Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135027.roa
File:                     AS135027.roa (raw, json)
Hash identifier:          l9gDWKAsMlXw8/9mWgj3z/7bK02LcxHLoPLlmtbqXeU=
Subject key identifier:   47:2E:9F:35:FD:A9:08:37:F8:34:13:2A:C9:A6:65:B9:5B:EB:FB:0E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       150581DAF68C22426468D88689B884F972D133B8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135027.roa
Signing time:             Wed 08 Oct 2025 11:39:42 +0000
ROA not before:           Wed 08 Oct 2025 11:34:42 +0000
ROA not after:            Wed 07 Oct 2026 11:39:42 +0000
asID:                     135027
IP address blocks:        82.23.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:05:81:da:f6:8c:22:42:64:68:d8:86:89:b8:84:f9:72:d1:33:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct  8 11:34:42 2025 GMT
            Not After : Oct  7 11:39:42 2026 GMT
        Subject: CN=472E9F35FDA90837F834132AC9A665B95BEBFB0E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:58:6d:e2:b3:66:89:56:56:43:4a:e1:d2:0e:
                    fd:5e:84:41:ba:dd:8a:9a:60:bd:1b:bd:43:cc:cd:
                    d4:44:13:17:93:b5:3f:11:88:66:6b:5c:c3:3a:88:
                    bf:6a:db:1f:f9:81:e8:8e:9e:d6:45:be:29:da:fd:
                    05:8e:eb:1a:81:56:3a:1d:21:ba:88:de:ef:d8:e6:
                    a9:af:3e:0e:c7:87:65:bf:d6:1d:8c:0d:ad:83:0d:
                    ab:10:13:69:e6:e3:6d:de:ca:0c:3d:71:37:bd:23:
                    15:06:b5:09:04:b0:39:4c:f2:8c:3a:f6:24:9d:61:
                    11:37:4d:c4:57:68:66:6e:c2:2b:9f:40:74:8e:f3:
                    50:d4:d7:2b:3a:cb:96:23:5b:9f:52:45:20:be:27:
                    98:9e:0c:89:4d:8f:a7:a6:48:87:69:f9:c2:47:00:
                    30:a3:31:cd:9c:0d:5a:79:47:52:00:e5:79:0e:65:
                    6c:65:c0:c1:22:2d:85:25:b2:96:0e:cc:c8:7d:b3:
                    53:a9:70:cb:3e:30:15:25:71:3b:de:bc:02:37:e2:
                    60:67:bd:2c:a4:f0:58:7d:58:e3:9a:a9:cf:29:8d:
                    71:d5:35:6d:21:95:e7:ef:3a:e3:6e:0e:be:d3:e6:
                    d2:7e:83:cc:c3:a2:27:fd:eb:16:81:b7:16:6d:e3:
                    ef:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:2E:9F:35:FD:A9:08:37:F8:34:13:2A:C9:A6:65:B9:5B:EB:FB:0E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135027.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:06:6d:56:e4:64:93:6b:59:65:82:98:a7:d7:9d:b3:e0:50:
         7b:91:75:62:c4:ad:c5:d5:fd:2a:02:4a:45:90:57:79:4e:86:
         81:1a:f7:8f:4a:b6:be:5c:eb:16:11:f8:a4:87:3c:0e:a5:89:
         63:46:1a:a1:88:02:a8:97:2a:59:da:98:50:12:28:b0:30:b2:
         01:14:32:9c:b2:34:66:89:09:cb:92:60:af:e7:34:82:ea:09:
         b9:5d:99:5a:d1:7c:e2:bc:a9:f6:3c:c4:0f:aa:15:f2:c8:41:
         c3:60:c7:85:a3:a6:8c:1e:3d:de:17:7c:93:44:28:6d:c5:dc:
         03:3d:f1:42:d2:83:c9:67:b2:6e:79:f3:02:8c:40:bc:fd:e2:
         e2:ec:41:09:2c:02:30:71:70:15:78:c5:5f:84:86:af:81:33:
         cb:c9:e9:b3:4f:05:f5:18:6b:cd:eb:42:3a:e8:d9:47:e7:40:
         97:f3:f6:08:79:a1:80:1c:7e:2a:43:1a:26:0b:02:b5:2d:6a:
         11:02:69:47:26:2e:a0:c9:32:6e:17:b7:56:6d:ec:06:c4:02:
         f7:65:d5:cf:67:22:e5:8c:30:ca:f3:c1:3b:76:0f:dd:e1:43:
         77:2e:1b:1e:af:91:9e:18:5f:92:31:a6:56:42:2d:c5:89:d4:
         c8:eb:64:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFQWB2vaMIkJkaNiGibiE+XLRM7gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMDgxMTM0NDJaFw0yNjEwMDcxMTM5NDJaMDMxMTAvBgNV
BAMTKDQ3MkU5RjM1RkRBOTA4MzdGODM0MTMyQUM5QTY2NUI5NUJFQkZCMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVWG3is2aJVlZDSuHSDv1ehEG6
3YqaYL0bvUPMzdREExeTtT8RiGZrXMM6iL9q2x/5geiOntZFvina/QWO6xqBVjod
IbqI3u/Y5qmvPg7Hh2W/1h2MDa2DDasQE2nm423eygw9cTe9IxUGtQkEsDlM8ow6
9iSdYRE3TcRXaGZuwiufQHSO81DU1ys6y5YjW59SRSC+J5ieDIlNj6emSIdp+cJH
ADCjMc2cDVp5R1IA5XkOZWxlwMEiLYUlspYOzMh9s1OpcMs+MBUlcTvevAI34mBn
vSyk8Fh9WOOaqc8pjXHVNW0hlefvOuNuDr7T5tJ+g8zDoif96xaBtxZt4+/dAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQURy6fNf2pCDf4NBMqyaZluVvr+w4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM1MDI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUheK
MA0GCSqGSIb3DQEBCwUAA4IBAQBHBm1W5GSTa1llgpin152z4FB7kXVixK3F1f0q
AkpFkFd5ToaBGvePSra+XOsWEfikhzwOpYljRhqhiAKolypZ2phQEiiwMLIBFDKc
sjRmiQnLkmCv5zSC6gm5XZla0XzivKn2PMQPqhXyyEHDYMeFo6aMHj3eF3yTRCht
xdwDPfFC0oPJZ7JuefMCjEC8/eLi7EEJLAIwcXAVeMVfhIavgTPLyemzTwX1GGvN
60I66NlH50CX8/YIeaGAHH4qQxomCwK1LWoRAmlHJi6gyTJuF7dWbewGxAL3ZdXP
ZyLljDDK88E7dg/d4UN3Lhser5GeGF+SMaZWQi3FidTI62Tf
-----END CERTIFICATE-----