Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199741.roa
File:                     AS199741.roa (raw, json)
Hash identifier:          bJvkTTGqMuLX+gdHnEUmxqbaFqliRNj5nuAmobKhpAE=
Subject key identifier:   0E:7F:B6:E5:8B:93:0E:97:F3:38:35:96:D7:FA:D8:A9:AE:EE:BD:8E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5758C5D6EC27ECC40462EBD0F27BA5C27E7311B9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199741.roa
Signing time:             Thu 23 Apr 2026 12:57:27 +0000
ROA not before:           Thu 23 Apr 2026 12:52:27 +0000
ROA not after:            Thu 22 Apr 2027 12:57:27 +0000
asID:                     199741
IP address blocks:        82.47.20.0/24 maxlen: 24
                          82.47.166.0/24 maxlen: 24
                          82.47.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:58:c5:d6:ec:27:ec:c4:04:62:eb:d0:f2:7b:a5:c2:7e:73:11:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 23 12:52:27 2026 GMT
            Not After : Apr 22 12:57:27 2027 GMT
        Subject: CN=0E7FB6E58B930E97F3383596D7FAD8A9AEEEBD8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5b:5f:01:df:e9:11:06:37:12:7c:27:98:17:
                    73:65:e3:89:77:28:93:39:ab:e6:d8:91:68:24:60:
                    cd:38:f9:13:9d:92:de:3e:01:4d:36:7f:85:7d:d9:
                    27:70:39:31:ba:f5:5d:64:2b:d8:7a:26:92:86:fa:
                    56:f6:ea:a8:95:b9:b4:97:fa:ac:34:dc:65:bf:1e:
                    d4:56:4c:0b:5c:7f:48:ef:4b:fc:9b:dd:c4:1e:4b:
                    1f:c4:20:d0:25:cc:a6:b6:8a:68:10:99:23:c8:b1:
                    3c:60:29:c9:58:a8:ce:84:10:2f:e2:bd:12:f6:14:
                    1d:10:5b:ef:04:8b:0b:d0:14:02:21:f9:ab:22:f9:
                    73:1f:ec:8d:4c:70:a1:a4:02:d0:46:54:ef:77:3d:
                    58:c2:eb:d8:56:03:21:5e:43:96:20:d9:f6:47:4c:
                    d4:3f:ba:e1:55:d8:e7:49:a6:db:a0:c8:95:18:a1:
                    6f:0f:f2:16:b7:ca:98:29:eb:08:6f:68:01:ce:d1:
                    7e:77:70:16:05:fd:e2:9d:6a:45:43:5d:e0:e5:b1:
                    c2:df:21:21:24:da:f0:28:b3:7b:c7:81:b4:44:c8:
                    53:c7:c9:65:93:1e:ad:ca:c0:67:50:3d:76:7d:71:
                    f0:b2:91:9f:22:17:4a:b0:a5:a7:67:68:1b:c5:29:
                    97:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:7F:B6:E5:8B:93:0E:97:F3:38:35:96:D7:FA:D8:A9:AE:EE:BD:8E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199741.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.20.0/24
                  82.47.166.0/24
                  82.47.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:4a:a4:7f:76:b0:05:e0:da:c8:18:3d:e4:25:92:d3:15:78:
         8a:e6:10:33:f7:61:7c:25:0a:1d:d0:58:47:c9:e6:d8:d0:8c:
         d2:d3:1d:ec:af:50:98:d0:ad:85:3a:f0:2e:9a:6f:ed:53:44:
         06:a2:8b:1d:19:3e:50:72:c2:d1:a6:c9:a0:4b:40:ec:91:f2:
         db:00:dc:25:60:c1:50:5b:3d:c5:f7:68:d0:33:8e:6a:af:5e:
         b8:75:91:22:e4:62:f6:89:66:ae:0a:3f:c9:be:74:eb:e3:72:
         23:a8:05:b9:fc:e5:52:01:18:52:04:70:b1:34:cf:9e:bf:25:
         38:6f:f6:3a:56:06:be:96:38:78:f7:62:b3:59:07:c3:07:e4:
         ee:ac:7b:90:d1:68:f1:df:82:ae:ab:db:a8:a6:5a:3b:ed:ff:
         1d:0f:7b:d2:5c:e3:06:ac:37:7a:e0:97:80:63:7c:19:be:9a:
         4d:0b:b5:8a:d2:02:24:33:4b:e1:80:7a:87:bf:ae:93:8c:ce:
         dc:2e:a0:e7:0d:86:85:b3:15:72:4c:f7:dc:64:18:58:72:49:
         33:d0:51:c7:10:27:56:c2:9e:bf:f8:19:bf:94:bf:77:38:8e:
         68:4f:9b:55:6b:b0:0d:c7:18:d0:28:6e:83:6e:0c:56:2a:c3:
         6b:28:87:5a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUV1jF1uwn7MQEYuvQ8nulwn5zEbkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjMxMjUyMjdaFw0yNzA0MjIxMjU3MjdaMDMxMTAvBgNV
BAMTKDBFN0ZCNkU1OEI5MzBFOTdGMzM4MzU5NkQ3RkFEOEE5QUVFRUJEOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCW18B3+kRBjcSfCeYF3Nl44l3
KJM5q+bYkWgkYM04+ROdkt4+AU02f4V92SdwOTG69V1kK9h6JpKG+lb26qiVubSX
+qw03GW/HtRWTAtcf0jvS/yb3cQeSx/EINAlzKa2imgQmSPIsTxgKclYqM6EEC/i
vRL2FB0QW+8EiwvQFAIh+asi+XMf7I1McKGkAtBGVO93PVjC69hWAyFeQ5Yg2fZH
TNQ/uuFV2OdJptugyJUYoW8P8ha3ypgp6whvaAHO0X53cBYF/eKdakVDXeDlscLf
ISEk2vAos3vHgbREyFPHyWWTHq3KwGdQPXZ9cfCykZ8iF0qwpadnaBvFKZexAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUDn+25YuTDpfzODWW1/rYqa7uvY4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk5NzQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUi8U
AwQAUi+mAwQAUi+vMA0GCSqGSIb3DQEBCwUAA4IBAQCPSqR/drAF4NrIGD3kJZLT
FXiK5hAz92F8JQod0FhHyebY0IzS0x3sr1CY0K2FOvAumm/tU0QGoosdGT5QcsLR
psmgS0DskfLbANwlYMFQWz3F92jQM45qr164dZEi5GL2iWauCj/JvnTr43IjqAW5
/OVSARhSBHCxNM+evyU4b/Y6Vga+ljh492KzWQfDB+TurHuQ0Wjx34Kuq9uoplo7
7f8dD3vSXOMGrDd64JeAY3wZvppNC7WK0gIkM0vhgHqHv66TjM7cLqDnDYaFsxVy
TPfcZBhYckkz0FHHECdWwp6/+Bm/lL93OI5oT5tVa7ANxxjQKG6DbgxWKsNrKIda
-----END CERTIFICATE-----