Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          DBRdenFVdpSotVHlD89DyD0orFUXXw52nhWDcsHl5cQ=
Subject key identifier:   C0:C1:96:7F:4B:A9:15:40:3D:4D:29:21:15:87:7B:7E:9B:4A:DD:EA
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       47313B5D5EDF6054EB478B1BD6BF62B12B7A1095
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS25198.roa
Signing time:             Sun 01 Mar 2026 07:40:32 +0000
ROA not before:           Sun 01 Mar 2026 07:35:32 +0000
ROA not after:            Sun 28 Feb 2027 07:40:32 +0000
asID:                     25198
IP address blocks:        92.113.45.0/24 maxlen: 24
                          92.113.56.0/24 maxlen: 24
                          92.113.57.0/24 maxlen: 24
                          92.113.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:31:3b:5d:5e:df:60:54:eb:47:8b:1b:d6:bf:62:b1:2b:7a:10:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar  1 07:35:32 2026 GMT
            Not After : Feb 28 07:40:32 2027 GMT
        Subject: CN=C0C1967F4BA915403D4D292115877B7E9B4ADDEA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6c:4c:29:1a:c0:ea:33:0e:cb:fb:57:54:ed:
                    06:a8:4d:6e:08:52:5a:36:1f:04:e7:84:08:37:aa:
                    8b:06:36:36:62:95:72:8c:be:83:52:e0:f2:ea:42:
                    0f:23:6a:57:ff:12:cf:c3:d4:30:6b:79:f5:c9:fe:
                    bf:84:6c:19:37:8c:b1:3a:9f:ea:59:22:00:03:ec:
                    b3:bf:4d:3f:e3:75:ce:62:6c:e0:b0:62:32:16:51:
                    f1:1c:22:f6:00:26:ef:53:7a:6d:52:1b:f3:33:f5:
                    ff:cf:36:47:c2:1a:00:30:da:66:52:b3:32:7f:99:
                    41:76:be:0b:eb:77:10:2a:b9:6a:3e:d2:fc:99:4f:
                    f2:cc:66:f1:9b:e8:23:ef:5e:19:44:19:71:d7:94:
                    1b:e4:52:5b:e0:55:3d:b8:73:a4:71:14:e8:a0:35:
                    ce:88:c0:1a:7b:d1:c0:1c:17:c0:f8:a8:86:78:24:
                    8b:db:b8:fd:58:75:3e:7a:f0:01:00:42:d1:da:ff:
                    6b:86:b7:7e:15:58:12:57:f3:a4:c7:ef:dc:60:65:
                    96:2c:92:0f:76:26:e8:47:af:ab:28:cb:c8:a8:6d:
                    4f:36:76:63:36:0c:87:71:eb:9e:3e:e6:68:60:1a:
                    a6:88:7a:d9:bc:22:97:51:2b:b9:53:28:60:d7:2b:
                    e3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C1:96:7F:4B:A9:15:40:3D:4D:29:21:15:87:7B:7E:9B:4A:DD:EA
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.45.0/24
                  92.113.56.0/23
                  92.113.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:b7:9b:14:de:01:4a:cf:30:34:74:d3:28:46:72:77:75:98:
         bf:ba:32:25:22:1a:ea:40:8e:82:9f:04:3c:f5:ac:0e:39:00:
         d4:4d:df:2c:bf:fb:ee:7d:ef:1b:7b:d7:ca:a2:9d:54:ab:aa:
         e8:3e:c9:41:6b:a3:99:0e:1e:6f:c9:5b:1f:ec:79:df:89:8b:
         a4:a0:c5:bd:0a:57:ce:31:fe:8e:b5:66:90:37:15:77:af:bb:
         96:e8:fa:cc:a7:f2:69:29:45:0c:33:a4:e2:2b:a5:cc:8c:98:
         92:3a:79:c2:7a:a2:5b:73:f2:8c:20:f1:da:69:07:07:09:19:
         64:53:73:d5:93:8d:3e:2e:bb:b6:45:9e:d8:25:a8:03:6e:8d:
         b8:01:87:38:9f:36:96:b1:28:e9:eb:77:99:d0:90:4b:0e:66:
         19:e2:a9:10:cb:11:c3:ad:15:ce:fd:4f:48:95:87:3a:8b:2c:
         71:a0:c5:15:e9:cc:3b:34:75:18:55:07:b6:2f:7a:2f:4a:ef:
         74:ab:d6:99:8b:e5:d9:c1:e5:c6:a1:aa:2c:70:ae:34:7e:b4:
         43:a5:82:1f:dc:d2:89:ce:69:15:ed:05:65:86:fe:77:0a:85:
         38:0a:24:46:b8:88:78:28:94:ea:da:36:14:44:83:19:0b:92:
         63:8a:87:2f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIURzE7XV7fYFTrR4sb1r9isSt6EJUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMDEwNzM1MzJaFw0yNzAyMjgwNzQwMzJaMDMxMTAvBgNV
BAMTKEMwQzE5NjdGNEJBOTE1NDAzRDREMjkyMTE1ODc3QjdFOUI0QURERUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTbEwpGsDqMw7L+1dU7QaoTW4I
Ulo2HwTnhAg3qosGNjZilXKMvoNS4PLqQg8jalf/Es/D1DBrefXJ/r+EbBk3jLE6
n+pZIgAD7LO/TT/jdc5ibOCwYjIWUfEcIvYAJu9Tem1SG/Mz9f/PNkfCGgAw2mZS
szJ/mUF2vgvrdxAquWo+0vyZT/LMZvGb6CPvXhlEGXHXlBvkUlvgVT24c6RxFOig
Nc6IwBp70cAcF8D4qIZ4JIvbuP1YdT568AEAQtHa/2uGt34VWBJX86TH79xgZZYs
kg92JuhHr6soy8iobU82dmM2DIdx654+5mhgGqaIetm8IpdRK7lTKGDXK+NjAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUwMGWf0upFUA9TSkhFYd7fptK3eowHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABccS0D
BAFccTgDBABccTswDQYJKoZIhvcNAQELBQADggEBAIy3mxTeAUrPMDR00yhGcnd1
mL+6MiUiGupAjoKfBDz1rA45ANRN3yy/++597xt718qinVSrqug+yUFro5kOHm/J
Wx/sed+Ji6Sgxb0KV84x/o61ZpA3FXevu5bo+syn8mkpRQwzpOIrpcyMmJI6ecJ6
oltz8owg8dppBwcJGWRTc9WTjT4uu7ZFntglqANujbgBhzifNpaxKOnrd5nQkEsO
ZhniqRDLEcOtFc79T0iVhzqLLHGgxRXpzDs0dRhVB7Yvei9K73Sr1pmL5dnB5cah
qixwrjR+tEOlgh/c0onOaRXtBWWG/ncKhTgKJEa4iHgolOraNhREgxkLkmOKhy8=
-----END CERTIFICATE-----