Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS216138.roa
File:                     AS216138.roa (raw, json)
Hash identifier:          C7rcV7oiPlI+oPnXML1Ct/QhSn1j0eN8y938N5o2x0c=
Subject key identifier:   26:EE:9B:12:E4:81:79:5E:D9:EE:23:72:25:7C:C8:D9:B8:93:20:38
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       5E2797B7CCB08AD22D5CE2C8ED48767C2EC896B1
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS216138.roa
Signing time:             Tue 19 May 2026 10:02:02 +0000
ROA not before:           Tue 19 May 2026 09:57:02 +0000
ROA not after:            Tue 18 May 2027 10:02:02 +0000
asID:                     216138
IP address blocks:        82.139.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:27:97:b7:cc:b0:8a:d2:2d:5c:e2:c8:ed:48:76:7c:2e:c8:96:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 19 09:57:02 2026 GMT
            Not After : May 18 10:02:02 2027 GMT
        Subject: CN=26EE9B12E481795ED9EE2372257CC8D9B8932038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:75:5c:18:26:fd:9a:a7:8d:85:e8:b8:5d:6e:
                    f9:9e:6e:8c:d4:f9:d9:23:86:fd:50:3d:d4:c2:0b:
                    da:5d:f9:85:37:92:fd:a3:a0:a1:2c:e7:01:fe:c8:
                    1f:41:97:07:c9:58:7e:2f:33:2c:ae:83:df:9a:f7:
                    a3:fd:29:f3:6c:6c:db:eb:2a:f1:f9:b6:05:4f:10:
                    87:a5:cf:d4:41:ae:c7:f3:a9:73:96:ea:ae:c4:46:
                    9d:3e:d5:5d:86:40:98:67:cd:93:b9:e5:c9:57:08:
                    b2:00:95:9c:68:30:db:de:d0:24:f0:2d:d3:86:c8:
                    d0:70:84:a5:91:f8:f1:2c:3e:c7:1d:7c:74:cf:53:
                    e8:f8:a9:74:11:69:27:c6:37:f3:be:aa:74:6b:3f:
                    44:49:50:c6:33:59:a3:43:69:4f:ba:a0:61:a9:b6:
                    69:31:b1:8a:22:cd:9a:c6:74:96:16:f7:5c:fb:c6:
                    09:ec:e7:e1:32:60:50:e4:ad:e9:05:21:47:20:7b:
                    ba:50:28:0d:f8:d2:15:07:de:45:ef:bd:a8:ee:af:
                    43:b1:b4:2b:31:2c:b1:9c:fa:28:35:5a:c6:8f:3b:
                    76:12:0c:02:05:e2:f9:46:7e:8d:1a:ef:2e:28:50:
                    df:1a:4b:44:9f:40:39:2e:55:67:a8:52:1b:bd:02:
                    15:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:EE:9B:12:E4:81:79:5E:D9:EE:23:72:25:7C:C8:D9:B8:93:20:38
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS216138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:44:d9:32:ef:57:5e:da:5e:6a:ea:4a:a4:02:fd:63:0f:0b:
         31:31:80:f5:22:d5:97:7d:3d:1f:ab:99:f9:fc:22:44:f8:ff:
         2f:aa:90:d7:6d:12:48:4b:99:4a:5a:a5:3b:24:3c:23:6a:81:
         00:21:79:6c:bd:df:e5:2b:4c:b2:ed:37:e2:d7:b7:64:63:02:
         47:8e:bf:9a:f1:17:1d:31:d9:09:49:2d:96:02:12:b7:a9:e1:
         38:19:6b:45:66:76:19:57:57:66:b3:5e:db:e0:3a:d6:75:83:
         ac:9c:83:8b:4f:e6:e7:3d:22:d4:38:66:d1:35:1d:97:29:ac:
         92:c8:be:c8:28:14:7a:fa:f8:8c:d7:32:5c:e6:53:5a:c9:d9:
         e9:28:72:a7:bb:40:25:2b:dc:f9:7c:0e:a6:ae:2a:ff:c6:eb:
         99:9e:2d:ec:2c:fa:de:62:37:9c:25:7d:cf:21:cb:65:e6:45:
         95:00:dd:5b:30:69:62:0a:02:de:41:d5:c7:ca:fd:68:a2:07:
         58:f8:52:06:1b:63:34:36:8d:99:95:7b:61:0e:de:db:39:b7:
         d1:d7:00:eb:d9:74:69:ad:f7:76:51:c9:c2:ee:e3:8f:ac:c1:
         dd:fc:0e:e0:f6:51:c6:78:01:8c:bf:21:31:d7:6e:f0:07:2d:
         eb:e2:a5:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXieXt8ywitItXOLI7Uh2fC7IlrEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MTkwOTU3MDJaFw0yNzA1MTgxMDAyMDJaMDMxMTAvBgNV
BAMTKDI2RUU5QjEyRTQ4MTc5NUVEOUVFMjM3MjI1N0NDOEQ5Qjg5MzIwMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZdVwYJv2ap42F6LhdbvmebozU
+dkjhv1QPdTCC9pd+YU3kv2joKEs5wH+yB9BlwfJWH4vMyyug9+a96P9KfNsbNvr
KvH5tgVPEIelz9RBrsfzqXOW6q7ERp0+1V2GQJhnzZO55clXCLIAlZxoMNve0CTw
LdOGyNBwhKWR+PEsPscdfHTPU+j4qXQRaSfGN/O+qnRrP0RJUMYzWaNDaU+6oGGp
tmkxsYoizZrGdJYW91z7xgns5+EyYFDkrekFIUcge7pQKA340hUH3kXvvajur0Ox
tCsxLLGc+ig1WsaPO3YSDAIF4vlGfo0a7y4oUN8aS0SfQDkuVWeoUhu9AhWrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJu6bEuSBeV7Z7iNyJXzI2biTIDgwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE2MTM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovN
MA0GCSqGSIb3DQEBCwUAA4IBAQBORNky71de2l5q6kqkAv1jDwsxMYD1ItWXfT0f
q5n5/CJE+P8vqpDXbRJIS5lKWqU7JDwjaoEAIXlsvd/lK0yy7Tfi17dkYwJHjr+a
8RcdMdkJSS2WAhK3qeE4GWtFZnYZV1dms17b4DrWdYOsnIOLT+bnPSLUOGbRNR2X
KaySyL7IKBR6+viM1zJc5lNaydnpKHKnu0AlK9z5fA6mrir/xuuZni3sLPreYjec
JX3PIctl5kWVAN1bMGliCgLeQdXHyv1oogdY+FIGG2M0No2ZlXthDt7bObfR1wDr
2XRprfd2UcnC7uOPrMHd/A7g9lHGeAGMvyEx127wBy3r4qV4
-----END CERTIFICATE-----