Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204765.roa
File:                     AS204765.roa (raw, json)
Hash identifier:          qhwnS7j+/UZXpUgLyazFtWLgRnOBSis1iD8p9QK+B6E=
Subject key identifier:   7C:93:94:28:78:A4:D6:F8:6E:C8:AA:D4:8A:30:E1:AD:04:89:AA:7A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       612A111BF398B897355ACC7513F906DD2A259A62
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204765.roa
Signing time:             Fri 29 May 2026 12:52:32 +0000
ROA not before:           Fri 29 May 2026 12:47:32 +0000
ROA not after:            Fri 28 May 2027 12:52:32 +0000
asID:                     204765
IP address blocks:        82.27.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:2a:11:1b:f3:98:b8:97:35:5a:cc:75:13:f9:06:dd:2a:25:9a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 29 12:47:32 2026 GMT
            Not After : May 28 12:52:32 2027 GMT
        Subject: CN=7C93942878A4D6F86EC8AAD48A30E1AD0489AA7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:37:c2:a9:09:35:96:5f:f2:ac:ed:d0:03:b0:
                    b0:dd:06:0f:e3:64:48:df:75:da:0d:46:a3:59:89:
                    67:b2:92:39:d3:b1:99:73:37:d6:03:04:e8:62:07:
                    a0:55:9e:3a:ea:d3:ff:e5:61:d8:5a:08:74:09:85:
                    5a:6b:51:00:69:bb:dc:f1:d9:24:7c:8a:ef:8f:27:
                    52:7c:83:89:22:b7:a8:ba:ca:0b:cf:72:cc:34:3e:
                    62:d8:2a:b8:b4:5b:49:b3:5a:ca:9f:ef:00:66:6d:
                    80:86:98:d2:30:33:f7:6b:a7:fd:e5:6d:96:87:cd:
                    6e:a6:dc:6e:a8:c8:ec:f1:ab:88:d8:d6:39:55:0b:
                    66:18:a5:f1:54:85:7b:35:e9:6a:c1:bb:e5:4d:c3:
                    92:ed:9f:e1:ff:3d:60:3b:d9:3c:f0:1a:1a:cf:3e:
                    b3:09:c2:c3:e5:d3:00:45:87:b7:0c:45:ec:da:97:
                    7f:7b:0f:d6:d0:1f:72:f1:cf:ea:21:23:18:60:b0:
                    7d:4d:16:a6:22:47:c1:63:73:6f:19:c2:1c:54:46:
                    76:65:f5:c8:79:fc:2d:80:5f:51:87:db:7d:7d:72:
                    80:06:a3:e8:6d:3b:4b:5f:5f:74:b8:b2:e3:c8:0e:
                    99:4b:7f:fa:c1:b8:3b:95:ca:b2:ff:e4:96:0b:6a:
                    da:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:93:94:28:78:A4:D6:F8:6E:C8:AA:D4:8A:30:E1:AD:04:89:AA:7A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204765.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:2b:a6:24:e3:dd:e1:ca:b4:b4:b9:23:ad:95:c8:bc:3c:ed:
         b7:5b:6c:b8:77:fc:8a:c9:d8:b9:39:e6:49:2f:35:3e:a2:f8:
         a2:35:16:c7:51:a4:35:2e:0c:fa:4e:7b:ef:fb:51:70:6f:e0:
         43:59:66:ca:51:7f:84:85:d7:4d:e0:09:15:2a:2b:14:9e:1b:
         6b:dc:d4:11:31:b3:09:8c:fc:63:dd:65:c6:70:d9:3f:88:78:
         a5:3d:cf:6b:c5:c1:da:47:6a:8f:6f:fc:78:73:e0:5f:b6:88:
         89:1f:3b:c3:58:12:ae:94:b6:6d:50:86:40:98:38:85:78:d2:
         a1:8b:6e:14:08:86:da:94:ca:97:6b:1c:75:89:8c:19:d9:9c:
         21:f3:85:0c:13:63:6f:ff:db:05:02:a1:c4:16:72:74:bf:29:
         d0:8d:2b:8b:2e:6f:a7:45:20:a4:83:03:f1:ae:c9:bb:04:64:
         1e:56:ed:69:ef:5c:0a:4f:14:3f:dd:80:58:fd:c0:98:39:ca:
         0f:62:24:5d:9c:c1:d9:07:98:94:c6:43:ce:67:51:7a:1b:32:
         fb:d7:80:cf:3d:32:e0:00:75:25:91:38:95:65:e4:b5:09:83:
         66:56:63:6f:da:cf:1c:df:f5:12:6d:2c:d0:51:f9:f1:63:62:
         0b:ed:d6:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYSoRG/OYuJc1Wsx1E/kG3SolmmIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjkxMjQ3MzJaFw0yNzA1MjgxMjUyMzJaMDMxMTAvBgNV
BAMTKDdDOTM5NDI4NzhBNEQ2Rjg2RUM4QUFENDhBMzBFMUFEMDQ4OUFBN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyN8KpCTWWX/Ks7dADsLDdBg/j
ZEjfddoNRqNZiWeykjnTsZlzN9YDBOhiB6BVnjrq0//lYdhaCHQJhVprUQBpu9zx
2SR8iu+PJ1J8g4kit6i6ygvPcsw0PmLYKri0W0mzWsqf7wBmbYCGmNIwM/drp/3l
bZaHzW6m3G6oyOzxq4jY1jlVC2YYpfFUhXs16WrBu+VNw5Ltn+H/PWA72TzwGhrP
PrMJwsPl0wBFh7cMRezal397D9bQH3Lxz+ohIxhgsH1NFqYiR8Fjc28ZwhxURnZl
9ch5/C2AX1GH2319coAGo+htO0tfX3S4suPIDplLf/rBuDuVyrL/5JYLatrLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfJOUKHik1vhuyKrUijDhrQSJqnowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0NzY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhtf
MA0GCSqGSIb3DQEBCwUAA4IBAQArK6Yk493hyrS0uSOtlci8PO23W2y4d/yKydi5
OeZJLzU+oviiNRbHUaQ1Lgz6Tnvv+1Fwb+BDWWbKUX+EhddN4AkVKisUnhtr3NQR
MbMJjPxj3WXGcNk/iHilPc9rxcHaR2qPb/x4c+BftoiJHzvDWBKulLZtUIZAmDiF
eNKhi24UCIbalMqXaxx1iYwZ2Zwh84UME2Nv/9sFAqHEFnJ0vynQjSuLLm+nRSCk
gwPxrsm7BGQeVu1p71wKTxQ/3YBY/cCYOcoPYiRdnMHZB5iUxkPOZ1F6GzL714DP
PTLgAHUlkTiVZeS1CYNmVmNv2s8c3/USbSzQUfnxY2IL7dYg
-----END CERTIFICATE-----