Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207158.roa
File:                     AS207158.roa (raw, json)
Hash identifier:          LIR7IcDiMKYuL4JudnBnZn05B62cA1CfvgkmUHGno+c=
Subject key identifier:   72:0E:90:57:98:D0:1C:42:0B:C7:17:EB:38:57:B9:7C:E7:85:01:70
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       151A7B8DDF79A3A5607F888C709951867F480B1B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207158.roa
Signing time:             Fri 24 Apr 2026 04:19:02 +0000
ROA not before:           Fri 24 Apr 2026 04:14:02 +0000
ROA not after:            Fri 23 Apr 2027 04:19:02 +0000
asID:                     207158
IP address blocks:        178.83.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:1a:7b:8d:df:79:a3:a5:60:7f:88:8c:70:99:51:86:7f:48:0b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 24 04:14:02 2026 GMT
            Not After : Apr 23 04:19:02 2027 GMT
        Subject: CN=720E905798D01C420BC717EB3857B97CE7850170
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:20:5d:37:89:51:59:ec:2b:0c:b2:e5:bf:03:
                    59:6b:7d:75:ed:14:97:d2:cd:3c:58:8d:d6:02:e1:
                    2f:15:e1:6b:46:7b:0a:d0:31:91:8b:a1:11:ff:c2:
                    6f:e5:fb:1d:01:2d:b9:96:b0:83:a5:23:2e:fb:f0:
                    47:ff:25:4d:fb:80:de:74:52:6c:ad:34:26:a6:96:
                    70:9a:5e:e7:cb:d0:c2:95:4e:26:a5:b2:c3:36:d4:
                    23:bc:c2:d7:c1:9d:2a:da:f1:a7:80:4f:d3:c8:27:
                    40:95:07:71:99:ba:5f:5a:b4:f9:94:28:80:9d:ca:
                    d0:b3:d2:2e:d4:f7:7a:9d:92:94:06:1b:35:53:9a:
                    1d:72:d9:9e:c1:96:30:d6:56:7a:08:3f:9c:67:b3:
                    dd:1d:79:79:ab:d7:51:ae:99:28:1c:98:3a:20:4c:
                    f7:7b:fd:6a:3f:eb:34:b6:cf:b0:a4:df:62:5d:48:
                    fb:b8:1e:eb:e3:ac:2f:2a:59:65:9f:5b:d3:0a:32:
                    9c:f0:53:96:71:14:99:be:a7:1f:76:f8:d6:58:29:
                    bd:30:4a:76:a2:63:85:d4:db:ff:ce:92:dd:1f:d0:
                    20:b9:eb:23:ea:d0:cd:95:e9:6c:d1:03:b9:5a:1c:
                    c1:bc:f5:c5:b7:74:4a:b2:bc:b8:e1:4d:6b:86:9f:
                    ed:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0E:90:57:98:D0:1C:42:0B:C7:17:EB:38:57:B9:7C:E7:85:01:70
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:80:3e:50:18:c7:37:e4:52:ab:fe:56:9a:fa:e1:66:5a:ed:
         b0:01:57:f0:78:62:1f:08:f6:c9:55:dc:17:f9:f0:d9:13:ca:
         a9:8a:95:37:d3:82:3c:a2:e6:64:04:ba:2c:ce:8d:e3:37:92:
         a3:2f:da:24:96:39:92:40:9d:7f:98:a4:c7:4f:18:bc:cf:38:
         4c:d5:98:89:b6:24:e7:4f:39:8c:6b:8c:b1:de:6c:70:fe:88:
         40:20:c3:9c:a5:69:26:57:01:81:50:ff:a4:dc:03:0a:3b:11:
         f4:a6:1b:9c:dd:fa:af:91:31:aa:2b:6a:ff:a4:d3:4c:b2:45:
         ca:25:86:09:c4:e1:5a:18:73:96:b0:ac:bd:99:98:f5:ad:65:
         73:4f:c3:9a:a7:74:11:78:f5:ff:e7:4b:bb:d6:57:59:86:21:
         75:bb:7a:20:4a:b6:1d:25:26:99:9a:61:9d:2c:a8:2e:fc:dc:
         45:95:f3:fc:4a:cd:a2:3a:bf:ff:bb:1c:ff:a9:65:29:b0:45:
         92:fc:76:d7:51:fe:50:59:59:c5:34:de:c7:a1:f5:dd:1a:74:
         1e:be:48:fb:6e:be:e5:34:e9:e4:d6:1f:28:13:80:31:86:a5:
         09:73:94:37:7e:9a:f7:1c:a0:18:c1:de:aa:ae:24:a0:52:70:
         05:2c:dd:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFRp7jd95o6Vgf4iMcJlRhn9ICxswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjQwNDE0MDJaFw0yNzA0MjMwNDE5MDJaMDMxMTAvBgNV
BAMTKDcyMEU5MDU3OThEMDFDNDIwQkM3MTdFQjM4NTdCOTdDRTc4NTAxNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4IF03iVFZ7CsMsuW/A1lrfXXt
FJfSzTxYjdYC4S8V4WtGewrQMZGLoRH/wm/l+x0BLbmWsIOlIy778Ef/JU37gN50
UmytNCamlnCaXufL0MKVTialssM21CO8wtfBnSra8aeAT9PIJ0CVB3GZul9atPmU
KICdytCz0i7U93qdkpQGGzVTmh1y2Z7BljDWVnoIP5xns90deXmr11GumSgcmDog
TPd7/Wo/6zS2z7Ck32JdSPu4HuvjrC8qWWWfW9MKMpzwU5ZxFJm+px92+NZYKb0w
SnaiY4XU2//Okt0f0CC56yPq0M2V6WzRA7laHMG89cW3dEqyvLjhTWuGn+1VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcg6QV5jQHEILxxfrOFe5fOeFAXAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3MTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslMd
MA0GCSqGSIb3DQEBCwUAA4IBAQBtgD5QGMc35FKr/laa+uFmWu2wAVfweGIfCPbJ
VdwX+fDZE8qpipU304I8ouZkBLoszo3jN5KjL9okljmSQJ1/mKTHTxi8zzhM1ZiJ
tiTnTzmMa4yx3mxw/ohAIMOcpWkmVwGBUP+k3AMKOxH0phuc3fqvkTGqK2r/pNNM
skXKJYYJxOFaGHOWsKy9mZj1rWVzT8Oap3QRePX/50u71ldZhiF1u3ogSrYdJSaZ
mmGdLKgu/NxFlfP8Ss2iOr//uxz/qWUpsEWS/HbXUf5QWVnFNN7HofXdGnQevkj7
br7lNOnk1h8oE4AxhqUJc5Q3fpr3HKAYwd6qriSgUnAFLN1/
-----END CERTIFICATE-----