Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa
File:                     AS207344.roa (raw, json)
Hash identifier:          BxM25JCZdELSmyeYhNXzZOeReEkbjT3w+h2i+2Bd6cs=
Subject key identifier:   6F:8F:01:9B:83:F3:E9:75:6B:F3:86:46:38:01:F7:BB:13:77:7D:93
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       46D79BB22FCB222A793D3E1276DFBAE2F7E6217C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa
Signing time:             Wed 11 Jun 2025 14:58:54 +0000
ROA not before:           Wed 11 Jun 2025 14:53:54 +0000
ROA not after:            Wed 10 Jun 2026 14:58:54 +0000
asID:                     207344
IP address blocks:        82.21.7.0/24 maxlen: 24
                          2a13:9500:8f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 13:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:d7:9b:b2:2f:cb:22:2a:79:3d:3e:12:76:df:ba:e2:f7:e6:21:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 11 14:53:54 2025 GMT
            Not After : Jun 10 14:58:54 2026 GMT
        Subject: CN=6F8F019B83F3E9756BF386463801F7BB13777D93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:56:cb:66:24:aa:6a:d2:68:a2:0b:00:27:9d:
                    8a:f1:59:bf:77:a2:33:95:ae:b7:9a:6b:92:0d:68:
                    76:0c:37:3b:83:26:d1:51:b8:ff:aa:c5:aa:d6:d7:
                    63:cd:eb:75:db:95:a0:27:88:5f:62:5c:c3:3f:2f:
                    41:4f:fd:8d:eb:71:8d:8e:c1:89:be:02:3a:77:6e:
                    ec:e4:72:e0:08:48:3f:31:d7:56:ef:5e:e1:7d:db:
                    7f:ac:75:3e:ac:79:03:88:f1:44:89:40:2d:04:50:
                    56:0c:7e:3d:9b:9b:25:43:2f:4c:39:11:49:1b:6f:
                    3c:d7:c9:47:de:b3:f7:0f:75:5e:b8:6c:42:4e:ef:
                    b8:a5:0f:66:92:5b:f5:6d:07:6e:8d:05:00:57:e9:
                    33:fc:5d:3c:58:5b:a9:2d:b8:b1:1b:a4:6b:67:03:
                    a7:71:2d:78:ba:68:df:80:93:25:76:18:6a:f3:09:
                    17:b5:99:66:10:f9:ed:ea:fa:91:c1:3a:e7:9e:67:
                    63:97:50:4d:ee:15:21:9c:74:2f:da:5f:04:07:6a:
                    1d:7a:70:46:a6:b3:31:25:b4:f2:d8:5c:a9:7d:ff:
                    1d:30:06:37:70:76:5b:72:c2:01:fe:50:b8:6d:ee:
                    78:01:c4:65:4c:ac:16:71:0a:bf:76:0f:3f:08:a3:
                    85:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:8F:01:9B:83:F3:E9:75:6B:F3:86:46:38:01:F7:BB:13:77:7D:93
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.7.0/24
                IPv6:
                  2a13:9500:8f::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:16:41:4a:ba:36:fe:4e:ef:10:2a:24:40:10:1d:6a:d4:96:
         8f:29:0d:6c:70:11:63:e9:d4:2c:9f:e8:35:c0:61:a4:13:73:
         90:13:51:49:bf:fd:bb:80:9b:b8:9d:4a:75:6b:f5:0f:b9:d3:
         ce:b8:6e:ff:8c:35:e7:c2:93:d1:e2:80:db:70:0f:59:2c:a5:
         c8:0f:c5:5d:cb:09:98:99:22:57:fe:03:b7:70:c0:49:0f:6c:
         25:01:2c:37:40:35:8f:2a:8c:8a:3f:60:ef:98:68:a4:8f:f3:
         c7:12:7e:d9:ee:19:dd:2e:ea:25:99:6d:ae:d6:63:d6:80:93:
         17:a4:d4:52:85:1e:0f:b5:b0:1e:a7:26:ff:23:47:1e:1b:af:
         1a:67:70:27:6a:37:81:20:c5:4f:53:c1:3b:bb:ad:7b:0a:fe:
         60:c4:7d:01:6b:34:ee:67:a8:f4:24:48:93:ab:5a:27:58:0a:
         53:94:f0:5c:cd:92:22:e2:dc:51:67:22:1e:9b:6e:00:43:5c:
         83:0f:e3:3e:d0:7d:4b:08:a3:66:53:5c:33:b2:c7:94:2d:77:
         50:46:3b:26:64:9d:16:c0:70:df:08:4a:e5:5d:18:40:46:5d:
         58:25:1d:ab:a1:a8:88:d8:d2:3d:0c:36:53:87:7c:f8:79:3c:
         e5:47:00:9a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIURtebsi/LIip5PT4Sdt+64vfmIXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTExNDUzNTRaFw0yNjA2MTAxNDU4NTRaMDMxMTAvBgNV
BAMTKDZGOEYwMTlCODNGM0U5NzU2QkYzODY0NjM4MDFGN0JCMTM3NzdEOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBVstmJKpq0miiCwAnnYrxWb93
ojOVrreaa5INaHYMNzuDJtFRuP+qxarW12PN63XblaAniF9iXMM/L0FP/Y3rcY2O
wYm+Ajp3buzkcuAISD8x11bvXuF923+sdT6seQOI8USJQC0EUFYMfj2bmyVDL0w5
EUkbbzzXyUfes/cPdV64bEJO77ilD2aSW/VtB26NBQBX6TP8XTxYW6ktuLEbpGtn
A6dxLXi6aN+AkyV2GGrzCRe1mWYQ+e3q+pHBOueeZ2OXUE3uFSGcdC/aXwQHah16
cEamszEltPLYXKl9/x0wBjdwdltywgH+ULht7ngBxGVMrBZxCr92Dz8Io4WvAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUb48Bm4Pz6XVr84ZGOAH3uxN3fZMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3MzQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhUH
MA8EAgACMAkDBwAqE5UAAI8wDQYJKoZIhvcNAQELBQADggEBADoWQUq6Nv5O7xAq
JEAQHWrUlo8pDWxwEWPp1Cyf6DXAYaQTc5ATUUm//buAm7idSnVr9Q+50864bv+M
NefCk9HigNtwD1kspcgPxV3LCZiZIlf+A7dwwEkPbCUBLDdANY8qjIo/YO+YaKSP
88cSftnuGd0u6iWZba7WY9aAkxek1FKFHg+1sB6nJv8jRx4brxpncCdqN4EgxU9T
wTu7rXsK/mDEfQFrNO5nqPQkSJOrWidYClOU8FzNkiLi3FFnIh6bbgBDXIMP4z7Q
fUsIo2ZTXDOyx5Qtd1BGOyZknRbAcN8ISuVdGEBGXVglHauhqIjY0j0MNlOHfPh5
POVHAJo=
-----END CERTIFICATE-----