Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204942.roa
File:                     AS204942.roa (raw, json)
Hash identifier:          2oRM5IcvJY8Y4vugJl/SBUzJCewa/8eOLa2lDRT3BaE=
Subject key identifier:   99:2B:C9:AA:7B:19:45:FA:F0:4F:FE:1A:97:77:3A:72:60:EC:68:9F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4EFE18A0002E68759F4ED73FE19F6302EC1A4452
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204942.roa
Signing time:             Sat 28 Mar 2026 16:15:41 +0000
ROA not before:           Sat 28 Mar 2026 16:10:41 +0000
ROA not after:            Sat 27 Mar 2027 16:15:41 +0000
asID:                     204942
IP address blocks:        84.75.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 00:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:fe:18:a0:00:2e:68:75:9f:4e:d7:3f:e1:9f:63:02:ec:1a:44:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 28 16:10:41 2026 GMT
            Not After : Mar 27 16:15:41 2027 GMT
        Subject: CN=992BC9AA7B1945FAF04FFE1A97773A7260EC689F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:4f:d1:fd:12:a8:e8:1e:8c:3d:de:62:00:c4:
                    9b:f7:af:d8:7b:85:62:1c:1e:1b:8a:07:3b:6c:af:
                    28:23:d1:ca:b7:b6:14:85:c2:eb:5c:61:9b:9c:04:
                    2c:a3:3d:78:62:a4:4e:b5:1b:29:1a:6f:9a:2c:80:
                    3f:cc:73:8f:3b:7c:ed:c4:e4:f9:af:42:0e:76:00:
                    bb:66:de:c8:94:45:62:8a:09:69:3b:94:75:72:d9:
                    74:b5:f5:c9:9a:7b:31:b9:68:65:65:4c:99:fc:47:
                    ad:74:71:5c:1d:3f:d9:90:03:81:f5:a5:92:44:a0:
                    0b:b2:3e:39:d4:79:fe:44:67:48:58:26:1b:c0:97:
                    3a:09:9f:f3:48:03:20:47:5a:74:a6:41:39:6b:54:
                    2c:99:4b:b2:b3:e0:4f:81:19:11:6d:09:74:64:dc:
                    2f:0f:4f:2a:d0:43:ba:2a:13:e7:73:7a:ab:5c:19:
                    4a:a6:7e:15:6f:85:e3:22:7a:db:73:ea:c2:43:92:
                    22:c7:7d:6d:74:39:6b:08:26:de:e5:77:f7:85:a5:
                    03:98:78:55:9b:18:d6:bf:81:30:a0:42:e3:f9:14:
                    72:e2:5b:ba:57:61:c7:5f:2c:7e:bf:bf:56:2c:7f:
                    09:ee:07:47:2b:eb:92:ed:ae:38:7e:89:5b:42:ca:
                    82:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:2B:C9:AA:7B:19:45:FA:F0:4F:FE:1A:97:77:3A:72:60:EC:68:9F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:8d:a9:a1:e7:d6:ed:69:b7:cc:98:ce:92:99:c2:0e:2c:e5:
         56:37:fe:a8:b7:b7:47:86:8f:ee:bd:19:d6:31:f6:d6:fc:83:
         d9:38:b9:8e:ea:58:d6:eb:0f:b8:d0:44:1d:43:91:6e:cd:be:
         09:e4:57:4b:4b:61:bd:73:5a:3f:70:5c:bd:25:6f:9d:19:f4:
         d2:14:47:6d:87:a8:6e:bd:63:09:23:7f:64:f6:0d:57:d8:2d:
         ca:b4:c8:a9:61:c4:fe:4d:c6:cb:8a:37:90:e9:16:d1:2d:15:
         3f:12:dc:19:03:eb:54:9e:7b:72:35:7b:db:32:7b:aa:cb:0c:
         f7:d6:50:a9:be:65:6e:18:b9:e6:55:25:a3:47:69:72:6b:91:
         52:4d:ba:2b:b9:1a:50:16:22:a0:e1:08:9e:f8:4b:c1:92:92:
         64:a2:4b:1f:f5:99:ad:d2:18:b2:99:da:6e:1b:db:bc:3f:53:
         5d:f7:40:df:59:5c:ed:e6:ab:01:32:3d:a6:ae:58:af:08:61:
         f4:20:e9:ec:04:d1:f4:65:8d:eb:0c:cf:3c:3c:0e:92:b8:e9:
         96:5a:9b:eb:d7:a8:b6:ca:d4:d5:89:92:7c:8b:41:a6:eb:ee:
         b2:e8:43:66:09:ee:1b:57:99:39:e2:ba:75:eb:1b:b6:f3:64:
         d4:98:5f:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTv4YoAAuaHWfTtc/4Z9jAuwaRFIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjgxNjEwNDFaFw0yNzAzMjcxNjE1NDFaMDMxMTAvBgNV
BAMTKDk5MkJDOUFBN0IxOTQ1RkFGMDRGRkUxQTk3NzczQTcyNjBFQzY4OUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoT9H9EqjoHow93mIAxJv3r9h7
hWIcHhuKBztsrygj0cq3thSFwutcYZucBCyjPXhipE61Gykab5osgD/Mc487fO3E
5PmvQg52ALtm3siURWKKCWk7lHVy2XS19cmaezG5aGVlTJn8R610cVwdP9mQA4H1
pZJEoAuyPjnUef5EZ0hYJhvAlzoJn/NIAyBHWnSmQTlrVCyZS7Kz4E+BGRFtCXRk
3C8PTyrQQ7oqE+dzeqtcGUqmfhVvheMiettz6sJDkiLHfW10OWsIJt7ld/eFpQOY
eFWbGNa/gTCgQuP5FHLiW7pXYcdfLH6/v1YsfwnuB0cr65Ltrjh+iVtCyoK3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmSvJqnsZRfrwT/4al3c6cmDsaJ8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0OTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVEtO
MA0GCSqGSIb3DQEBCwUAA4IBAQCDjamh59btabfMmM6SmcIOLOVWN/6ot7dHho/u
vRnWMfbW/IPZOLmO6ljW6w+40EQdQ5Fuzb4J5FdLS2G9c1o/cFy9JW+dGfTSFEdt
h6huvWMJI39k9g1X2C3KtMipYcT+TcbLijeQ6RbRLRU/EtwZA+tUnntyNXvbMnuq
ywz31lCpvmVuGLnmVSWjR2lya5FSTboruRpQFiKg4Qie+EvBkpJkoksf9Zmt0hiy
mdpuG9u8P1Nd90DfWVzt5qsBMj2mrlivCGH0IOnsBNH0ZY3rDM88PA6SuOmWWpvr
16i2ytTViZJ8i0Gm6+6y6ENmCe4bV5k54rp16xu282TUmF8c
-----END CERTIFICATE-----