Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207295.roa
File:                     AS207295.roa (raw, json)
Hash identifier:          4NoRSvYvf1yUCcRm/NJ/a408SlxFyQDHwYGqcM8cmnU=
Subject key identifier:   32:6F:F1:AB:4F:47:52:5B:AC:7E:7F:95:63:40:17:F1:D2:53:55:36
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5298DA39AC07CFBBBC921289BA6F254E93566FEA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207295.roa
Signing time:             Fri 22 May 2026 16:38:21 +0000
ROA not before:           Fri 22 May 2026 16:33:21 +0000
ROA not after:            Fri 21 May 2027 16:38:21 +0000
asID:                     207295
IP address blocks:        82.39.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:98:da:39:ac:07:cf:bb:bc:92:12:89:ba:6f:25:4e:93:56:6f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 22 16:33:21 2026 GMT
            Not After : May 21 16:38:21 2027 GMT
        Subject: CN=326FF1AB4F47525BAC7E7F95634017F1D2535536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:61:90:0e:31:f4:8c:65:26:d8:5a:4a:32:99:
                    88:e5:ab:98:5e:d2:8a:59:0b:3c:9f:3f:fd:5c:b8:
                    64:df:0f:66:ad:7d:e2:51:fd:1b:90:9f:43:c4:60:
                    8a:f4:ff:fb:a5:e1:a0:d1:97:e4:24:86:cc:7f:12:
                    57:36:30:ac:d1:9c:b1:c7:25:69:3c:36:24:33:93:
                    86:22:da:a0:d3:ec:5d:d1:3b:2d:be:12:0b:75:aa:
                    e5:50:9d:6e:1a:f8:59:2e:17:de:46:d5:eb:46:d3:
                    6f:d3:ef:74:54:db:80:39:02:4d:ce:56:d1:ae:be:
                    e3:2c:cd:3f:b7:dd:1b:9c:f1:09:7d:d4:83:cd:87:
                    fb:56:eb:de:7d:07:45:b1:d7:50:7e:e4:17:cf:61:
                    f9:2d:6f:76:31:07:51:cc:ac:61:b8:26:95:65:4d:
                    37:1d:a7:f0:bd:0a:1c:cd:f5:42:29:c6:e4:f0:d0:
                    fd:cd:64:06:c5:ca:f8:0a:81:9e:1d:1c:f4:1b:5e:
                    99:f4:78:37:e2:16:ea:dd:14:d2:00:a3:e8:0e:9d:
                    17:3b:0e:45:34:48:41:10:6e:5d:71:fa:40:a6:4b:
                    9f:f7:dd:f2:c6:59:16:c1:dc:a9:95:82:a0:8d:20:
                    98:ca:8e:a9:b4:39:69:a4:2c:cf:ca:95:3d:34:c8:
                    9c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:6F:F1:AB:4F:47:52:5B:AC:7E:7F:95:63:40:17:F1:D2:53:55:36
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207295.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:92:3d:c3:48:f1:85:f3:97:48:23:08:ca:24:94:c0:9d:fd:
         24:bd:90:06:30:6f:35:62:ad:8b:67:75:71:5e:25:3d:f7:6e:
         0d:f6:18:cc:0b:05:cb:df:b0:0f:29:17:bf:48:1d:a9:78:46:
         a6:4a:f4:3f:5f:eb:7f:26:c7:49:c9:37:77:48:7a:b2:d9:18:
         45:c3:b9:4d:a3:e2:65:5f:0a:f0:f9:14:a2:91:85:02:26:8d:
         7f:a2:70:0d:71:e9:05:41:77:60:de:7d:d6:a0:37:5f:c1:6a:
         04:f9:56:95:fb:37:b4:5e:62:fa:db:79:d6:29:36:42:4e:3a:
         2e:1d:00:95:88:8e:51:ad:43:37:a9:a6:9d:28:5e:34:96:70:
         49:b4:65:49:16:45:66:5b:b0:e9:fc:fe:41:1f:0d:f8:5c:18:
         e6:96:6f:03:5e:5d:6b:50:46:08:48:b2:ee:59:bf:70:34:fd:
         ed:7f:c8:5b:85:e2:88:4b:08:93:44:e2:8a:14:8b:c0:f6:41:
         89:ee:8a:f8:d3:29:6f:8d:fa:6e:c5:ba:c3:7c:84:3b:44:75:
         af:ae:7f:bc:6b:4b:18:16:0a:d3:8d:47:be:af:20:1f:4e:65:
         48:fe:a6:44:4a:c6:a3:ca:5f:4b:40:1d:e3:d7:8d:66:64:5a:
         1e:71:6a:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUpjaOawHz7u8khKJum8lTpNWb+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjIxNjMzMjFaFw0yNzA1MjExNjM4MjFaMDMxMTAvBgNV
BAMTKDMyNkZGMUFCNEY0NzUyNUJBQzdFN0Y5NTYzNDAxN0YxRDI1MzU1MzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSYZAOMfSMZSbYWkoymYjlq5he
0opZCzyfP/1cuGTfD2atfeJR/RuQn0PEYIr0//ul4aDRl+Qkhsx/Elc2MKzRnLHH
JWk8NiQzk4Yi2qDT7F3ROy2+Egt1quVQnW4a+FkuF95G1etG02/T73RU24A5Ak3O
VtGuvuMszT+33Ruc8Ql91IPNh/tW6959B0Wx11B+5BfPYfktb3YxB1HMrGG4JpVl
TTcdp/C9ChzN9UIpxuTw0P3NZAbFyvgKgZ4dHPQbXpn0eDfiFurdFNIAo+gOnRc7
DkU0SEEQbl1x+kCmS5/33fLGWRbB3KmVgqCNIJjKjqm0OWmkLM/KlT00yJxPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMm/xq09HUlusfn+VY0AX8dJTVTYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3Mjk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUieb
MA0GCSqGSIb3DQEBCwUAA4IBAQCdkj3DSPGF85dIIwjKJJTAnf0kvZAGMG81Yq2L
Z3VxXiU9924N9hjMCwXL37APKRe/SB2peEamSvQ/X+t/JsdJyTd3SHqy2RhFw7lN
o+JlXwrw+RSikYUCJo1/onANcekFQXdg3n3WoDdfwWoE+VaV+ze0XmL623nWKTZC
TjouHQCViI5RrUM3qaadKF40lnBJtGVJFkVmW7Dp/P5BHw34XBjmlm8DXl1rUEYI
SLLuWb9wNP3tf8hbheKISwiTROKKFIvA9kGJ7or40ylvjfpuxbrDfIQ7RHWvrn+8
a0sYFgrTjUe+ryAfTmVI/qZESsajyl9LQB3j141mZFoecWo9
-----END CERTIFICATE-----