Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203462.roa
File:                     AS203462.roa (raw, json)
Hash identifier:          8Emb4K3Q04VComBiZHJ21xES8RWR9t4PIaxmORCEE7Q=
Subject key identifier:   F6:DB:98:6D:2D:0E:2B:53:73:4B:88:70:5C:A0:A0:8D:21:F0:38:67
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4AF3CEB656A809050EB68503D1AEC25EABD43DC3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203462.roa
Signing time:             Wed 08 Oct 2025 10:05:01 +0000
ROA not before:           Wed 08 Oct 2025 10:00:01 +0000
ROA not after:            Wed 07 Oct 2026 10:05:01 +0000
asID:                     203462
IP address blocks:        82.22.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:f3:ce:b6:56:a8:09:05:0e:b6:85:03:d1:ae:c2:5e:ab:d4:3d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct  8 10:00:01 2025 GMT
            Not After : Oct  7 10:05:01 2026 GMT
        Subject: CN=F6DB986D2D0E2B53734B88705CA0A08D21F03867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:49:e0:05:e4:c0:61:17:25:b0:ab:fc:4f:b5:
                    30:c6:52:b1:f6:38:92:f7:12:31:81:f4:d6:8a:e7:
                    fe:46:9d:c9:31:df:22:a4:7c:a0:06:28:9b:a2:a1:
                    69:55:64:0d:6b:5c:a1:49:e9:bd:f3:2c:7e:de:94:
                    9a:0d:c6:7e:18:9b:35:66:24:75:d3:a4:a9:89:93:
                    35:79:9f:af:7d:c9:e7:1d:c6:dc:54:c2:c8:9e:3e:
                    b1:7a:d2:f8:e3:e0:69:ac:3e:aa:03:36:a0:d3:38:
                    9d:c2:12:6e:71:c9:a0:49:cf:30:e8:d6:64:46:42:
                    8b:08:b2:a0:5a:fb:2c:da:bf:d7:7f:01:f3:db:83:
                    8d:ce:79:ce:19:c9:ad:21:2f:10:62:cd:c6:16:ee:
                    06:84:d6:14:90:b0:06:ca:e2:00:d3:cb:40:bd:f6:
                    75:9e:cc:0c:1a:18:98:48:37:d0:12:cf:bf:e2:35:
                    7a:b4:7c:c7:ce:a6:01:96:0a:d5:f3:5b:e3:9f:fe:
                    7a:37:10:c1:f9:f1:98:36:35:24:a1:57:b9:d4:78:
                    1b:1b:50:31:67:a7:4a:71:17:5b:6b:93:3b:26:ea:
                    3f:d9:5b:f4:3c:1a:e6:85:b1:90:36:fe:44:d3:36:
                    89:88:d4:4b:0b:3f:91:81:e1:55:d6:32:74:5e:de:
                    59:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:DB:98:6D:2D:0E:2B:53:73:4B:88:70:5C:A0:A0:8D:21:F0:38:67
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203462.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:67:19:61:3d:33:c9:37:3f:7a:3c:31:d4:5b:26:3e:f8:3b:
         b6:46:f7:12:ce:6d:f5:b1:0c:9f:f0:40:5b:cc:27:68:d8:c7:
         e8:46:c2:ad:ab:6f:ec:db:5a:fa:7d:51:cd:68:8b:2c:9a:8a:
         c9:8a:0c:97:a1:bf:52:3b:46:a4:38:18:e0:c5:da:25:26:17:
         85:f8:71:32:ee:22:52:06:6d:6a:16:2d:18:d6:80:03:c0:d5:
         80:ed:c1:43:e1:61:61:99:55:33:ed:42:37:b7:da:00:57:0a:
         6e:78:d6:f6:67:96:ce:c0:ab:9d:9f:8e:d9:2f:61:9f:18:c0:
         f2:67:b3:b4:b8:57:2e:81:d0:e9:5c:11:33:85:a0:78:2e:c4:
         7a:7f:db:b1:88:21:4d:35:2f:b3:86:04:70:da:1a:8f:59:95:
         e5:4b:f7:b2:5f:f3:7e:3f:0f:2b:1f:f4:37:2e:c6:78:68:02:
         11:bc:13:fb:fe:82:33:63:76:64:a5:5b:4a:20:0a:02:80:25:
         c4:aa:f7:77:4d:a9:c1:1d:b9:fc:92:07:1e:53:30:ff:e2:c3:
         4e:38:d5:85:be:60:73:b1:3e:82:28:5b:39:83:e3:22:c9:8d:
         f6:33:03:75:26:7a:85:51:15:48:79:80:24:60:a7:03:33:7a:
         68:69:35:ca
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSvPOtlaoCQUOtoUD0a7CXqvUPcMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMDgxMDAwMDFaFw0yNjEwMDcxMDA1MDFaMDMxMTAvBgNV
BAMTKEY2REI5ODZEMkQwRTJCNTM3MzRCODg3MDVDQTBBMDhEMjFGMDM4NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQSeAF5MBhFyWwq/xPtTDGUrH2
OJL3EjGB9NaK5/5Gnckx3yKkfKAGKJuioWlVZA1rXKFJ6b3zLH7elJoNxn4YmzVm
JHXTpKmJkzV5n699yecdxtxUwsiePrF60vjj4GmsPqoDNqDTOJ3CEm5xyaBJzzDo
1mRGQosIsqBa+yzav9d/AfPbg43Oec4Zya0hLxBizcYW7gaE1hSQsAbK4gDTy0C9
9nWezAwaGJhIN9ASz7/iNXq0fMfOpgGWCtXzW+Of/no3EMH58Zg2NSShV7nUeBsb
UDFnp0pxF1trkzsm6j/ZW/Q8GuaFsZA2/kTTNomI1EsLP5GB4VXWMnRe3lmrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9tuYbS0OK1NzS4hwXKCgjSHwOGcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzNDYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUhYA
MA0GCSqGSIb3DQEBCwUAA4IBAQBrZxlhPTPJNz96PDHUWyY++Du2RvcSzm31sQyf
8EBbzCdo2MfoRsKtq2/s21r6fVHNaIssmorJigyXob9SO0akOBjgxdolJheF+HEy
7iJSBm1qFi0Y1oADwNWA7cFD4WFhmVUz7UI3t9oAVwpueNb2Z5bOwKudn47ZL2Gf
GMDyZ7O0uFcugdDpXBEzhaB4LsR6f9uxiCFNNS+zhgRw2hqPWZXlS/eyX/N+Pw8r
H/Q3LsZ4aAIRvBP7/oIzY3ZkpVtKIAoCgCXEqvd3TanBHbn8kgceUzD/4sNOONWF
vmBzsT6CKFs5g+MiyY32MwN1JnqFURVIeYAkYKcDM3poaTXK
-----END CERTIFICATE-----