1:dd:73:78:76:c6:83:c4:
                    bc:4b:3b:43:fc:3f:94:8c:a3:5c:0e:31:04:35:63:
                    14:23:13:31:98:cd:fe:8e:05:34:7a:8c:90:62:11:
                    27:e8:d4:40:0c:f7:ad:1e:29:8b:b6:40:82:ce:d3:
                    72:21:96:67:e7:19:c9:32:83:ab:7a:e8:99:cf:10:
                    bb:40:14:84:ca:ca:89:e5:62:ac:1b:86:d6:44:3d:
                    37:e2:17:a0:26:ac:49:db:76:ea:11:21:e3:6e:72:
                    f1:a8:36:b3:b3:58:14:1e:05:b0:85:f7:74:8c:88:
                    b5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:EC:25:CD:CE:CE:17:21:6E:2C:E8:E5:62:E6:94:89:FE:4C:B1:23
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS198810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.35.0/24
                  188.220.47.0/24
                  188.220.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ee:6b:47:1f:05:b9:95:1e:07:9d:ee:57:40:78:90:d3:39:
         ee:42:c0:4d:93:b8:f4:cf:27:72:93:f5:6d:a2:22:0c:2e:97:
         fb:e0:c5:03:3f:f4:b6:61:84:40:65:d7:e2:39:fb:eb:74:e8:
         a6:5a:f6:fe:35:8e:8d:5e:7c:a7:2e:61:f2:53:52:97:b9:3a:
         ed:c5:47:1a:b6:35:15:59:d2:9b:6b:8a:d7:75:27:0e:46:44:
         ed:53:72:b3:71:17:0c:6b:dc:0b:99:d1:e6:bd:78:4d:84:86:
         fb:0c:1e:a6:35:b1:00:5e:d8:92:f6:ca:96:69:d0:b5:e8:c6:
         78:57:8b:32:d4:17:db:85:e1:57:eb:86:f0:6f:be:30:03:a6:
         0a:e5:44:cc:27:4d:66:4a:b3:6a:35:60:e1:88:22:2f:5d:54:
         0b:16:31:2d:95:ce:71:a7:c9:84:44:ab:70:30:1c:f1:82:a9:
         bd:2a:ac:01:5f:06:b8:2a:c4:a9:1d:c9:9c:7c:2b:44:60:bb:
         28:9a:05:2a:4c:1c:d7:41:3a:06:3d:c2:e2:30:11:ea:21:04:
         b1:7a:e6:2d:97:1e:32:1d:cd:cd:8d:9b:a4:8b:83:24:1c:6e:
         dc:52:f6:9b:eb:be:a8:80:a2:1b:91:70:4f:64:31:be:13:1f:
         96:11:9c:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUWdy6mxm1BXS2N/wtcPhXFWcr05wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDUwOTAwMTBaFw0yNzA2MDQwOTA1MTBaMDMxMTAvBgNV
BAMTKDE3RUMyNUNEQ0VDRTE3MjE2RTJDRThFNTYyRTY5NDg5RkU0Q0IxMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuvP5uld8Ql/Zgl0SpunDbnPda
lEjZFPBMGtC1Dc1HaEoppppWTDWbeKBBUF0YmybI/4QQr09kKVVphMTBuGVUv3h2
B/aRe/OsJIv/q7jeyXYRQsgAgGtQ485gwgtM/WtF5vElhMJc8Fva+b9ErK5drDDC
9LN+S6xjU/ki2mlaiarIj22iP6iN8BeC9EOh3XN4dsaDxLxLO0P8P5SMo1wOMQQ1
YxQjEzGYzf6OBTR6jJBiESfo1EAM960eKYu2QILO03IhlmfnGckyg6t66JnPELtA
FITKyonlYqwbhtZEPTfiF6AmrEnbduoRIeNucvGoNrOzWBQeBbCF93SMiLXpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUF+wlzc7OFyFuLOjlYuaUif5MsSMwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTk4ODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvNwj
AwQAvNwvAwQAvNw4MA0GCSqGSIb3DQEBCwUAA4IBAQCS7mtHHwW5lR4Hne5XQHiQ
0znuQsBNk7j0zydyk/VtoiIMLpf74MUDP/S2YYRAZdfiOfvrdOimWvb+NY6NXnyn
LmHyU1KXuTrtxUcatjUVWdKba4rXdScORkTtU3KzcRcMa9wLmdHmvXhNhIb7DB6m
NbEAXtiS9sqWadC16MZ4V4sy1BfbheFX64bwb74wA6YK5UTMJ01mSrNqNWDhiCIv
XVQLFjEtlc5xp8mERKtwMBzxgqm9KqwBXwa4KsSpHcmcfCtEYLsomgUqTBzXQToG
PcLiMBHqIQSxeuYtlx4yHc3NjZuki4MkHG7cUvab676ogKIbkXBPZDG+Ex+WEZwD
-----END CERTIFICATE-----