Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa
File:                     AS207344.roa (raw, json)
Hash identifier:          5i1Df7Gn162SehMTiTc8gFUl+u1U7eAyx2YLQCClJbs=
Subject key identifier:   BC:8C:1E:B1:F1:61:D3:A9:53:20:59:A0:13:4F:52:C1:13:F5:14:D2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       44B643D194BF72754EC3444BFCEDBBBA3527FCBB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa
Signing time:             Sun 08 Jun 2025 00:44:37 +0000
ROA not before:           Sun 08 Jun 2025 00:39:37 +0000
ROA not after:            Sun 07 Jun 2026 00:44:37 +0000
asID:                     207344
IP address blocks:        82.21.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 20:45:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:b6:43:d1:94:bf:72:75:4e:c3:44:4b:fc:ed:bb:ba:35:27:fc:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  8 00:39:37 2025 GMT
            Not After : Jun  7 00:44:37 2026 GMT
        Subject: CN=BC8C1EB1F161D3A9532059A0134F52C113F514D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e1:e7:99:ec:97:a0:9f:61:6b:9a:c7:45:71:
                    8f:da:b5:63:30:b0:91:66:f1:92:20:d1:7b:ba:86:
                    3a:d3:4e:ff:a1:90:fb:b3:ae:26:5d:3f:7a:79:13:
                    51:a2:5f:45:47:e1:2d:9b:78:41:7d:90:8b:12:08:
                    67:49:ec:96:15:81:17:65:04:1d:37:fa:98:37:df:
                    2b:e7:fd:65:c5:7a:83:3a:6e:ab:09:d5:e2:7b:a7:
                    80:3a:1e:00:b5:85:79:55:3e:18:21:57:83:08:5f:
                    f0:65:ef:bb:cd:b2:74:74:ca:10:2f:da:fd:32:76:
                    82:e0:52:89:16:b8:d7:4a:e3:ee:43:eb:66:1c:73:
                    7f:bb:e7:8c:18:8a:3b:06:93:5b:0e:72:00:a3:a1:
                    5d:88:d1:f5:e1:c6:6d:92:4c:20:58:00:90:4c:74:
                    ea:9f:f1:4c:ec:16:63:2a:3f:f7:f3:ed:c4:fb:cd:
                    5b:cf:60:1d:d7:ec:4e:c8:e0:af:59:9b:84:e6:0a:
                    b0:a8:89:a5:4e:ef:14:fa:1f:fc:97:11:34:6f:3f:
                    33:eb:58:8f:66:eb:79:f8:e3:0e:b1:c1:d7:cc:3d:
                    13:d0:fd:a2:1b:e6:45:95:9f:10:d2:a5:c7:a5:81:
                    22:55:c2:3d:1f:59:83:52:e3:28:59:6b:71:3f:28:
                    3b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8C:1E:B1:F1:61:D3:A9:53:20:59:A0:13:4F:52:C1:13:F5:14:D2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d1:a0:13:7e:d6:a8:00:2c:01:d2:61:b6:40:7e:52:ed:46:
         aa:f7:43:90:03:93:9d:c7:d1:d8:56:25:eb:c9:29:c9:d5:fc:
         85:d5:1d:6b:5c:ac:fc:0d:7f:63:db:26:52:2a:5a:77:f4:e0:
         f3:04:84:d0:97:6b:1d:b8:7e:c8:8f:8a:e4:cd:d8:f2:1b:c9:
         00:c0:75:a8:40:78:4a:61:a4:eb:d4:1b:93:45:5d:9c:e6:c2:
         5c:c9:77:12:8d:c8:2f:fd:77:9b:75:f4:04:d6:36:76:70:4d:
         5c:6d:3d:0c:40:d8:39:2a:ec:07:e8:a8:5d:0d:d1:57:a7:62:
         11:00:13:ae:87:f9:cf:35:a4:e5:33:7f:ca:82:19:07:28:44:
         38:b3:00:c1:f0:fa:ff:69:fb:d0:e8:91:18:d0:40:e0:45:a0:
         2b:9a:ae:a6:c1:da:8e:90:94:99:2b:00:1f:37:4d:b3:6d:b1:
         f8:69:6a:9f:a2:f7:93:2d:0f:60:da:71:af:2e:c4:ad:50:76:
         a6:f1:b5:98:63:54:68:49:7d:93:de:f9:7c:6b:da:1e:03:c6:
         58:3f:59:85:83:e9:44:47:80:c1:6f:e4:cd:dd:c0:92:28:68:
         06:22:1b:c1:cc:d3:af:8c:7e:33:3c:cb:6c:9b:ab:f4:f3:3f:
         5c:d2:27:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURLZD0ZS/cnVOw0RL/O27ujUn/LswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDgwMDM5MzdaFw0yNjA2MDcwMDQ0MzdaMDMxMTAvBgNV
BAMTKEJDOEMxRUIxRjE2MUQzQTk1MzIwNTlBMDEzNEY1MkMxMTNGNTE0RDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg4eeZ7Jegn2FrmsdFcY/atWMw
sJFm8ZIg0Xu6hjrTTv+hkPuzriZdP3p5E1GiX0VH4S2beEF9kIsSCGdJ7JYVgRdl
BB03+pg33yvn/WXFeoM6bqsJ1eJ7p4A6HgC1hXlVPhghV4MIX/Bl77vNsnR0yhAv
2v0ydoLgUokWuNdK4+5D62Ycc3+754wYijsGk1sOcgCjoV2I0fXhxm2STCBYAJBM
dOqf8UzsFmMqP/fz7cT7zVvPYB3X7E7I4K9Zm4TmCrCoiaVO7xT6H/yXETRvPzPr
WI9m63n44w6xwdfMPRPQ/aIb5kWVnxDSpcelgSJVwj0fWYNS4yhZa3E/KDuHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvIwesfFh06lTIFmgE09SwRP1FNIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3MzQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhUH
MA0GCSqGSIb3DQEBCwUAA4IBAQBy0aATftaoACwB0mG2QH5S7Uaq90OQA5Odx9HY
ViXrySnJ1fyF1R1rXKz8DX9j2yZSKlp39ODzBITQl2sduH7Ij4rkzdjyG8kAwHWo
QHhKYaTr1BuTRV2c5sJcyXcSjcgv/XebdfQE1jZ2cE1cbT0MQNg5KuwH6KhdDdFX
p2IRABOuh/nPNaTlM3/KghkHKEQ4swDB8Pr/afvQ6JEY0EDgRaArmq6mwdqOkJSZ
KwAfN02zbbH4aWqfoveTLQ9g2nGvLsStUHam8bWYY1RoSX2T3vl8a9oeA8ZYP1mF
g+lER4DBb+TN3cCSKGgGIhvBzNOvjH4zPMtsm6v08z9c0if7
-----END CERTIFICATE-----