Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151964.roa
File:                     AS151964.roa (raw, json)
Hash identifier:          lpV/zhwYQcVFHqJ+uAv+ZbTqbmOAUPxqWgjANzBM9NM=
Subject key identifier:   C4:60:5F:7B:54:A0:2D:CF:07:67:E4:AB:34:1C:27:31:5B:9C:02:54
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2B6201EDAE76F3C919AFE224AFB44DE389D00B14
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151964.roa
Signing time:             Thu 22 May 2025 13:03:58 +0000
ROA not before:           Thu 22 May 2025 12:58:58 +0000
ROA not after:            Thu 21 May 2026 13:03:58 +0000
asID:                     151964
IP address blocks:        82.26.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:62:01:ed:ae:76:f3:c9:19:af:e2:24:af:b4:4d:e3:89:d0:0b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 22 12:58:58 2025 GMT
            Not After : May 21 13:03:58 2026 GMT
        Subject: CN=C4605F7B54A02DCF0767E4AB341C27315B9C0254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b4:28:78:d9:e5:3e:01:ab:9d:b9:7b:f8:bc:
                    c6:02:55:ed:d8:cf:b8:b6:b1:20:39:05:56:f8:b0:
                    d5:56:cf:fd:d2:01:3e:8d:bc:ab:1c:31:bc:63:25:
                    f8:93:84:50:50:b4:22:09:95:bb:5c:ec:ea:88:3f:
                    89:b4:ab:9f:78:00:8c:36:ca:16:de:01:91:1c:71:
                    43:c9:95:ff:f9:e6:75:ac:9b:0b:ce:a9:e0:45:09:
                    3f:3d:43:b1:ff:53:1f:35:25:0b:04:2e:b2:77:45:
                    e5:5f:54:2b:ed:7a:e1:8e:6e:32:67:af:4a:80:d9:
                    5f:ef:d0:c2:74:36:72:2a:93:d8:35:f1:8a:e5:5a:
                    6a:4e:2b:ce:9e:92:02:df:7a:50:fb:fe:40:03:8a:
                    ea:6a:5b:55:58:22:09:5b:fe:1b:b8:1a:86:4f:be:
                    53:2a:07:2f:91:2a:4b:ad:a5:f5:5d:fb:11:0d:49:
                    8a:5e:c0:4d:23:f6:ba:47:eb:31:c7:60:75:64:ce:
                    5e:5d:4e:68:b3:f8:a7:ae:7d:10:fb:ed:05:f4:ec:
                    ea:bb:ab:71:6d:ab:39:b0:22:bb:8d:4c:1d:7c:31:
                    0a:8c:47:9b:9a:90:14:a0:fa:c6:6f:26:f1:b1:2f:
                    65:45:6a:ce:c1:e0:9e:4d:5c:59:eb:c2:ee:6e:08:
                    0f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:60:5F:7B:54:A0:2D:CF:07:67:E4:AB:34:1C:27:31:5B:9C:02:54
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS151964.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:c3:f3:52:c0:e8:c9:a9:7a:23:45:21:ed:a4:d8:04:af:81:
         d6:3c:c8:83:03:78:da:6a:d7:ab:e6:90:ff:38:65:18:7c:db:
         bf:d3:5c:ab:85:b9:0f:11:59:2d:2e:3f:d4:6e:a1:2c:f6:6e:
         a7:49:7c:38:0f:0d:05:53:15:dc:19:60:c1:c2:5d:de:ee:e3:
         3b:c9:3c:8d:1b:e3:ac:73:89:85:26:d0:8f:a0:93:bf:6a:75:
         8c:f7:a9:09:bf:bc:94:c3:0f:dd:e0:bb:7f:a9:51:b6:61:0d:
         0d:dd:ab:f0:d2:24:54:e2:5b:33:26:12:82:a8:5b:26:24:76:
         1d:f8:36:43:24:32:cd:6c:f7:57:d2:9a:fa:23:35:69:e3:26:
         ed:08:03:e9:72:13:1b:5b:ea:d2:60:e9:e4:26:14:1e:14:52:
         b9:c8:1e:6c:a6:38:88:a2:2b:ab:a3:1b:a7:1a:e1:34:0a:e3:
         3e:6f:59:87:3c:60:ad:30:56:23:72:aa:cf:56:98:65:97:b9:
         af:9e:7a:ff:31:e2:1e:b9:2c:09:5c:a0:ed:85:4b:93:bd:58:
         c2:7b:fe:e9:54:2d:15:de:eb:1c:8d:dc:e2:4a:6c:16:34:4b:
         68:16:2e:c0:82:fe:3c:ac:cc:61:4a:a2:63:a9:63:98:f9:31:
         55:43:b5:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUK2IB7a5288kZr+Ikr7RN44nQCxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjIxMjU4NThaFw0yNjA1MjExMzAzNThaMDMxMTAvBgNV
BAMTKEM0NjA1RjdCNTRBMDJEQ0YwNzY3RTRBQjM0MUMyNzMxNUI5QzAyNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvtCh42eU+AauduXv4vMYCVe3Y
z7i2sSA5BVb4sNVWz/3SAT6NvKscMbxjJfiThFBQtCIJlbtc7OqIP4m0q594AIw2
yhbeAZEccUPJlf/55nWsmwvOqeBFCT89Q7H/Ux81JQsELrJ3ReVfVCvteuGObjJn
r0qA2V/v0MJ0NnIqk9g18YrlWmpOK86ekgLfelD7/kADiupqW1VYIglb/hu4GoZP
vlMqBy+RKkutpfVd+xENSYpewE0j9rpH6zHHYHVkzl5dTmiz+KeufRD77QX07Oq7
q3FtqzmwIruNTB18MQqMR5uakBSg+sZvJvGxL2VFas7B4J5NXFnrwu5uCA9zAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxGBfe1SgLc8HZ+SrNBwnMVucAlQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUxOTY0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhp0
MA0GCSqGSIb3DQEBCwUAA4IBAQB4w/NSwOjJqXojRSHtpNgEr4HWPMiDA3jaater
5pD/OGUYfNu/01yrhbkPEVktLj/UbqEs9m6nSXw4Dw0FUxXcGWDBwl3e7uM7yTyN
G+Osc4mFJtCPoJO/anWM96kJv7yUww/d4Lt/qVG2YQ0N3avw0iRU4lszJhKCqFsm
JHYd+DZDJDLNbPdX0pr6IzVp4ybtCAPpchMbW+rSYOnkJhQeFFK5yB5spjiIoiur
oxunGuE0CuM+b1mHPGCtMFYjcqrPVphll7mvnnr/MeIeuSwJXKDthUuTvVjCe/7p
VC0V3uscjdziSmwWNEtoFi7Agv48rMxhSqJjqWOY+TFVQ7WI
-----END CERTIFICATE-----