Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          P6IahrkjITyKb4aEQkp57Y3jgcJgDE5nRXB8Ok8dr2g=
Subject key identifier:   13:D6:B0:A6:67:D6:6C:9D:38:5C:45:C2:C7:81:C9:32:8A:E5:C5:51
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       649EC6D9C263208C1F37516E6B1E966DEEF9DF72
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa
Signing time:             Sun 01 Mar 2026 10:00:37 +0000
ROA not before:           Sun 01 Mar 2026 09:55:37 +0000
ROA not after:            Sun 28 Feb 2027 10:00:37 +0000
asID:                     25198
IP address blocks:        143.20.52.0/24 maxlen: 24
                          143.20.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:9e:c6:d9:c2:63:20:8c:1f:37:51:6e:6b:1e:96:6d:ee:f9:df:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar  1 09:55:37 2026 GMT
            Not After : Feb 28 10:00:37 2027 GMT
        Subject: CN=13D6B0A667D66C9D385C45C2C781C9328AE5C551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:db:89:dd:e5:6a:78:ba:bf:95:d6:f8:df:59:
                    72:bb:1b:5b:7a:8e:ad:b0:08:32:5b:97:2f:aa:3b:
                    e3:40:13:09:0f:72:5c:cd:55:0a:f2:f7:f9:e4:d1:
                    12:f2:3c:6b:fd:ea:11:f3:cd:e9:c6:38:5a:45:e1:
                    a6:68:3b:dc:25:26:a7:e2:7d:60:63:b9:11:64:53:
                    3b:e9:8d:d5:66:db:99:18:1a:cb:9b:e8:2a:8a:9e:
                    a7:83:07:e0:ad:ac:9c:0b:b9:ac:e9:2b:6a:1a:d8:
                    f5:a1:9c:a1:64:d1:b9:1f:35:78:3c:91:15:cf:7b:
                    5a:99:c3:06:c9:9e:66:29:5a:96:f5:64:1c:22:7d:
                    f3:ff:05:b6:75:0d:e7:70:55:dc:c9:42:d9:17:5f:
                    99:52:c9:ea:59:08:38:04:7d:66:98:b9:c3:70:d6:
                    e0:2d:71:50:92:4d:ba:ee:e9:19:82:84:d8:fe:c7:
                    eb:51:77:38:16:cb:a4:40:9f:c6:3f:ba:5d:b5:61:
                    9f:ff:42:91:90:72:ea:ad:08:36:91:93:ed:6e:1a:
                    1a:21:51:dd:d6:b8:52:53:6c:6c:c5:17:e6:19:10:
                    cb:44:19:49:23:37:8c:bf:53:69:ea:0d:30:14:8c:
                    04:e4:99:39:71:00:6b:b2:0f:52:84:b5:fe:a5:01:
                    36:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D6:B0:A6:67:D6:6C:9D:38:5C:45:C2:C7:81:C9:32:8A:E5:C5:51
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.52.0/24
                  143.20.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:eb:dc:28:b1:d4:0c:f6:4b:51:78:9c:32:87:27:99:33:c3:
         37:8b:a3:c3:e0:88:7f:3b:b5:ef:0f:76:29:2b:f4:9e:12:bd:
         11:40:1e:fc:85:aa:28:3d:37:00:7d:32:46:7c:05:4e:7d:58:
         5d:bc:2c:0a:b2:07:4b:66:c6:25:85:f1:f3:74:d0:c8:9c:3d:
         fc:03:26:ec:0b:d0:c0:b7:b0:9e:3d:c4:09:dc:86:ba:37:7a:
         ac:8b:9f:02:df:f2:5d:59:5d:2a:c6:0f:25:f8:a6:57:6a:52:
         c0:61:33:a9:59:31:00:cb:54:31:6c:ee:8a:d1:ab:cf:f9:90:
         b2:84:81:85:31:d4:14:f3:43:f2:88:96:86:3a:96:6a:30:ec:
         9e:7c:bd:2f:87:ff:95:fc:38:86:bd:b7:83:0e:d8:ea:53:86:
         3b:38:4e:fc:c5:b1:d1:37:da:4a:d8:fc:74:af:ec:80:7b:95:
         08:22:a7:22:e1:5a:5d:d8:c3:96:d4:9d:4e:86:8d:f6:27:e0:
         3f:67:02:26:9e:a0:3b:3e:19:fb:19:54:6c:c0:f4:40:60:02:
         ff:e2:ea:11:ec:07:b3:dd:87:0a:02:27:33:05:42:e6:16:c2:
         20:4d:40:53:3a:14:b5:b3:05:15:50:54:44:6a:f7:de:a1:26:
         5c:21:8b:1d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUZJ7G2cJjIIwfN1Fuax6Wbe7533IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMDEwOTU1MzdaFw0yNzAyMjgxMDAwMzdaMDMxMTAvBgNV
BAMTKDEzRDZCMEE2NjdENjZDOUQzODVDNDVDMkM3ODFDOTMyOEFFNUM1NTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC524nd5Wp4ur+V1vjfWXK7G1t6
jq2wCDJbly+qO+NAEwkPclzNVQry9/nk0RLyPGv96hHzzenGOFpF4aZoO9wlJqfi
fWBjuRFkUzvpjdVm25kYGsub6CqKnqeDB+CtrJwLuazpK2oa2PWhnKFk0bkfNXg8
kRXPe1qZwwbJnmYpWpb1ZBwiffP/BbZ1DedwVdzJQtkXX5lSyepZCDgEfWaYucNw
1uAtcVCSTbru6RmChNj+x+tRdzgWy6RAn8Y/ul21YZ//QpGQcuqtCDaRk+1uGhoh
Ud3WuFJTbGzFF+YZEMtEGUkjN4y/U2nqDTAUjATkmTlxAGuyD1KEtf6lATY3AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUE9awpmfWbJ04XEXCx4HJMorlxVEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFDQD
BACPFEEwDQYJKoZIhvcNAQELBQADggEBAJ7r3Cix1Az2S1F4nDKHJ5kzwzeLo8Pg
iH87te8Pdikr9J4SvRFAHvyFqig9NwB9MkZ8BU59WF28LAqyB0tmxiWF8fN00Mic
PfwDJuwL0MC3sJ49xAnchro3eqyLnwLf8l1ZXSrGDyX4pldqUsBhM6lZMQDLVDFs
7orRq8/5kLKEgYUx1BTzQ/KIloY6lmow7J58vS+H/5X8OIa9t4MO2OpThjs4TvzF
sdE32krY/HSv7IB7lQgipyLhWl3Yw5bUnU6GjfYn4D9nAiaeoDs+GfsZVGzA9EBg
Av/i6hHsB7PdhwoCJzMFQuYWwiBNQFM6FLWzBRVQVERq996hJlwhix0=
-----END CERTIFICATE-----