Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          bENNdqSV5bW4pa5JPUn7pQYmQXaNsLg/oDLwhNMXpuU=
Subject key identifier:   F4:DA:64:AB:F5:0B:FD:51:7A:D4:34:40:50:C0:10:83:12:CD:2D:4C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       55AE58C6BA74C420765FB85BE7FA032CDD459160
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa
Signing time:             Sat 22 Mar 2025 06:45:25 +0000
ROA not before:           Sat 22 Mar 2025 06:40:25 +0000
ROA not after:            Sat 21 Mar 2026 06:45:25 +0000
asID:                     20473
IP address blocks:        82.26.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:ae:58:c6:ba:74:c4:20:76:5f:b8:5b:e7:fa:03:2c:dd:45:91:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 22 06:40:25 2025 GMT
            Not After : Mar 21 06:45:25 2026 GMT
        Subject: CN=F4DA64ABF50BFD517AD4344050C0108312CD2D4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d6:8a:f1:5f:2b:74:8e:c3:99:3b:56:a0:ee:
                    48:d4:5f:82:a1:0c:9e:19:a2:e1:ab:5c:2c:fe:92:
                    d5:df:dd:8a:b0:ad:0a:ab:f5:25:d2:00:eb:ac:9f:
                    29:28:43:d6:45:77:76:18:4f:e7:a1:d0:4c:05:b4:
                    28:19:a0:58:b3:32:82:87:1e:86:e0:00:7d:d2:d3:
                    7d:98:e1:4b:e7:d6:a3:22:bb:78:95:09:4e:6a:58:
                    84:29:84:03:52:65:11:70:00:4c:80:23:48:3c:c0:
                    3f:c2:0d:95:82:4c:ee:a3:17:ab:97:61:a3:1e:27:
                    db:bf:a7:7c:24:94:b3:7f:2b:11:d3:58:69:e4:22:
                    01:da:a8:76:db:7b:92:4d:2d:35:b4:d3:c7:d0:40:
                    22:2b:0a:bb:f0:95:c3:77:87:e1:8a:6c:49:41:6e:
                    f0:9e:f8:50:b2:4e:f2:74:27:a9:a4:0a:45:5b:25:
                    ff:1e:fc:14:1e:64:85:53:d2:29:90:e4:49:e3:c0:
                    03:d8:bf:c5:d9:ea:f2:db:4e:93:20:c8:92:bf:61:
                    e8:ec:e0:dd:04:ce:69:ed:cd:7c:ee:1a:14:88:f2:
                    57:74:9d:69:e9:4f:32:93:f3:59:ff:b1:f8:e6:2b:
                    a4:99:b1:2f:aa:4e:56:56:fc:2a:54:65:f8:fb:69:
                    19:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DA:64:AB:F5:0B:FD:51:7A:D4:34:40:50:C0:10:83:12:CD:2D:4C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:82:85:97:63:05:b2:ea:e9:f3:88:a3:c8:3b:28:b3:ea:fb:
         90:66:be:aa:97:be:4d:6b:a5:75:d0:1b:38:49:fd:3a:88:55:
         6f:a2:c5:20:9c:8b:68:9d:8a:e4:d8:43:fc:03:37:0a:5d:e1:
         38:b9:14:d9:85:9a:a3:6c:b8:34:64:ee:48:ac:21:9c:3d:2b:
         cc:20:48:ee:80:fc:a6:bf:b8:5a:18:63:c3:91:ec:ea:44:ff:
         cb:77:21:cc:39:83:0a:48:df:d6:91:56:13:d2:71:62:a4:93:
         da:e0:8b:9c:52:d2:13:09:04:d9:2e:9c:a5:e5:33:af:c1:9d:
         01:63:23:64:ee:fd:ac:03:95:a3:93:dc:a6:23:18:4c:a0:19:
         62:76:69:64:b5:a0:95:c4:c3:26:d3:1b:d4:18:61:c8:4d:60:
         5b:43:95:60:7e:17:cc:0f:f0:7c:da:73:12:a0:0a:6e:7a:56:
         c0:41:db:03:fe:b1:82:8a:96:47:99:e9:b7:03:4d:e6:6c:94:
         b1:2b:1a:5a:62:07:32:74:f1:12:7d:2c:cc:f4:07:11:15:92:
         ce:41:9d:39:16:07:38:40:8b:2d:5f:bb:89:b9:d0:67:91:7a:
         a4:c7:30:fe:f0:43:87:97:5b:ed:22:1f:61:cf:08:c8:7b:69:
         66:dc:10:a8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVa5Yxrp0xCB2X7hb5/oDLN1FkWAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAzMjIwNjQwMjVaFw0yNjAzMjEwNjQ1MjVaMDMxMTAvBgNV
BAMTKEY0REE2NEFCRjUwQkZENTE3QUQ0MzQ0MDUwQzAxMDgzMTJDRDJENEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW1orxXyt0jsOZO1ag7kjUX4Kh
DJ4ZouGrXCz+ktXf3YqwrQqr9SXSAOusnykoQ9ZFd3YYT+eh0EwFtCgZoFizMoKH
HobgAH3S032Y4Uvn1qMiu3iVCU5qWIQphANSZRFwAEyAI0g8wD/CDZWCTO6jF6uX
YaMeJ9u/p3wklLN/KxHTWGnkIgHaqHbbe5JNLTW008fQQCIrCrvwlcN3h+GKbElB
bvCe+FCyTvJ0J6mkCkVbJf8e/BQeZIVT0imQ5EnjwAPYv8XZ6vLbTpMgyJK/Yejs
4N0EzmntzXzuGhSI8ld0nWnpTzKT81n/sfjmK6SZsS+qTlZW/CpUZfj7aRldAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU9Npkq/UL/VF61DRAUMAQgxLNLUwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGoMw
DQYJKoZIhvcNAQELBQADggEBACOChZdjBbLq6fOIo8g7KLPq+5BmvqqXvk1rpXXQ
GzhJ/TqIVW+ixSCci2idiuTYQ/wDNwpd4Ti5FNmFmqNsuDRk7kisIZw9K8wgSO6A
/Ka/uFoYY8OR7OpE/8t3Icw5gwpI39aRVhPScWKkk9rgi5xS0hMJBNkunKXlM6/B
nQFjI2Tu/awDlaOT3KYjGEygGWJ2aWS1oJXEwybTG9QYYchNYFtDlWB+F8wP8Hza
cxKgCm56VsBB2wP+sYKKlkeZ6bcDTeZslLErGlpiBzJ08RJ9LMz0BxEVks5BnTkW
BzhAiy1fu4m50GeReqTHMP7wQ4eXW+0iH2HPCMh7aWbcEKg=
-----END CERTIFICATE-----