Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142240.roa
File:                     AS142240.roa (raw, json)
Hash identifier:          TOxetCeM7NvcOAZL70Eb3pNqLWl53zRjQp+p32yJFgY=
Subject key identifier:   8E:E4:61:54:55:A9:F8:C1:FF:CE:30:9E:A9:A1:79:61:20:68:13:7B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5CE9DF2855210FC6CFBE1DE5A7FE3291038B78AC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142240.roa
Signing time:             Thu 23 Apr 2026 15:01:55 +0000
ROA not before:           Thu 23 Apr 2026 14:56:55 +0000
ROA not after:            Thu 22 Apr 2027 15:01:55 +0000
asID:                     142240
IP address blocks:        178.83.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Apr 2026 01:50:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:e9:df:28:55:21:0f:c6:cf:be:1d:e5:a7:fe:32:91:03:8b:78:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 23 14:56:55 2026 GMT
            Not After : Apr 22 15:01:55 2027 GMT
        Subject: CN=8EE4615455A9F8C1FFCE309EA9A179612068137B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3c:56:8a:bf:55:bd:4e:4c:c3:55:f9:77:3c:
                    b5:ed:8a:5a:15:5d:33:c2:bb:c9:6e:a1:df:8f:2d:
                    09:f4:28:8a:fe:36:73:0a:fb:e8:08:71:e2:09:09:
                    eb:77:7b:04:9d:a6:71:81:8a:1a:5a:a6:73:58:87:
                    22:7a:9e:31:c1:e6:eb:9d:92:e3:7e:08:d4:d7:df:
                    b2:9b:7c:9f:bb:ae:ca:56:0c:33:6a:ad:a2:36:cb:
                    01:57:57:d1:d3:d9:9a:37:d1:5c:31:44:1f:6f:a8:
                    98:c5:a1:e8:a4:0b:e4:cb:59:32:6c:c0:68:51:39:
                    ef:6a:1e:48:79:bc:99:c5:55:00:6d:67:da:20:f7:
                    b2:68:ad:9a:d7:19:2b:ee:90:07:c0:bc:f0:61:fc:
                    78:5d:32:82:b1:ad:68:ae:f9:a2:ca:e1:6b:88:55:
                    06:53:6e:6c:f2:61:ae:93:a2:a2:7d:c3:87:b8:fa:
                    50:f2:46:ee:45:30:1d:d8:60:20:bc:40:82:72:90:
                    1e:0e:91:b3:08:40:69:7e:95:29:9f:7c:c4:a9:10:
                    e7:c4:5e:a0:bc:8f:fe:81:cb:57:47:08:eb:30:0c:
                    f2:c6:1a:13:d7:7f:ab:0d:09:5c:13:cc:cb:26:b3:
                    c3:95:a6:60:43:36:bc:7b:36:1b:e4:18:7f:af:13:
                    2d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E4:61:54:55:A9:F8:C1:FF:CE:30:9E:A9:A1:79:61:20:68:13:7B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:35:95:09:b3:70:41:96:83:48:2a:4c:0f:c3:9f:22:b6:9b:
         c5:b7:60:34:b6:49:1a:ab:16:12:d4:68:96:ea:05:a7:73:25:
         6f:f8:30:02:32:32:73:00:14:56:af:16:a5:50:a4:d2:73:4f:
         c8:9e:ea:17:0d:89:33:9c:78:74:80:c0:10:6b:6e:3a:28:a8:
         f8:fc:6d:62:2c:a7:14:5b:62:2b:58:fa:b8:fe:5a:f8:83:6d:
         63:f2:6c:d2:85:fd:72:9a:06:72:f9:8d:45:65:b8:43:90:95:
         5b:fe:1d:1f:39:9e:a6:a1:3d:2d:ce:36:22:25:21:70:88:30:
         53:82:92:fa:76:9b:91:7b:8c:92:76:c8:19:2f:68:a6:88:be:
         85:df:74:6b:27:85:18:b9:68:da:25:ee:83:30:79:26:e6:eb:
         20:f5:67:bf:c6:73:07:a4:54:70:36:dd:59:31:33:b6:a2:d5:
         51:ca:6d:70:ce:c6:30:49:07:79:d8:ef:71:75:12:d2:97:a8:
         9a:3e:d8:62:68:89:63:eb:cf:8a:de:1b:31:0e:1f:fe:50:43:
         3c:28:73:ad:11:52:90:ac:f5:b1:c6:d7:12:91:80:ad:10:e5:
         2d:df:44:c9:cc:29:1f:a2:90:fe:2d:6a:d5:c6:18:40:b3:fa:
         0e:c0:20:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXOnfKFUhD8bPvh3lp/4ykQOLeKwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjMxNDU2NTVaFw0yNzA0MjIxNTAxNTVaMDMxMTAvBgNV
BAMTKDhFRTQ2MTU0NTVBOUY4QzFGRkNFMzA5RUE5QTE3OTYxMjA2ODEzN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLPFaKv1W9TkzDVfl3PLXtiloV
XTPCu8luod+PLQn0KIr+NnMK++gIceIJCet3ewSdpnGBihpapnNYhyJ6njHB5uud
kuN+CNTX37KbfJ+7rspWDDNqraI2ywFXV9HT2Zo30VwxRB9vqJjFoeikC+TLWTJs
wGhROe9qHkh5vJnFVQBtZ9og97JorZrXGSvukAfAvPBh/HhdMoKxrWiu+aLK4WuI
VQZTbmzyYa6ToqJ9w4e4+lDyRu5FMB3YYCC8QIJykB4OkbMIQGl+lSmffMSpEOfE
XqC8j/6By1dHCOswDPLGGhPXf6sNCVwTzMsms8OVpmBDNrx7NhvkGH+vEy3DAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjuRhVFWp+MH/zjCeqaF5YSBoE3swHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQyMjQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslMc
MA0GCSqGSIb3DQEBCwUAA4IBAQBUNZUJs3BBloNIKkwPw58itpvFt2A0tkkaqxYS
1GiW6gWncyVv+DACMjJzABRWrxalUKTSc0/InuoXDYkznHh0gMAQa246KKj4/G1i
LKcUW2IrWPq4/lr4g21j8mzShf1ymgZy+Y1FZbhDkJVb/h0fOZ6moT0tzjYiJSFw
iDBTgpL6dpuRe4ySdsgZL2imiL6F33RrJ4UYuWjaJe6DMHkm5usg9We/xnMHpFRw
Nt1ZMTO2otVRym1wzsYwSQd52O9xdRLSl6iaPthiaIlj68+K3hsxDh/+UEM8KHOt
EVKQrPWxxtcSkYCtEOUt30TJzCkfopD+LWrVxhhAs/oOwCDa
-----END CERTIFICATE-----