Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198250.roa
File:                     AS198250.roa (raw, json)
Hash identifier:          xjVUzXLjwyICyLaRLTld9P1XiKLkUFscUJUnZy4Tb/4=
Subject key identifier:   8D:5E:CB:49:B8:8F:E3:70:4F:98:42:14:5E:44:39:2C:53:25:2E:EC
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       011D594A8D73E2B54C542D40397DEB7842F014DC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198250.roa
Signing time:             Sun 12 Apr 2026 06:11:40 +0000
ROA not before:           Sun 12 Apr 2026 06:06:40 +0000
ROA not after:            Sun 11 Apr 2027 06:11:40 +0000
asID:                     198250
IP address blocks:        141.11.32.0/24 maxlen: 24
                          141.11.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:1d:59:4a:8d:73:e2:b5:4c:54:2d:40:39:7d:eb:78:42:f0:14:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 12 06:06:40 2026 GMT
            Not After : Apr 11 06:11:40 2027 GMT
        Subject: CN=8D5ECB49B88FE3704F9842145E44392C53252EEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8b:c3:a1:69:19:64:4a:26:65:82:32:1c:a7:
                    a9:27:c4:4b:1d:1c:cf:ba:0b:93:7f:f9:19:5e:90:
                    de:54:2e:98:a8:fa:33:62:ec:9b:0c:52:56:44:4c:
                    b9:7b:38:1b:6d:5c:e2:e1:1b:83:03:f1:3c:7d:50:
                    8a:2e:be:0f:32:00:15:a1:7b:63:41:3e:b1:1e:53:
                    56:78:1e:2c:ef:08:c5:f3:d2:b0:81:65:fb:a4:fa:
                    c9:b1:31:08:cb:db:d8:50:73:8c:bd:ed:ef:f7:db:
                    8f:21:78:38:e6:44:99:6b:0c:c7:17:e3:bb:68:d3:
                    30:b1:65:7a:ca:94:00:e3:81:8e:de:bb:02:09:58:
                    e1:01:d8:93:8c:4a:47:01:bc:c1:a7:20:04:8f:33:
                    b9:ce:15:44:20:fa:0c:4e:db:23:3e:75:c9:5c:52:
                    82:f3:18:95:cd:46:24:c7:36:23:ba:e7:4b:f2:61:
                    7d:cf:35:b3:0f:98:44:14:83:5a:fb:5d:6c:54:08:
                    06:d4:01:23:1f:7c:ff:df:8e:99:af:c6:5b:d4:2e:
                    e0:1e:31:83:ab:f7:86:3c:fb:dc:d0:8d:eb:50:8a:
                    b0:5a:6b:99:b0:c7:66:de:b2:2b:e9:c4:cc:7c:ee:
                    73:3f:11:5a:47:e2:4c:70:f6:2e:a6:f6:46:72:0d:
                    54:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5E:CB:49:B8:8F:E3:70:4F:98:42:14:5E:44:39:2C:53:25:2E:EC
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS198250.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.32.0/24
                  141.11.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:51:ee:9e:74:8c:b1:9e:3a:54:bc:1e:25:12:83:87:8c:06:
         10:94:32:1f:8c:a4:00:7b:e6:c9:02:0f:e2:e4:90:27:a0:b4:
         83:91:85:f6:52:bd:9b:b9:ef:71:f8:35:99:73:a9:81:b8:d0:
         69:19:ad:d5:30:d5:55:81:59:f6:30:9e:84:20:d5:9e:78:1b:
         62:d8:04:14:84:49:92:15:2f:f0:ec:36:57:52:ba:e9:4f:50:
         75:df:4a:7e:a9:86:55:f7:66:11:c3:fa:b8:53:e0:07:77:3f:
         59:87:93:10:bf:97:a5:9e:ac:a5:f4:12:46:10:a5:11:c1:ab:
         69:3c:86:32:f3:0b:7f:c3:0c:76:bf:b2:8d:29:36:7f:3c:f3:
         79:33:43:47:27:13:b6:80:02:d4:80:ca:32:96:61:7b:ff:59:
         df:aa:ca:9e:7b:34:f1:e3:3e:d3:22:58:0a:87:c5:87:09:0e:
         87:b4:e9:6f:f8:4c:4b:db:0c:1a:39:19:11:7a:6e:14:5c:ef:
         7a:ce:69:69:0c:fc:f4:e9:18:1d:ae:b5:cb:41:51:c9:b8:32:
         3a:9a:b8:44:a3:05:a0:63:20:58:f0:88:d0:e9:46:1f:18:11:
         f4:c3:23:ad:80:7a:bb:90:01:34:a0:0c:e3:67:39:bd:7e:91:
         b5:9d:9d:2f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUAR1ZSo1z4rVMVC1AOX3reELwFNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MTIwNjA2NDBaFw0yNzA0MTEwNjExNDBaMDMxMTAvBgNV
BAMTKDhENUVDQjQ5Qjg4RkUzNzA0Rjk4NDIxNDVFNDQzOTJDNTMyNTJFRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/i8OhaRlkSiZlgjIcp6knxEsd
HM+6C5N/+RlekN5ULpio+jNi7JsMUlZETLl7OBttXOLhG4MD8Tx9UIouvg8yABWh
e2NBPrEeU1Z4HizvCMXz0rCBZfuk+smxMQjL29hQc4y97e/3248heDjmRJlrDMcX
47to0zCxZXrKlADjgY7euwIJWOEB2JOMSkcBvMGnIASPM7nOFUQg+gxO2yM+dclc
UoLzGJXNRiTHNiO650vyYX3PNbMPmEQUg1r7XWxUCAbUASMffP/fjpmvxlvULuAe
MYOr94Y8+9zQjetQirBaa5mwx2besivpxMx87nM/EVpH4kxw9i6m9kZyDVT/AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUjV7LSbiP43BPmEIUXkQ5LFMlLuwwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTk4MjUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQsg
AwQAjQs4MA0GCSqGSIb3DQEBCwUAA4IBAQCVUe6edIyxnjpUvB4lEoOHjAYQlDIf
jKQAe+bJAg/i5JAnoLSDkYX2Ur2bue9x+DWZc6mBuNBpGa3VMNVVgVn2MJ6EINWe
eBti2AQUhEmSFS/w7DZXUrrpT1B130p+qYZV92YRw/q4U+AHdz9Zh5MQv5elnqyl
9BJGEKURwatpPIYy8wt/wwx2v7KNKTZ/PPN5M0NHJxO2gALUgMoylmF7/1nfqsqe
ezTx4z7TIlgKh8WHCQ6HtOlv+ExL2wwaORkRem4UXO96zmlpDPz06RgdrrXLQVHJ
uDI6mrhEowWgYyBY8IjQ6UYfGBH0wyOtgHq7kAE0oAzjZzm9fpG1nZ0v
-----END CERTIFICATE-----