Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147181.roa
File:                     AS147181.roa (raw, json)
Hash identifier:          Se51RNmPN0s96lTjPT3d4TRpGnpF7f02y8VDiZ3bcPE=
Subject key identifier:   37:B5:1A:1E:78:C9:B8:84:F0:AF:7B:77:6F:65:41:34:A1:64:85:A8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3A55A1C2F5DA9F266F7A39525AF397368BCC93E6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147181.roa
Signing time:             Wed 14 May 2025 13:47:13 +0000
ROA not before:           Wed 14 May 2025 13:42:13 +0000
ROA not after:            Wed 13 May 2026 13:47:13 +0000
asID:                     147181
IP address blocks:        82.26.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:55:a1:c2:f5:da:9f:26:6f:7a:39:52:5a:f3:97:36:8b:cc:93:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 14 13:42:13 2025 GMT
            Not After : May 13 13:47:13 2026 GMT
        Subject: CN=37B51A1E78C9B884F0AF7B776F654134A16485A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:88:9a:9e:8c:f0:e6:97:c1:e9:07:c4:3f:61:
                    7a:03:2e:84:78:2f:e5:00:2b:70:60:34:5c:90:ba:
                    1f:2a:b1:58:39:be:63:be:a5:ae:fd:be:06:51:39:
                    8d:f1:d0:ca:86:fe:88:57:e1:6e:c2:09:67:55:fc:
                    61:1d:4a:a6:a8:3e:a6:8c:1a:00:e7:06:a2:9b:ac:
                    2d:32:b2:5a:a2:d0:17:f5:a3:11:9d:39:36:8c:5f:
                    56:ac:6d:d0:ce:fd:44:62:42:f7:d2:a5:8a:31:bc:
                    e6:db:03:fb:fd:e4:a1:2a:0c:13:af:0d:27:3c:16:
                    04:eb:31:91:fe:74:73:9a:00:fc:f1:5a:6e:9b:3e:
                    9c:cd:4b:d4:bf:9c:c4:69:23:43:85:b7:27:32:67:
                    35:4e:cc:a7:8b:fc:f1:a6:a6:d8:f9:08:11:8f:b1:
                    6b:de:d5:84:a9:d2:0f:04:c5:4d:c1:de:d6:62:1a:
                    6d:9d:1d:59:ad:d9:9c:b6:ab:e5:34:bd:a7:83:c0:
                    26:1b:d1:2d:7f:8d:ae:83:3a:51:2a:c1:a7:61:28:
                    fe:f5:6a:47:5e:50:14:fa:ff:e1:e8:dc:b0:2a:ea:
                    6c:40:51:40:99:1d:9b:8e:45:3a:ec:ff:31:ca:f6:
                    20:36:d6:49:04:a3:23:f6:d3:f2:93:26:34:25:01:
                    bd:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B5:1A:1E:78:C9:B8:84:F0:AF:7B:77:6F:65:41:34:A1:64:85:A8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:3a:ac:65:c6:a0:00:55:8a:76:28:c1:f4:7b:45:1e:f1:ee:
         e3:44:07:da:a1:86:16:e3:de:40:f8:1c:12:f9:90:65:75:d1:
         b7:b9:87:3e:b4:10:0e:86:79:39:b2:cd:ac:10:d8:ff:33:8e:
         23:be:c2:03:50:7e:b9:97:c2:2b:dc:8c:f0:5a:6c:16:85:6c:
         2a:76:95:8c:09:35:b0:3b:90:1f:f4:48:31:c1:19:28:de:e0:
         12:35:41:6b:81:1d:19:b0:b7:06:9d:6e:b1:1f:10:64:92:7e:
         a9:3d:85:01:cb:4e:b2:99:dd:36:0c:0a:5f:aa:bf:b8:f3:8c:
         5c:6f:6c:32:eb:f7:4f:ec:1b:46:11:bc:d4:53:d0:e1:3e:27:
         63:9c:1d:04:b6:55:3e:fc:35:6e:6a:af:c2:9b:0f:46:1a:7c:
         22:98:49:44:42:be:f7:95:01:ab:3b:1a:0a:fe:12:19:d2:5c:
         75:5d:9e:46:b5:45:99:0a:85:8e:af:5d:0b:68:9c:8a:fc:92:
         6e:99:3c:b1:6c:cd:2b:b0:0c:55:71:22:92:09:3e:74:36:5f:
         54:7b:fd:4a:77:84:43:69:de:49:9a:e5:ca:16:4d:fa:c3:b5:
         f0:1a:92:d0:9c:eb:4b:f3:c4:c6:c1:7c:42:7b:62:14:80:74:
         68:b3:b5:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOlWhwvXanyZvejlSWvOXNovMk+YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MTQxMzQyMTNaFw0yNjA1MTMxMzQ3MTNaMDMxMTAvBgNV
BAMTKDM3QjUxQTFFNzhDOUI4ODRGMEFGN0I3NzZGNjU0MTM0QTE2NDg1QTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOiJqejPDml8HpB8Q/YXoDLoR4
L+UAK3BgNFyQuh8qsVg5vmO+pa79vgZROY3x0MqG/ohX4W7CCWdV/GEdSqaoPqaM
GgDnBqKbrC0yslqi0Bf1oxGdOTaMX1asbdDO/URiQvfSpYoxvObbA/v95KEqDBOv
DSc8FgTrMZH+dHOaAPzxWm6bPpzNS9S/nMRpI0OFtycyZzVOzKeL/PGmptj5CBGP
sWve1YSp0g8ExU3B3tZiGm2dHVmt2Zy2q+U0vaeDwCYb0S1/ja6DOlEqwadhKP71
akdeUBT6/+Ho3LAq6mxAUUCZHZuORTrs/zHK9iA21kkEoyP20/KTJjQlAb0NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUN7UaHnjJuITwr3t3b2VBNKFkhagwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQ3MTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhrB
MA0GCSqGSIb3DQEBCwUAA4IBAQAIOqxlxqAAVYp2KMH0e0Ue8e7jRAfaoYYW495A
+BwS+ZBlddG3uYc+tBAOhnk5ss2sENj/M44jvsIDUH65l8Ir3IzwWmwWhWwqdpWM
CTWwO5Af9EgxwRko3uASNUFrgR0ZsLcGnW6xHxBkkn6pPYUBy06ymd02DApfqr+4
84xcb2wy6/dP7BtGEbzUU9DhPidjnB0EtlU+/DVuaq/Cmw9GGnwimElEQr73lQGr
OxoK/hIZ0lx1XZ5GtUWZCoWOr10LaJyK/JJumTyxbM0rsAxVcSKSCT50Nl9Ue/1K
d4RDad5JmuXKFk36w7XwGpLQnOtL88TGwXxCe2IUgHRos7VU
-----END CERTIFICATE-----