Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          3LoJufxwnei2nly/ax5Ah1WicGZK45aDu7Xx7oTXoEU=
Subject key identifier:   77:18:21:D1:00:01:76:C7:A7:67:22:17:BD:6C:CA:CA:C5:A8:84:6C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2997F5AA08BB9D34A97DBE1AD117B7B69BA1E4D0
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa
Signing time:             Wed 10 Sep 2025 09:50:58 +0000
ROA not before:           Wed 10 Sep 2025 09:45:58 +0000
ROA not after:            Wed 09 Sep 2026 09:50:58 +0000
asID:                     20326
IP address blocks:        82.21.43.0/24 maxlen: 24
                          82.26.96.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:50:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:97:f5:aa:08:bb:9d:34:a9:7d:be:1a:d1:17:b7:b6:9b:a1:e4:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 10 09:45:58 2025 GMT
            Not After : Sep  9 09:50:58 2026 GMT
        Subject: CN=771821D1000176C7A7672217BD6CCACAC5A8846C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:23:97:88:92:c0:16:83:31:bf:4a:bf:9b:92:
                    f3:44:ac:5f:64:15:8d:25:1c:35:7a:ba:27:86:d0:
                    c8:27:72:e1:a0:c4:ee:bc:07:1c:29:5a:72:40:a0:
                    aa:ae:54:eb:bf:84:e8:4e:13:4f:b5:32:46:45:0b:
                    e0:dd:6d:aa:fe:6e:5d:6b:6a:8b:f3:84:2a:e8:32:
                    d5:74:fb:11:f0:d8:b7:7f:a8:ec:24:9f:12:4a:3b:
                    ca:e5:67:b9:50:16:62:a8:17:b8:46:11:e4:50:73:
                    41:5b:34:18:bc:24:31:7f:c2:4f:be:79:dc:27:55:
                    bf:1a:c6:14:34:b3:2f:a3:cd:87:38:29:c6:d0:26:
                    94:4e:96:fa:a2:e2:99:ea:50:08:f4:6b:77:fa:c4:
                    cd:d8:66:fe:ee:79:46:b0:dd:b6:d2:93:b4:6d:ba:
                    94:d3:f7:36:5f:2a:0e:37:4e:19:d5:4b:7b:41:05:
                    96:89:65:e2:46:90:72:d8:c6:7e:18:10:3e:2d:fc:
                    29:1c:b3:15:f4:64:70:8c:e6:c9:b6:63:ec:20:8f:
                    0e:4f:8b:10:74:66:76:da:08:c2:1e:c3:c4:25:d9:
                    58:b2:0e:54:8a:85:96:e7:e2:26:0b:02:0b:be:6e:
                    9c:b9:42:5d:0b:aa:2e:4a:05:e0:88:32:95:df:cd:
                    c6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:18:21:D1:00:01:76:C7:A7:67:22:17:BD:6C:CA:CA:C5:A8:84:6C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.43.0/24
                  82.26.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:2e:dd:31:07:a8:97:7d:81:cc:39:f0:90:0e:b8:a6:fc:d5:
         b5:6e:69:ac:5a:dc:94:74:c7:f6:37:20:bf:a2:f9:59:95:b7:
         96:aa:3e:d1:98:09:08:74:1b:19:d0:11:b3:8c:8b:5a:21:ea:
         ae:98:84:9e:0a:ef:49:ee:df:33:67:b9:d6:f4:66:72:77:d3:
         e0:a9:56:ed:49:c7:df:f8:95:9d:ae:4d:e7:f2:db:1f:45:19:
         11:39:8c:b7:ad:8e:67:97:e3:8a:61:58:e3:87:ec:14:63:1d:
         d3:ac:60:21:c3:1b:97:3e:f3:d7:01:06:31:45:5b:2f:69:3a:
         df:f8:3a:3f:6e:99:7a:cb:6f:5f:eb:1d:cc:10:a0:62:d7:02:
         6c:b7:f9:10:03:3c:72:12:0a:2c:15:06:52:ea:e4:6a:0c:48:
         ab:08:77:3e:5f:45:cc:a5:fd:98:24:d3:a0:db:2d:75:b8:4a:
         d8:39:8f:71:28:a9:2d:e9:27:c8:47:30:6f:4d:a6:48:33:7f:
         e4:8d:30:22:cc:a8:20:47:13:5c:37:53:fd:a5:a7:dd:7d:97:
         58:d4:19:43:66:11:6e:a2:ec:92:f6:3d:b0:a0:db:dd:b2:30:
         36:4e:b4:23:bb:27:b1:6f:cd:98:fb:c0:01:fb:0e:7b:78:29:
         6e:fd:51:2f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUKZf1qgi7nTSpfb4a0Re3tpuh5NAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MTAwOTQ1NThaFw0yNjA5MDkwOTUwNThaMDMxMTAvBgNV
BAMTKDc3MTgyMUQxMDAwMTc2QzdBNzY3MjIxN0JENkNDQUNBQzVBODg0NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+I5eIksAWgzG/Sr+bkvNErF9k
FY0lHDV6uieG0MgncuGgxO68BxwpWnJAoKquVOu/hOhOE0+1MkZFC+Ddbar+bl1r
aovzhCroMtV0+xHw2Ld/qOwknxJKO8rlZ7lQFmKoF7hGEeRQc0FbNBi8JDF/wk++
edwnVb8axhQ0sy+jzYc4KcbQJpROlvqi4pnqUAj0a3f6xM3YZv7ueUaw3bbSk7Rt
upTT9zZfKg43ThnVS3tBBZaJZeJGkHLYxn4YED4t/CkcsxX0ZHCM5sm2Y+wgjw5P
ixB0ZnbaCMIew8Ql2ViyDlSKhZbn4iYLAgu+bpy5Ql0Lqi5KBeCIMpXfzcYZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUdxgh0QABdsenZyIXvWzKysWohGwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFSsD
BAJSGmAwDQYJKoZIhvcNAQELBQADggEBAD4u3TEHqJd9gcw58JAOuKb81bVuaaxa
3JR0x/Y3IL+i+VmVt5aqPtGYCQh0GxnQEbOMi1oh6q6YhJ4K70nu3zNnudb0ZnJ3
0+CpVu1Jx9/4lZ2uTefy2x9FGRE5jLetjmeX44phWOOH7BRjHdOsYCHDG5c+89cB
BjFFWy9pOt/4Oj9umXrLb1/rHcwQoGLXAmy3+RADPHISCiwVBlLq5GoMSKsIdz5f
Rcyl/Zgk06DbLXW4Stg5j3EoqS3pJ8hHMG9Npkgzf+SNMCLMqCBHE1w3U/2lp919
l1jUGUNmEW6i7JL2PbCg292yMDZOtCO7J7FvzZj7wAH7Dnt4KW79US8=
-----END CERTIFICATE-----