Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202656.roa
File:                     AS202656.roa (raw, json)
Hash identifier:          31IQJp2XSS2Z7ikMykzszg0h+oq6/Z2ZLxi0OP3NtVw=
Subject key identifier:   DB:C0:11:9D:57:72:4E:9A:08:E6:76:71:E6:22:40:AD:0E:25:34:1A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0E606DB334848535C9F84B022C80777B5A020543
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202656.roa
Signing time:             Tue 13 May 2025 23:26:05 +0000
ROA not before:           Tue 13 May 2025 23:21:05 +0000
ROA not after:            Tue 12 May 2026 23:26:05 +0000
asID:                     202656
IP address blocks:        82.22.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:60:6d:b3:34:84:85:35:c9:f8:4b:02:2c:80:77:7b:5a:02:05:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 13 23:21:05 2025 GMT
            Not After : May 12 23:26:05 2026 GMT
        Subject: CN=DBC0119D57724E9A08E67671E62240AD0E25341A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:68:b0:6c:6c:f0:4d:ac:1e:9c:8e:d8:ee:32:
                    7a:1f:2b:83:f2:ae:32:c3:dc:02:47:71:9f:10:f4:
                    f0:13:cc:7d:15:dc:9e:f3:92:a9:17:8a:69:3c:06:
                    5b:52:92:84:1b:e8:0f:74:59:ce:f4:c0:3a:1d:b1:
                    28:4d:3e:41:ef:1e:4d:4a:44:2e:6d:ea:47:e2:ef:
                    93:dc:c6:9d:8e:13:31:4e:34:a2:5b:82:e3:73:3e:
                    52:e6:d2:ee:e7:b7:d3:cd:7d:12:58:5d:ab:63:09:
                    cc:da:28:a2:a5:14:25:a6:0d:59:6c:30:d4:28:d7:
                    88:0e:a4:7d:69:65:14:b7:bc:80:20:f4:71:7b:1a:
                    6a:84:0d:b0:76:57:74:1e:1f:b0:6e:6b:40:37:7d:
                    e2:88:09:fc:16:09:b2:ba:e1:1d:73:48:fe:ea:2b:
                    f4:e5:a9:c6:83:cd:3f:c9:92:af:a9:45:06:1a:89:
                    fb:4d:fc:fa:c9:c3:1d:f0:52:94:d9:55:fa:66:8e:
                    79:bf:02:ef:24:56:3f:a1:10:de:5f:71:e0:d0:e7:
                    69:23:90:18:e4:89:e7:c7:25:d8:f6:b1:05:ba:46:
                    89:44:78:9c:8b:b0:f2:36:63:c4:ed:e6:0b:77:9f:
                    51:3e:38:9a:1d:b8:fc:52:c4:35:6e:cf:13:53:15:
                    59:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C0:11:9D:57:72:4E:9A:08:E6:76:71:E6:22:40:AD:0E:25:34:1A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202656.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:14:c1:3f:5b:af:1a:01:70:8a:7a:6d:17:44:30:87:aa:97:
         39:d6:37:68:4c:30:19:36:8a:52:52:4d:f6:d9:8f:5c:91:0b:
         28:3f:a3:6f:87:42:36:67:d8:d7:a2:36:b3:37:25:3a:cd:fd:
         55:04:9a:e9:40:c4:07:da:7d:42:18:5c:d7:37:75:cd:1b:34:
         a8:6a:11:8f:76:58:10:88:18:d5:35:be:d5:8c:85:6a:39:7a:
         4f:3c:79:82:4b:9c:c5:37:e0:e6:da:6c:50:e7:02:12:5d:41:
         ec:cd:63:89:9a:29:b2:de:08:ab:42:ac:63:b6:b7:a5:2e:00:
         7a:f0:de:97:8c:ea:67:47:47:c5:49:67:c5:0f:7f:3c:94:42:
         2d:b3:1a:db:d6:a5:5f:d7:c2:37:8f:a2:cd:6b:9d:d5:04:79:
         76:4d:54:2d:7e:7b:e3:1f:53:7d:7d:d4:9b:73:28:50:ca:81:
         40:23:cb:f6:42:16:78:6d:34:59:d7:6e:c5:5b:28:c8:c5:78:
         f6:68:69:ff:c5:28:eb:93:ef:95:44:9b:32:62:78:78:1f:7d:
         e9:fa:16:ce:74:9f:a2:df:67:8e:03:3d:61:75:57:55:4a:f5:
         53:83:25:df:c7:d4:6a:c2:9c:6b:1a:5e:c5:2e:29:2c:7e:68:
         5d:a2:46:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDmBtszSEhTXJ+EsCLIB3e1oCBUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MTMyMzIxMDVaFw0yNjA1MTIyMzI2MDVaMDMxMTAvBgNV
BAMTKERCQzAxMTlENTc3MjRFOUEwOEU2NzY3MUU2MjI0MEFEMEUyNTM0MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdaLBsbPBNrB6cjtjuMnofK4Py
rjLD3AJHcZ8Q9PATzH0V3J7zkqkXimk8BltSkoQb6A90Wc70wDodsShNPkHvHk1K
RC5t6kfi75Pcxp2OEzFONKJbguNzPlLm0u7nt9PNfRJYXatjCczaKKKlFCWmDVls
MNQo14gOpH1pZRS3vIAg9HF7GmqEDbB2V3QeH7Bua0A3feKICfwWCbK64R1zSP7q
K/TlqcaDzT/Jkq+pRQYaiftN/PrJwx3wUpTZVfpmjnm/Au8kVj+hEN5fceDQ52kj
kBjkiefHJdj2sQW6RolEeJyLsPI2Y8Tt5gt3n1E+OJoduPxSxDVuzxNTFVkhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU28ARnVdyTpoI5nZx5iJArQ4lNBowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAyNjU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhZO
MA0GCSqGSIb3DQEBCwUAA4IBAQCAFME/W68aAXCKem0XRDCHqpc51jdoTDAZNopS
Uk322Y9ckQsoP6Nvh0I2Z9jXojazNyU6zf1VBJrpQMQH2n1CGFzXN3XNGzSoahGP
dlgQiBjVNb7VjIVqOXpPPHmCS5zFN+Dm2mxQ5wISXUHszWOJmimy3girQqxjtrel
LgB68N6XjOpnR0fFSWfFD388lEItsxrb1qVf18I3j6LNa53VBHl2TVQtfnvjH1N9
fdSbcyhQyoFAI8v2QhZ4bTRZ127FWyjIxXj2aGn/xSjrk++VRJsyYnh4H33p+hbO
dJ+i32eOAz1hdVdVSvVTgyXfx9RqwpxrGl7FLiksfmhdokbO
-----END CERTIFICATE-----