Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS198250.roa
File:                     AS198250.roa (raw, json)
Hash identifier:          zncGgbkm4yqQZuIpPA1JOh15gL+wK5bAyoSgNSn886o=
Subject key identifier:   56:53:26:71:B7:7C:C2:35:2D:72:9D:2B:20:72:6A:1A:93:EA:4A:18
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       3B9AD2735A84C0DB483AD7969D5FD25EB5ADEE23
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS198250.roa
Signing time:             Mon 13 Apr 2026 13:25:17 +0000
ROA not before:           Mon 13 Apr 2026 13:20:17 +0000
ROA not after:            Mon 12 Apr 2027 13:25:17 +0000
asID:                     198250
IP address blocks:        147.125.137.0/24 maxlen: 24
                          147.125.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:37:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:9a:d2:73:5a:84:c0:db:48:3a:d7:96:9d:5f:d2:5e:b5:ad:ee:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 13 13:20:17 2026 GMT
            Not After : Apr 12 13:25:17 2027 GMT
        Subject: CN=56532671B77CC2352D729D2B20726A1A93EA4A18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:85:06:ae:2f:ba:6a:95:2b:97:9a:99:a5:53:
                    53:44:fa:2c:56:0e:01:59:73:87:46:32:2b:48:72:
                    b9:85:67:0b:a6:79:50:eb:f1:b6:8c:f1:06:47:e1:
                    49:e8:a8:12:82:ff:92:1e:7f:33:60:ca:77:51:62:
                    cc:ec:c6:44:4d:da:7f:22:b0:fc:05:ba:cf:5a:c2:
                    fd:1b:49:10:cf:b7:c5:14:2a:62:62:80:98:46:4c:
                    0b:d8:38:ba:a2:1d:9d:a3:f8:9e:e3:b4:ac:31:ca:
                    61:59:2a:64:b9:c4:94:da:d7:69:ee:c4:95:62:d6:
                    e3:92:e6:05:6b:15:0f:1c:36:7e:92:6f:17:6a:c8:
                    e5:74:33:0c:4f:80:74:79:ac:6c:bd:8a:e8:57:65:
                    30:a0:8a:0f:6d:cb:6b:79:04:5d:f1:28:8b:31:57:
                    bf:34:41:77:80:a4:28:1e:52:4e:97:97:4b:e9:18:
                    e4:b3:cc:a2:77:f7:98:1a:99:bd:4b:fd:2d:58:d3:
                    92:c3:e9:d2:03:2a:a0:9a:c6:33:4f:cb:88:d0:78:
                    36:ee:08:15:17:7c:73:56:d3:60:37:4d:4f:43:b9:
                    cc:b2:55:83:fa:f3:e5:14:58:87:68:c6:40:61:fe:
                    f8:3c:63:aa:dd:bf:f4:9e:54:01:ae:36:3b:e8:18:
                    f2:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:53:26:71:B7:7C:C2:35:2D:72:9D:2B:20:72:6A:1A:93:EA:4A:18
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS198250.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.137.0-147.125.138.255

    Signature Algorithm: sha256WithRSAEncryption
         22:7f:73:d4:1c:74:d2:a8:c5:74:df:c6:2f:26:5d:74:e8:c5:
         5a:73:41:c6:1d:00:39:43:00:3c:ed:33:62:41:7e:dc:22:27:
         06:dc:80:0b:5e:ed:8f:97:91:05:af:52:3c:00:53:b9:10:df:
         d6:e2:51:e3:68:66:f3:cd:60:83:7b:5c:4c:3c:71:2f:12:45:
         48:5b:f7:18:cc:aa:e0:ac:c5:f2:61:8c:5d:8c:df:36:36:05:
         cd:46:df:f9:7f:d2:2e:ec:ec:bc:22:75:d1:49:99:ad:c3:58:
         2d:10:62:4d:84:ea:38:03:d8:9d:a7:60:bb:9d:30:33:9f:b7:
         80:bc:49:75:fb:ad:5b:55:00:3f:90:31:4d:c8:5e:50:7a:9c:
         53:de:57:97:e6:58:fe:b7:d8:1c:28:0a:a4:92:77:a3:e5:3c:
         08:53:93:a2:be:3d:a7:06:ef:d3:5c:8b:c8:12:c3:d5:cf:7b:
         dc:bd:64:ce:0d:2b:e1:ad:66:b9:1f:e0:28:ba:bf:e9:be:26:
         41:5b:f4:d9:41:f4:8f:9c:ec:f0:9f:a9:db:24:14:54:b2:22:
         30:97:28:a6:bc:1c:c6:58:26:c3:5d:b2:98:e4:7d:92:0f:de:
         d7:8d:b6:e9:cc:14:f2:56:ff:a3:9c:52:61:6a:95:06:e7:54:
         cb:30:9d:8e
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUO5rSc1qEwNtIOteWnV/SXrWt7iMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MTMxMzIwMTdaFw0yNzA0MTIxMzI1MTdaMDMxMTAvBgNV
BAMTKDU2NTMyNjcxQjc3Q0MyMzUyRDcyOUQyQjIwNzI2QTFBOTNFQTRBMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzhQauL7pqlSuXmpmlU1NE+ixW
DgFZc4dGMitIcrmFZwumeVDr8baM8QZH4UnoqBKC/5IefzNgyndRYszsxkRN2n8i
sPwFus9awv0bSRDPt8UUKmJigJhGTAvYOLqiHZ2j+J7jtKwxymFZKmS5xJTa12nu
xJVi1uOS5gVrFQ8cNn6SbxdqyOV0MwxPgHR5rGy9iuhXZTCgig9ty2t5BF3xKIsx
V780QXeApCgeUk6Xl0vpGOSzzKJ395gamb1L/S1Y05LD6dIDKqCaxjNPy4jQeDbu
CBUXfHNW02A3TU9DucyyVYP68+UUWIdoxkBh/vg8Y6rdv/SeVAGuNjvoGPL1AgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUVlMmcbd8wjUtcp0rIHJqGpPqShgwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMTk4MjUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACT
fYkDBACTfYowDQYJKoZIhvcNAQELBQADggEBACJ/c9QcdNKoxXTfxi8mXXToxVpz
QcYdADlDADztM2JBftwiJwbcgAte7Y+XkQWvUjwAU7kQ39biUeNoZvPNYIN7XEw8
cS8SRUhb9xjMquCsxfJhjF2M3zY2Bc1G3/l/0i7s7LwiddFJma3DWC0QYk2E6jgD
2J2nYLudMDOft4C8SXX7rVtVAD+QMU3IXlB6nFPeV5fmWP632BwoCqSSd6PlPAhT
k6K+PacG79Nci8gSw9XPe9y9ZM4NK+GtZrkf4Ci6v+m+JkFb9NlB9I+c7PCfqdsk
FFSyIjCXKKa8HMZYJsNdspjkfZIP3teNtunMFPJW/6OcUmFqlQbnVMswnY4=
-----END CERTIFICATE-----