Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS57974.roa
File:                     AS57974.roa (raw, json)
Hash identifier:          NzP+HJ5fSpFWIMeWp5ra2KkGrOOLJXecG9Al5wE7mck=
Subject key identifier:   A3:D2:9C:CA:2F:00:5F:91:92:3F:1A:6B:F1:EA:2D:48:BB:C3:65:E9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       540161A214AE2C0F3F4DB71F6137872031A5FD04
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS57974.roa
Signing time:             Wed 16 Jul 2025 05:47:17 +0000
ROA not before:           Wed 16 Jul 2025 05:42:17 +0000
ROA not after:            Wed 15 Jul 2026 05:47:17 +0000
asID:                     57974
IP address blocks:        82.21.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:01:61:a2:14:ae:2c:0f:3f:4d:b7:1f:61:37:87:20:31:a5:fd:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 16 05:42:17 2025 GMT
            Not After : Jul 15 05:47:17 2026 GMT
        Subject: CN=A3D29CCA2F005F91923F1A6BF1EA2D48BBC365E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:51:57:41:bb:cc:5d:79:04:98:19:a9:8a:a7:
                    c1:1f:25:3a:a9:f8:e2:10:0b:96:44:d9:42:12:22:
                    56:7c:eb:5a:e9:5b:db:7f:51:88:38:cc:60:3c:e1:
                    c2:3e:c4:91:e8:6e:e9:28:7d:96:b1:11:f0:cb:c8:
                    b2:60:f8:17:2b:98:69:91:e3:29:03:63:42:ea:a2:
                    1f:99:28:23:14:e0:6f:14:0f:3f:48:33:e4:ed:13:
                    04:f4:5b:9c:f8:ae:99:ae:0d:c1:53:54:f4:38:fb:
                    ee:3f:07:e9:5c:61:76:47:39:e4:45:08:c8:38:a7:
                    23:0d:fc:13:8d:04:6a:ed:fa:ac:38:09:86:a0:36:
                    9c:1b:d8:21:55:2a:a5:04:52:c0:ee:7a:0f:0d:c8:
                    7b:62:8b:92:75:6f:0f:b5:b6:32:64:9a:5b:a2:58:
                    02:4c:4d:15:07:18:e2:31:25:d5:9c:ff:4c:8c:31:
                    8c:1e:74:a4:03:c4:b7:61:b7:2c:3c:51:b4:4b:0d:
                    99:a1:60:a9:fc:d6:15:43:22:41:da:7f:d7:49:0f:
                    16:12:0f:8d:0b:16:67:9b:34:81:ad:29:b1:22:a1:
                    40:f8:18:24:1c:29:71:de:e1:73:df:54:ce:84:d7:
                    f8:6a:b6:bf:5a:4a:7d:2d:59:fb:b5:52:a8:81:64:
                    3c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D2:9C:CA:2F:00:5F:91:92:3F:1A:6B:F1:EA:2D:48:BB:C3:65:E9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS57974.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:3f:46:8d:40:72:c2:74:df:f4:f5:5a:3e:c7:54:d8:38:08:
         7b:ec:f8:54:c4:71:6e:89:d8:de:bf:ca:55:9c:45:20:17:95:
         00:8e:2e:04:5c:be:e1:6f:3d:a3:74:2e:74:ae:96:c7:3f:64:
         ba:34:e5:a2:d1:8b:5e:3f:23:51:07:9e:b4:e3:a4:d1:0d:98:
         fd:2f:0f:b4:83:71:a6:d6:ce:47:42:68:37:a3:14:4b:1a:ad:
         16:cd:12:d0:a0:7e:d7:05:bb:fa:25:3b:a5:21:a7:8a:ee:72:
         26:63:ed:e7:33:fd:fc:7b:f3:b0:47:42:ff:44:22:f5:ac:a5:
         c7:cc:5f:41:5f:36:02:39:5c:af:ca:bc:18:2b:e5:3f:70:83:
         c2:c2:f7:00:9f:92:f6:2c:0a:34:2f:a2:b4:b4:da:28:4a:2f:
         e8:77:3d:92:22:a6:2d:2a:74:cc:33:97:7f:af:34:c3:81:02:
         76:9b:b9:8c:1c:0d:c0:bd:20:02:d8:71:d8:36:b4:38:93:e3:
         9e:29:2d:a5:a7:92:c4:ff:6f:44:0f:60:bf:10:b6:ea:31:cf:
         7a:59:2a:a0:dd:42:2d:26:72:78:58:e2:2f:25:7f:df:34:9d:
         64:78:a4:8c:48:84:79:33:6f:aa:a8:a8:99:e0:cf:c3:92:e3:
         58:16:83:05
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVAFhohSuLA8/TbcfYTeHIDGl/QQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTYwNTQyMTdaFw0yNjA3MTUwNTQ3MTdaMDMxMTAvBgNV
BAMTKEEzRDI5Q0NBMkYwMDVGOTE5MjNGMUE2QkYxRUEyRDQ4QkJDMzY1RTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMUVdBu8xdeQSYGamKp8EfJTqp
+OIQC5ZE2UISIlZ861rpW9t/UYg4zGA84cI+xJHobukofZaxEfDLyLJg+BcrmGmR
4ykDY0Lqoh+ZKCMU4G8UDz9IM+TtEwT0W5z4rpmuDcFTVPQ4++4/B+lcYXZHOeRF
CMg4pyMN/BONBGrt+qw4CYagNpwb2CFVKqUEUsDueg8NyHtii5J1bw+1tjJkmlui
WAJMTRUHGOIxJdWc/0yMMYwedKQDxLdhtyw8UbRLDZmhYKn81hVDIkHaf9dJDxYS
D40LFmebNIGtKbEioUD4GCQcKXHe4XPfVM6E1/hqtr9aSn0tWfu1UqiBZDwdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUo9Kcyi8AX5GSPxpr8eotSLvDZekwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTc5NzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFTIw
DQYJKoZIhvcNAQELBQADggEBACI/Ro1AcsJ03/T1Wj7HVNg4CHvs+FTEcW6J2N6/
ylWcRSAXlQCOLgRcvuFvPaN0LnSulsc/ZLo05aLRi14/I1EHnrTjpNENmP0vD7SD
cabWzkdCaDejFEsarRbNEtCgftcFu/olO6Uhp4ruciZj7ecz/fx787BHQv9EIvWs
pcfMX0FfNgI5XK/KvBgr5T9wg8LC9wCfkvYsCjQvorS02ihKL+h3PZIipi0qdMwz
l3+vNMOBAnabuYwcDcC9IALYcdg2tDiT454pLaWnksT/b0QPYL8Qtuoxz3pZKqDd
Qi0mcnhY4i8lf980nWR4pIxIhHkzb6qoqJngz8OS41gWgwU=
-----END CERTIFICATE-----