Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202792.roa
File:                     AS202792.roa (raw, json)
Hash identifier:          +E6nzIRTDS9Rr0ZbHCZnSmIUiVYCgI2Z0Casvi7xNLk=
Subject key identifier:   F1:47:F6:BF:F4:D3:E9:2B:70:B7:F3:51:F9:55:18:23:B1:4A:C7:13
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5C4981A822D3BC71D2B3827164D3DED769DC4F88
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202792.roa
Signing time:             Fri 24 Apr 2026 04:18:59 +0000
ROA not before:           Fri 24 Apr 2026 04:13:59 +0000
ROA not after:            Fri 23 Apr 2027 04:18:59 +0000
asID:                     202792
IP address blocks:        82.21.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:49:81:a8:22:d3:bc:71:d2:b3:82:71:64:d3:de:d7:69:dc:4f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 24 04:13:59 2026 GMT
            Not After : Apr 23 04:18:59 2027 GMT
        Subject: CN=F147F6BFF4D3E92B70B7F351F9551823B14AC713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ff:cb:ee:4e:0c:a4:2b:34:02:a7:3b:6e:61:
                    1b:c0:ee:2d:f2:ab:eb:5c:b2:e0:9d:65:87:a7:55:
                    82:70:56:49:c0:43:40:f3:7f:49:bb:17:4c:a5:40:
                    c0:27:e1:a7:f8:06:72:9a:b5:16:56:ea:6f:8c:6a:
                    10:ba:33:8c:cc:7a:df:70:3b:d8:56:dd:ef:5e:21:
                    1b:ab:1f:69:53:90:4f:d5:03:da:81:f0:3b:b3:3a:
                    25:f4:ef:70:92:0b:20:08:10:0d:24:00:99:85:93:
                    3e:d7:9b:eb:62:92:6a:d7:45:06:15:e8:71:e3:c3:
                    7f:0d:ab:c4:a0:e0:68:79:84:30:12:ce:d1:b5:f5:
                    fc:e8:fd:e0:21:9a:24:89:6f:5d:7c:a8:e4:6f:c5:
                    cf:5a:45:c9:cb:1d:19:8a:06:d8:1d:b3:42:88:b2:
                    60:f1:1f:d7:db:0b:d5:79:d2:77:5b:ae:71:14:93:
                    cb:99:d6:e9:5c:60:ab:7a:bf:0e:d5:17:ad:12:47:
                    b0:52:c3:33:69:11:dd:50:79:72:d5:1e:81:58:75:
                    40:cc:b5:73:d3:fe:fb:1d:83:98:bf:d0:70:c1:af:
                    08:c8:bc:f2:de:a7:34:e0:fc:f2:50:5c:a3:cb:e3:
                    fd:3f:f6:ed:33:ff:6a:5e:a0:14:eb:6d:94:45:da:
                    c0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:47:F6:BF:F4:D3:E9:2B:70:B7:F3:51:F9:55:18:23:B1:4A:C7:13
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202792.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:13:71:c1:40:ce:e4:18:f8:bd:0c:3e:d9:29:3d:df:99:ae:
         81:31:40:be:96:c3:75:1c:08:4f:35:83:d2:03:92:b7:81:cd:
         60:50:2e:cd:8e:14:53:2c:9a:8b:19:c5:92:3a:56:3d:f8:bd:
         72:27:3c:b9:e0:84:da:bc:35:a3:0b:0b:a6:67:ef:1c:d2:67:
         0c:4c:8b:bd:dc:4c:3e:be:ca:e4:4f:c2:84:68:70:6e:0d:cd:
         41:b7:88:76:ea:64:84:45:e1:0d:2a:b3:db:50:02:68:ab:39:
         45:96:e3:3f:e0:97:43:7b:14:60:cf:72:fd:86:12:93:73:a9:
         19:6d:6a:cf:89:32:64:8d:25:81:74:20:23:e6:d3:13:e2:15:
         22:8f:0f:73:9e:07:72:80:1b:38:03:43:c9:57:d8:6b:c5:34:
         30:ae:d9:4d:10:7e:8f:f7:d1:7d:4a:ab:57:14:c1:5e:2e:81:
         be:0e:d0:a8:25:9f:de:14:a3:ee:b0:07:17:45:c6:f3:cf:c6:
         e6:96:96:6c:95:7c:2f:67:ab:18:6a:7e:af:8a:40:e8:ad:ac:
         4a:e6:a2:23:32:d9:e0:e6:58:59:cf:47:d9:dd:9c:4e:89:7f:
         a9:5f:72:2d:2e:d2:83:48:b9:c0:08:b1:48:09:7a:e8:20:c9:
         b3:8a:0f:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXEmBqCLTvHHSs4JxZNPe12ncT4gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjQwNDEzNTlaFw0yNzA0MjMwNDE4NTlaMDMxMTAvBgNV
BAMTKEYxNDdGNkJGRjREM0U5MkI3MEI3RjM1MUY5NTUxODIzQjE0QUM3MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD/8vuTgykKzQCpztuYRvA7i3y
q+tcsuCdZYenVYJwVknAQ0Dzf0m7F0ylQMAn4af4BnKatRZW6m+MahC6M4zMet9w
O9hW3e9eIRurH2lTkE/VA9qB8DuzOiX073CSCyAIEA0kAJmFkz7Xm+tikmrXRQYV
6HHjw38Nq8Sg4Gh5hDASztG19fzo/eAhmiSJb118qORvxc9aRcnLHRmKBtgds0KI
smDxH9fbC9V50ndbrnEUk8uZ1ulcYKt6vw7VF60SR7BSwzNpEd1QeXLVHoFYdUDM
tXPT/vsdg5i/0HDBrwjIvPLepzTg/PJQXKPL4/0/9u0z/2peoBTrbZRF2sCjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU8Uf2v/TT6Stwt/NR+VUYI7FKxxMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAyNzkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhVB
MA0GCSqGSIb3DQEBCwUAA4IBAQAvE3HBQM7kGPi9DD7ZKT3fma6BMUC+lsN1HAhP
NYPSA5K3gc1gUC7NjhRTLJqLGcWSOlY9+L1yJzy54ITavDWjCwumZ+8c0mcMTIu9
3Ew+vsrkT8KEaHBuDc1Bt4h26mSEReENKrPbUAJoqzlFluM/4JdDexRgz3L9hhKT
c6kZbWrPiTJkjSWBdCAj5tMT4hUijw9zngdygBs4A0PJV9hrxTQwrtlNEH6P99F9
SqtXFMFeLoG+DtCoJZ/eFKPusAcXRcbzz8bmlpZslXwvZ6sYan6vikDoraxK5qIj
Mtng5lhZz0fZ3ZxOiX+pX3ItLtKDSLnACLFICXroIMmzig9H
-----END CERTIFICATE-----