Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          taKT+9e3Hvx2DdXfqsU5rFZBp4Eig5rfkF6GJj8m9ng=
Subject key identifier:   96:DC:C9:17:4C:0A:E7:E9:A4:CD:5A:8C:EC:CD:6C:16:40:2E:D0:82
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       3434CABF722B4A4CED02A4BA3478842A9739F155
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa
Signing time:             Thu 23 Oct 2025 02:36:37 +0000
ROA not before:           Thu 23 Oct 2025 02:31:37 +0000
ROA not after:            Thu 22 Oct 2026 02:36:37 +0000
asID:                     25198
IP address blocks:        193.32.187.0/24 maxlen: 24
                          212.115.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 06:08:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:34:ca:bf:72:2b:4a:4c:ed:02:a4:ba:34:78:84:2a:97:39:f1:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct 23 02:31:37 2025 GMT
            Not After : Oct 22 02:36:37 2026 GMT
        Subject: CN=96DCC9174C0AE7E9A4CD5A8CECCD6C16402ED082
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f1:a4:90:05:4f:ac:a1:4b:f7:71:66:32:dc:
                    92:c5:fc:33:96:1c:a4:8b:3f:53:21:f7:1c:09:59:
                    af:a0:bf:eb:d0:b5:04:51:d3:9a:1d:0d:52:ae:3c:
                    a6:59:01:18:88:2d:f9:de:9b:d4:5c:5d:6e:ce:c4:
                    4b:1c:82:8b:3f:be:4d:f9:3a:ed:c3:9d:4b:8c:58:
                    62:46:9c:c1:ce:81:17:59:40:3f:b8:8d:fb:07:a1:
                    92:e6:b4:4a:bb:5b:32:89:57:62:f0:08:8a:c9:13:
                    5d:b8:4b:e0:a9:41:ea:c2:4e:db:4f:da:7c:9b:ac:
                    84:60:8a:be:1e:9d:4e:1c:ca:e7:bd:dd:e1:a5:08:
                    60:89:fb:80:d4:de:c5:c9:e2:c3:c7:0a:fa:8e:76:
                    ca:a1:88:38:a1:7a:5c:ab:6d:d8:1f:12:fa:22:e8:
                    6f:13:4f:08:e1:bb:e7:29:65:43:be:15:fd:81:ca:
                    36:1e:3f:60:da:5a:e3:9d:8f:a7:0c:f3:6a:af:0b:
                    0b:bf:c2:1a:3d:3b:e0:a3:a4:63:bf:32:29:64:e9:
                    b8:ac:22:e7:69:b7:60:09:96:00:11:b5:44:f0:28:
                    6f:14:5d:2b:79:52:53:94:0c:52:93:59:19:96:8c:
                    dc:f5:5c:dd:14:8d:89:57:1c:17:f4:bf:2f:5c:9d:
                    47:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:DC:C9:17:4C:0A:E7:E9:A4:CD:5A:8C:EC:CD:6C:16:40:2E:D0:82
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.187.0/24
                  212.115.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:64:c5:d6:74:ba:cb:56:ca:a9:5b:20:45:b9:7f:6e:d4:86:
         c9:7a:1e:f5:b0:ea:98:72:e6:47:9b:f2:96:71:e2:b9:83:c1:
         f3:97:9d:bf:49:6d:13:7d:52:27:b1:e9:43:f0:c3:f8:04:b1:
         c0:5b:7c:90:42:37:1f:2a:39:e5:0a:b6:8a:68:ad:c5:aa:d7:
         c3:d9:01:25:eb:b1:a3:2a:1a:61:09:5c:55:47:5b:27:51:bf:
         ff:08:e5:f2:93:ea:dc:5b:62:62:1c:ef:90:85:51:e1:e1:15:
         e8:2c:6c:c8:6a:50:6c:76:54:f5:c9:9e:0e:b8:6f:34:18:a0:
         95:dc:e6:ff:7d:9c:1b:99:a0:3c:f9:95:73:83:2a:46:90:1b:
         79:1d:ae:24:d8:52:21:a1:0b:b0:a4:fc:27:b1:c7:a7:74:e3:
         5f:25:cc:11:04:17:a9:c4:72:fe:c3:e8:c7:40:07:d3:d4:b7:
         1a:37:7d:ff:92:70:26:05:46:51:3c:bc:21:c8:e9:ac:53:0a:
         9f:86:34:b2:08:86:8e:17:c7:b4:0c:41:12:d1:ac:f9:76:59:
         f2:54:bb:ed:69:f9:a7:79:34:d2:2b:a8:7a:19:61:67:9b:b1:
         52:5a:68:99:e6:80:bb:30:70:f6:4f:82:d7:b6:9c:f4:96:6c:
         4e:01:26:0c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUNDTKv3IrSkztAqS6NHiEKpc58VUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMjMwMjMxMzdaFw0yNjEwMjIwMjM2MzdaMDMxMTAvBgNV
BAMTKDk2RENDOTE3NEMwQUU3RTlBNENENUE4Q0VDQ0Q2QzE2NDAyRUQwODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+8aSQBU+soUv3cWYy3JLF/DOW
HKSLP1Mh9xwJWa+gv+vQtQRR05odDVKuPKZZARiILfnem9RcXW7OxEscgos/vk35
Ou3DnUuMWGJGnMHOgRdZQD+4jfsHoZLmtEq7WzKJV2LwCIrJE124S+CpQerCTttP
2nybrIRgir4enU4cyue93eGlCGCJ+4DU3sXJ4sPHCvqOdsqhiDihelyrbdgfEvoi
6G8TTwjhu+cpZUO+Ff2ByjYeP2DaWuOdj6cM82qvCwu/who9O+CjpGO/Milk6bis
Iudpt2AJlgARtUTwKG8UXSt5UlOUDFKTWRmWjNz1XN0UjYlXHBf0vy9cnUfJAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUltzJF0wK5+mkzVqM7M1sFkAu0IIwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBADBILsD
BADUc2YwDQYJKoZIhvcNAQELBQADggEBACpkxdZ0ustWyqlbIEW5f27Uhsl6HvWw
6phy5keb8pZx4rmDwfOXnb9JbRN9Uiex6UPww/gEscBbfJBCNx8qOeUKtoporcWq
18PZASXrsaMqGmEJXFVHWydRv/8I5fKT6txbYmIc75CFUeHhFegsbMhqUGx2VPXJ
ng64bzQYoJXc5v99nBuZoDz5lXODKkaQG3kdriTYUiGhC7Ck/Cexx6d0418lzBEE
F6nEcv7D6MdAB9PUtxo3ff+ScCYFRlE8vCHI6axTCp+GNLIIho4Xx7QMQRLRrPl2
WfJUu+1p+ad5NNIrqHoZYWebsVJaaJnmgLswcPZPgte2nPSWbE4BJgw=
-----END CERTIFICATE-----