Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199176.roa
File:                     AS199176.roa (raw, json)
Hash identifier:          JROujyX34g9877Ln3dTVBsHFFFddlyNPlnHbBeQ/hUA=
Subject key identifier:   A6:0A:8E:03:19:A1:AA:95:48:5F:CB:27:19:A2:1B:21:1F:F6:81:71
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7A1938F0C144356D032D8CEF7FAE7AC7BDCD897C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199176.roa
Signing time:             Tue 02 Jun 2026 16:20:40 +0000
ROA not before:           Tue 02 Jun 2026 16:15:40 +0000
ROA not after:            Tue 01 Jun 2027 16:20:40 +0000
asID:                     199176
IP address blocks:        91.124.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:19:38:f0:c1:44:35:6d:03:2d:8c:ef:7f:ae:7a:c7:bd:cd:89:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  2 16:15:40 2026 GMT
            Not After : Jun  1 16:20:40 2027 GMT
        Subject: CN=A60A8E0319A1AA95485FCB2719A21B211FF68171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3b:55:c0:10:eb:9d:15:4e:94:ff:21:fd:99:
                    1c:bd:be:84:f0:e1:93:83:c1:88:4e:c3:3a:57:d5:
                    54:51:70:d2:83:b6:cf:99:f5:9c:5a:af:e3:ed:e1:
                    22:38:0f:9f:62:aa:fc:7f:d1:80:2c:f4:80:3e:34:
                    bd:2a:41:1f:24:48:6a:a7:bd:0c:11:3e:4b:4e:0b:
                    9a:6c:23:79:19:eb:bd:95:10:f2:66:80:b5:81:12:
                    91:2d:ea:76:8d:55:4c:d6:d0:87:5d:d7:67:3d:1b:
                    4c:55:6b:c8:56:8c:51:6b:b7:62:36:8d:0c:fd:36:
                    d0:cd:b2:a1:18:21:c4:a5:ca:50:5d:8a:ac:4e:6d:
                    e5:c8:87:40:fa:9c:23:ff:5c:51:49:2c:fc:79:f0:
                    ff:c5:9b:2f:dd:2c:98:06:45:d3:fd:e2:39:f8:e0:
                    cb:44:eb:a6:f9:44:ad:5f:ba:59:cb:16:e5:d2:1b:
                    64:3a:b9:36:8d:51:1d:2c:1c:1e:c3:50:59:e6:e2:
                    87:63:a1:06:31:07:e8:05:2e:0e:6d:4c:82:33:95:
                    f6:e0:98:19:4a:8e:0f:f8:19:61:f1:a8:8a:0a:e6:
                    e7:3d:80:f1:4f:3b:12:6a:a8:d5:4c:22:84:51:a6:
                    c0:24:4f:55:66:ee:c3:31:3e:65:5d:89:e1:5b:10:
                    0a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:0A:8E:03:19:A1:AA:95:48:5F:CB:27:19:A2:1B:21:1F:F6:81:71
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199176.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:77:41:94:58:94:bc:46:bb:2f:f3:17:56:c6:75:8e:f0:b3:
         84:7e:d6:ff:44:42:0f:4b:d9:f3:16:96:58:4f:fc:63:09:71:
         2d:85:86:73:a8:e1:93:df:7a:4b:89:53:a9:77:60:a3:81:c8:
         2c:ab:c4:7d:c0:c4:32:3e:4a:07:20:fd:1f:05:12:fc:64:24:
         a0:16:c9:2f:c2:f8:cc:e3:09:c2:6e:81:78:22:45:22:08:c4:
         99:e0:94:48:75:a1:d2:5b:cc:c2:f4:e7:2f:95:2b:a8:bd:d4:
         e5:31:a3:4d:2a:72:0b:f5:1b:ef:ad:30:70:27:ac:f5:1f:92:
         99:ff:be:29:c9:2c:96:c2:a8:a1:35:3e:83:96:e3:fa:df:92:
         8f:bd:3a:b6:e5:9f:1e:fa:71:bc:af:ed:58:1e:12:a3:5f:f1:
         bd:fc:1a:86:6b:8d:ed:48:86:af:e7:98:ff:c4:4d:73:11:c9:
         ef:3a:d2:63:f0:1b:78:f0:d2:59:19:af:69:e2:00:55:7b:8d:
         20:e3:92:c3:0b:e2:d9:28:de:73:39:32:53:17:b5:58:35:e2:
         b7:7e:1a:57:ff:34:da:15:5c:ae:ca:94:ab:da:3b:ca:7a:d3:
         53:db:27:d8:46:f2:bf:e1:02:14:42:e2:09:11:5b:00:25:4c:
         24:76:06:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUehk48MFENW0DLYzvf656x73NiXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDIxNjE1NDBaFw0yNzA2MDExNjIwNDBaMDMxMTAvBgNV
BAMTKEE2MEE4RTAzMTlBMUFBOTU0ODVGQ0IyNzE5QTIxQjIxMUZGNjgxNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsO1XAEOudFU6U/yH9mRy9voTw
4ZODwYhOwzpX1VRRcNKDts+Z9Zxar+Pt4SI4D59iqvx/0YAs9IA+NL0qQR8kSGqn
vQwRPktOC5psI3kZ672VEPJmgLWBEpEt6naNVUzW0Idd12c9G0xVa8hWjFFrt2I2
jQz9NtDNsqEYIcSlylBdiqxObeXIh0D6nCP/XFFJLPx58P/Fmy/dLJgGRdP94jn4
4MtE66b5RK1fulnLFuXSG2Q6uTaNUR0sHB7DUFnm4odjoQYxB+gFLg5tTIIzlfbg
mBlKjg/4GWHxqIoK5uc9gPFPOxJqqNVMIoRRpsAkT1Vm7sMxPmVdieFbEAofAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpgqOAxmhqpVIX8snGaIbIR/2gXEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk5MTc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3wc
MA0GCSqGSIb3DQEBCwUAA4IBAQCsd0GUWJS8Rrsv8xdWxnWO8LOEftb/REIPS9nz
FpZYT/xjCXEthYZzqOGT33pLiVOpd2Cjgcgsq8R9wMQyPkoHIP0fBRL8ZCSgFskv
wvjM4wnCboF4IkUiCMSZ4JRIdaHSW8zC9OcvlSuovdTlMaNNKnIL9RvvrTBwJ6z1
H5KZ/74pySyWwqihNT6DluP635KPvTq25Z8e+nG8r+1YHhKjX/G9/BqGa43tSIav
55j/xE1zEcnvOtJj8Bt48NJZGa9p4gBVe40g45LDC+LZKN5zOTJTF7VYNeK3fhpX
/zTaFVyuypSr2jvKetNT2yfYRvK/4QIUQuIJEVsAJUwkdgZ8
-----END CERTIFICATE-----