Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216320.roa
File:                     AS216320.roa (raw, json)
Hash identifier:          M8Ua1Erbt8tKVBinnoawd5P3qFu7z7wEXB+tnJcrL0s=
Subject key identifier:   3C:45:D8:2C:72:BC:C3:38:04:63:0E:AB:AF:E2:84:5F:43:ED:A9:E3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       12B174E5EA6E963735CADB3DF21ED51109C8652B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216320.roa
Signing time:             Tue 08 Jul 2025 07:43:08 +0000
ROA not before:           Tue 08 Jul 2025 07:38:08 +0000
ROA not after:            Tue 07 Jul 2026 07:43:08 +0000
asID:                     216320
IP address blocks:        82.21.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:b1:74:e5:ea:6e:96:37:35:ca:db:3d:f2:1e:d5:11:09:c8:65:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  8 07:38:08 2025 GMT
            Not After : Jul  7 07:43:08 2026 GMT
        Subject: CN=3C45D82C72BCC33804630EABAFE2845F43EDA9E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a5:87:19:c6:79:5a:f6:da:44:a6:93:0d:8e:
                    24:62:6c:02:0f:f1:3c:b1:6b:cd:5f:63:63:bf:e0:
                    1f:e2:98:87:45:b8:d6:e1:89:11:d0:44:05:3b:1a:
                    a5:e7:0c:0a:eb:39:16:74:58:f6:4a:6c:b8:09:cb:
                    57:63:a6:6a:88:4c:cb:f6:d1:1a:26:8d:51:5a:91:
                    b7:3e:0d:d9:ff:a9:7a:5d:5d:a8:bc:b1:8b:bb:25:
                    48:4f:e6:1d:f4:70:3a:d0:be:ce:24:ec:d0:d1:3a:
                    0f:86:43:79:36:07:0d:4d:df:71:b4:1d:58:4f:ea:
                    25:ed:fc:85:21:cf:9d:56:33:b2:1d:27:c8:95:f3:
                    fa:0a:66:74:37:59:ed:fc:e3:3b:10:13:25:47:23:
                    25:e7:74:22:8d:f5:5a:ec:38:be:b4:c9:04:51:20:
                    09:03:60:88:34:7a:b6:f3:0c:7c:f1:28:1d:15:1e:
                    11:f5:21:05:02:0d:80:24:06:bf:ee:c7:72:2e:b0:
                    2f:d8:aa:cc:42:71:86:fb:96:04:9d:3b:76:18:41:
                    dc:94:40:02:39:e2:ed:bc:6b:08:45:9f:a4:4d:cb:
                    ae:0d:7b:b5:a5:d3:19:6f:06:0d:3c:b2:3a:69:b7:
                    f4:94:3b:9a:dd:35:3a:4f:d3:32:c3:6d:a8:45:d9:
                    ab:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:45:D8:2C:72:BC:C3:38:04:63:0E:AB:AF:E2:84:5F:43:ED:A9:E3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:45:9d:06:07:1e:16:7e:2c:d1:80:43:42:fc:88:88:6d:59:
         1b:b5:41:36:93:a2:c0:c0:b4:fa:25:2c:83:8f:8c:0b:69:4b:
         d5:57:50:f0:bb:dc:03:92:29:95:9a:24:47:4b:a0:92:d4:e7:
         8c:ce:73:51:ff:bb:96:ee:82:c8:8e:4d:7a:2d:e2:66:e2:7d:
         5c:5f:50:65:b5:23:30:c9:0b:2e:6d:ad:46:97:ac:a0:7c:d7:
         7c:65:ac:86:91:6b:8f:88:d9:30:bf:a0:13:66:81:62:83:94:
         6c:85:c1:dc:b7:dd:b6:73:8a:2f:7b:91:a5:2d:14:41:4f:eb:
         30:33:08:e3:8a:49:0a:21:50:aa:36:4c:47:ba:1f:e0:63:e4:
         25:80:8d:ad:96:fa:14:84:60:e0:e2:33:af:5b:79:09:2a:6b:
         85:b7:0f:85:00:23:5d:88:7f:7f:44:59:90:63:df:45:5a:22:
         c7:bc:77:d9:33:6b:2f:51:f0:71:f5:72:73:71:dc:52:3b:1a:
         f6:5b:a2:49:71:98:9e:c7:6a:89:35:b5:58:3e:78:45:b9:48:
         ce:82:6b:a2:1f:25:c0:75:37:cc:22:28:08:4b:4b:53:b0:e1:
         34:f3:aa:eb:ad:23:f0:2d:19:0d:5f:1c:d5:c1:20:2a:1f:45:
         02:b0:18:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUErF05epuljc1yts98h7VEQnIZSswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDgwNzM4MDhaFw0yNjA3MDcwNzQzMDhaMDMxMTAvBgNV
BAMTKDNDNDVEODJDNzJCQ0MzMzgwNDYzMEVBQkFGRTI4NDVGNDNFREE5RTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkpYcZxnla9tpEppMNjiRibAIP
8Tyxa81fY2O/4B/imIdFuNbhiRHQRAU7GqXnDArrORZ0WPZKbLgJy1djpmqITMv2
0RomjVFakbc+Ddn/qXpdXai8sYu7JUhP5h30cDrQvs4k7NDROg+GQ3k2Bw1N33G0
HVhP6iXt/IUhz51WM7IdJ8iV8/oKZnQ3We384zsQEyVHIyXndCKN9VrsOL60yQRR
IAkDYIg0erbzDHzxKB0VHhH1IQUCDYAkBr/ux3IusC/YqsxCcYb7lgSdO3YYQdyU
QAI54u28awhFn6RNy64Ne7Wl0xlvBg08sjppt/SUO5rdNTpP0zLDbahF2avJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPEXYLHK8wzgEYw6rr+KEX0PtqeMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MzIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhUH
MA0GCSqGSIb3DQEBCwUAA4IBAQBbRZ0GBx4WfizRgENC/IiIbVkbtUE2k6LAwLT6
JSyDj4wLaUvVV1Dwu9wDkimVmiRHS6CS1OeMznNR/7uW7oLIjk16LeJm4n1cX1Bl
tSMwyQsuba1Gl6ygfNd8ZayGkWuPiNkwv6ATZoFig5RshcHct922c4ove5GlLRRB
T+swMwjjikkKIVCqNkxHuh/gY+QlgI2tlvoUhGDg4jOvW3kJKmuFtw+FACNdiH9/
RFmQY99FWiLHvHfZM2svUfBx9XJzcdxSOxr2W6JJcZiex2qJNbVYPnhFuUjOgmui
HyXAdTfMIigIS0tTsOE086rrrSPwLRkNXxzVwSAqH0UCsBiA
-----END CERTIFICATE-----