Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa
File:                     AS214693.roa (raw, json)
Hash identifier:          0gdtQaBOwZ0XPPcxH+eN9K6YtlHXkNh1/LorXw/GGH0=
Subject key identifier:   29:CE:54:66:8F:67:80:F9:A6:0D:D9:2F:96:7D:57:70:66:EF:3D:EE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       481F6AC302635029362ACC7D7CA71A2EB09C1B4F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa
Signing time:             Wed 16 Jul 2025 17:29:54 +0000
ROA not before:           Wed 16 Jul 2025 17:24:54 +0000
ROA not after:            Wed 15 Jul 2026 17:29:54 +0000
asID:                     214693
IP address blocks:        82.22.200.0/24 maxlen: 24
                          2a13:9500:af::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:1f:6a:c3:02:63:50:29:36:2a:cc:7d:7c:a7:1a:2e:b0:9c:1b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 16 17:24:54 2025 GMT
            Not After : Jul 15 17:29:54 2026 GMT
        Subject: CN=29CE54668F6780F9A60DD92F967D577066EF3DEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:81:f0:e2:28:79:5f:0a:2b:74:99:63:92:53:
                    b9:f6:e0:bc:95:45:b4:12:72:23:47:fa:aa:b0:fb:
                    c8:29:c4:89:36:55:c8:6d:70:32:77:ba:70:e6:e1:
                    70:48:d4:2c:04:5d:c8:11:89:fe:dd:49:e3:71:16:
                    89:74:39:43:3d:ca:13:a6:af:04:d3:c1:f8:79:73:
                    6d:a1:94:22:07:49:0c:9c:9b:0b:0e:51:9b:11:ca:
                    56:e5:00:35:99:95:b5:e5:9b:51:bd:0b:31:ba:ec:
                    0c:cc:d7:62:0b:80:e7:a4:4c:d7:9f:72:87:af:79:
                    31:7b:6e:d5:fd:b0:32:7f:f6:79:39:29:63:79:e4:
                    80:29:e4:98:fd:ca:7f:7c:3d:8a:04:86:d5:08:d6:
                    4e:2e:c4:c0:6d:24:0f:95:a6:0f:ef:b5:65:ad:2e:
                    bc:42:f6:15:d9:6c:0d:96:7f:b0:ae:15:be:4a:48:
                    7f:d1:66:b8:9f:92:5c:2d:99:cb:10:17:39:4d:bc:
                    95:bb:91:98:6d:16:4b:3b:65:9f:14:2f:fe:01:ab:
                    00:2c:df:b2:ec:a7:a9:51:18:06:ce:2a:ab:9e:8f:
                    ac:69:89:fc:53:7b:1c:31:e8:32:2e:fc:bd:59:ad:
                    86:87:71:a1:8c:54:7f:c4:25:70:dc:b4:75:d8:21:
                    e3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:CE:54:66:8F:67:80:F9:A6:0D:D9:2F:96:7D:57:70:66:EF:3D:EE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.200.0/24
                IPv6:
                  2a13:9500:af::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:09:27:57:72:18:5d:2a:ac:e4:0c:06:f8:db:a0:5c:7c:0f:
         3c:85:b8:8a:66:1b:35:dc:5a:95:75:53:f2:97:ef:40:02:17:
         68:a9:c9:3f:3b:55:2e:1d:5f:8e:e5:12:f4:7e:8b:9c:24:0b:
         3d:f5:fd:ab:a9:b6:a8:6c:d6:29:03:4d:f7:2c:8b:9b:05:81:
         59:be:01:ce:c8:1d:11:8c:b4:51:f6:bf:7c:bb:7b:93:9f:b5:
         18:e1:4c:7c:a8:66:a7:3c:b3:0f:9c:1f:73:17:a0:9c:26:84:
         72:ca:93:96:57:9b:21:43:2b:9f:51:7c:8f:ea:75:93:f2:75:
         6e:e5:14:63:60:14:21:f8:2e:3a:b2:01:dc:3c:17:64:5b:e7:
         69:65:24:e4:17:d4:c6:7c:4a:a2:88:1b:cd:37:51:f7:8a:19:
         96:26:b8:ee:30:91:ea:6c:80:9b:34:a1:be:a3:a5:a6:ab:90:
         bc:9d:5d:af:63:65:51:cb:b4:0e:be:50:3b:37:00:bb:27:3d:
         c8:2c:74:b4:90:1e:9b:f2:71:45:6d:a1:e4:a8:bd:1c:75:3b:
         85:d9:7b:83:aa:8c:05:b7:af:61:74:2f:76:51:dd:cf:67:b0:
         12:d5:18:ad:c7:c3:6c:95:59:26:88:49:fb:61:36:3e:f2:9a:
         61:43:46:f5
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUSB9qwwJjUCk2Ksx9fKcaLrCcG08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTYxNzI0NTRaFw0yNjA3MTUxNzI5NTRaMDMxMTAvBgNV
BAMTKDI5Q0U1NDY2OEY2NzgwRjlBNjBERDkyRjk2N0Q1NzcwNjZFRjNERUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCogfDiKHlfCit0mWOSU7n24LyV
RbQSciNH+qqw+8gpxIk2VchtcDJ3unDm4XBI1CwEXcgRif7dSeNxFol0OUM9yhOm
rwTTwfh5c22hlCIHSQycmwsOUZsRylblADWZlbXlm1G9CzG67AzM12ILgOekTNef
coeveTF7btX9sDJ/9nk5KWN55IAp5Jj9yn98PYoEhtUI1k4uxMBtJA+Vpg/vtWWt
LrxC9hXZbA2Wf7CuFb5KSH/RZrifklwtmcsQFzlNvJW7kZhtFks7ZZ8UL/4BqwAs
37Lsp6lRGAbOKquej6xpifxTexwx6DIu/L1ZrYaHcaGMVH/EJXDctHXYIeNhAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUKc5UZo9ngPmmDdkvln1XcGbvPe4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhbI
MA8EAgACMAkDBwAqE5UAAK8wDQYJKoZIhvcNAQELBQADggEBABAJJ1dyGF0qrOQM
BvjboFx8DzyFuIpmGzXcWpV1U/KX70ACF2ipyT87VS4dX47lEvR+i5wkCz31/aup
tqhs1ikDTfcsi5sFgVm+Ac7IHRGMtFH2v3y7e5OftRjhTHyoZqc8sw+cH3MXoJwm
hHLKk5ZXmyFDK59RfI/qdZPydW7lFGNgFCH4LjqyAdw8F2Rb52llJOQX1MZ8SqKI
G803UfeKGZYmuO4wkepsgJs0ob6jpaarkLydXa9jZVHLtA6+UDs3ALsnPcgsdLSQ
HpvycUVtoeSovRx1O4XZe4OqjAW3r2F0L3ZR3c9nsBLVGK3Hw2yVWSaISfthNj7y
mmFDRvU=
-----END CERTIFICATE-----