Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208711.roa
File:                     AS208711.roa (raw, json)
Hash identifier:          /AQYISzoGSsVZ+8n9O+9ducxY1yKygdIGSMywT+zhoE=
Subject key identifier:   A5:A3:78:47:C2:FB:8C:17:58:02:A8:FC:C1:8C:C0:23:9B:69:5B:53
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5A2177B716AABE5E5A280E14753B6D4721DE5884
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208711.roa
Signing time:             Fri 10 Oct 2025 23:38:27 +0000
ROA not before:           Fri 10 Oct 2025 23:33:27 +0000
ROA not after:            Fri 09 Oct 2026 23:38:27 +0000
asID:                     208711
IP address blocks:        82.22.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:21:77:b7:16:aa:be:5e:5a:28:0e:14:75:3b:6d:47:21:de:58:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 10 23:33:27 2025 GMT
            Not After : Oct  9 23:38:27 2026 GMT
        Subject: CN=A5A37847C2FB8C175802A8FCC18CC0239B695B53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:25:97:8c:35:2f:ae:4f:22:d4:d8:79:c2:27:
                    f8:c5:8b:f9:dc:11:a2:6a:6f:5a:e0:78:d4:ef:b8:
                    df:4c:a3:30:a7:a9:5e:b3:06:69:17:e3:d1:b4:66:
                    44:7a:bc:05:a0:47:5f:a6:78:86:57:db:e2:11:d3:
                    38:1b:7f:e1:30:1b:5b:47:94:d1:58:c2:14:d1:59:
                    7b:b8:af:b7:49:9f:07:b5:12:13:84:47:ac:9d:61:
                    42:0d:83:85:1d:ce:ba:71:9f:2a:46:f1:e8:f2:8e:
                    c9:1a:87:4f:93:34:1d:3a:b0:cc:9e:0b:2f:6a:31:
                    ca:1c:ad:43:4e:d3:8a:19:cf:db:1b:eb:de:f6:23:
                    c2:81:a2:7b:9d:67:2b:d1:96:f8:62:47:32:68:1a:
                    8a:73:2d:e2:27:a0:e4:b7:be:97:6a:0e:7d:e7:03:
                    e1:68:c6:0a:a0:a6:02:fa:ed:ab:99:18:54:ed:96:
                    56:17:4e:ba:c7:06:a7:0a:75:80:fb:c4:d5:e2:f4:
                    e3:db:24:fe:f5:45:eb:ae:c1:d3:43:00:c1:c4:7c:
                    86:70:59:15:9c:d5:cc:b0:44:62:c5:88:62:fc:e0:
                    05:62:3a:8d:09:2c:3f:40:9b:6e:79:8d:cc:64:5d:
                    ce:3c:2d:48:8e:36:1d:4a:04:a3:57:41:48:6f:5a:
                    f8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:A3:78:47:C2:FB:8C:17:58:02:A8:FC:C1:8C:C0:23:9B:69:5B:53
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208711.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:73:5c:ba:46:e2:96:29:9c:bc:b1:fa:e4:16:db:61:39:e6:
         01:45:4f:7d:14:40:07:04:8e:cf:d8:6a:c8:50:2d:20:a8:a5:
         e6:09:00:45:2c:14:74:8b:26:92:d7:2d:d9:82:dd:5d:f1:12:
         2f:5a:5f:7d:25:0a:4e:bd:11:39:bc:bd:8b:04:fe:fe:b1:45:
         2e:e9:92:77:93:0a:8b:63:15:ea:7e:e3:e2:72:db:cd:e3:12:
         af:3f:3d:40:ae:90:06:d3:59:86:77:cf:fb:11:99:10:4a:81:
         05:32:ef:6e:b0:f4:56:b5:b0:49:6e:34:9f:a1:e3:e3:b9:45:
         9b:17:6c:43:d3:8d:1e:4e:25:e8:25:10:eb:b1:4e:2b:6e:bd:
         2c:af:05:fc:d6:43:5f:58:d6:2c:04:3c:b6:98:46:b1:e5:9c:
         ec:61:1b:da:15:c4:e4:e8:6e:2b:a0:02:29:3e:6a:da:de:48:
         9b:ae:1c:a9:cc:40:9c:54:e8:d1:c3:57:db:6d:c5:de:c7:6f:
         e1:e4:d5:7c:74:14:9b:90:a2:35:20:28:3e:28:8c:43:19:a2:
         ab:41:d6:a4:d3:4e:db:ea:8e:23:98:62:a9:a2:97:1f:6e:f9:
         4c:db:7a:34:b6:87:99:7d:1e:27:d6:d7:40:c0:47:87:1d:8a:
         77:7a:2e:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWiF3txaqvl5aKA4UdTttRyHeWIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTAyMzMzMjdaFw0yNjEwMDkyMzM4MjdaMDMxMTAvBgNV
BAMTKEE1QTM3ODQ3QzJGQjhDMTc1ODAyQThGQ0MxOENDMDIzOUI2OTVCNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIJZeMNS+uTyLU2HnCJ/jFi/nc
EaJqb1rgeNTvuN9MozCnqV6zBmkX49G0ZkR6vAWgR1+meIZX2+IR0zgbf+EwG1tH
lNFYwhTRWXu4r7dJnwe1EhOER6ydYUINg4UdzrpxnypG8ejyjskah0+TNB06sMye
Cy9qMcocrUNO04oZz9sb6972I8KBonudZyvRlvhiRzJoGopzLeInoOS3vpdqDn3n
A+FoxgqgpgL67auZGFTtllYXTrrHBqcKdYD7xNXi9OPbJP71ReuuwdNDAMHEfIZw
WRWc1cywRGLFiGL84AViOo0JLD9Am255jcxkXc48LUiONh1KBKNXQUhvWvi7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpaN4R8L7jBdYAqj8wYzAI5tpW1MwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA4NzExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhYr
MA0GCSqGSIb3DQEBCwUAA4IBAQAQc1y6RuKWKZy8sfrkFtthOeYBRU99FEAHBI7P
2GrIUC0gqKXmCQBFLBR0iyaS1y3Zgt1d8RIvWl99JQpOvRE5vL2LBP7+sUUu6ZJ3
kwqLYxXqfuPictvN4xKvPz1ArpAG01mGd8/7EZkQSoEFMu9usPRWtbBJbjSfoePj
uUWbF2xD040eTiXoJRDrsU4rbr0srwX81kNfWNYsBDy2mEax5ZzsYRvaFcTk6G4r
oAIpPmra3kibrhypzECcVOjRw1fbbcXex2/h5NV8dBSbkKI1ICg+KIxDGaKrQdak
007b6o4jmGKpopcfbvlM23o0toeZfR4n1tdAwEeHHYp3ei77
-----END CERTIFICATE-----