Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209888.roa
File:                     AS209888.roa (raw, json)
Hash identifier:          nLSMTfHKlcoP2SMFm9TwpSGl0FgasZJk/SM44UdGewA=
Subject key identifier:   11:67:FB:EF:77:38:E1:AC:61:AC:17:4E:D0:AB:BF:EA:66:6D:51:57
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7A9FAB548C8F84E4AB4FC54FC02974E4408B7E7B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209888.roa
Signing time:             Tue 07 Jul 2026 08:46:02 +0000
ROA not before:           Tue 07 Jul 2026 08:41:02 +0000
ROA not after:            Tue 06 Jul 2027 08:46:02 +0000
asID:                     209888
IP address blocks:        82.39.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:9f:ab:54:8c:8f:84:e4:ab:4f:c5:4f:c0:29:74:e4:40:8b:7e:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  7 08:41:02 2026 GMT
            Not After : Jul  6 08:46:02 2027 GMT
        Subject: CN=1167FBEF7738E1AC61AC174ED0ABBFEA666D5157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:dc:78:5d:13:ca:da:82:1e:97:6e:6c:b7:da:
                    d0:d5:56:0c:18:b0:7f:06:42:b0:31:07:0b:aa:77:
                    20:e8:04:17:85:2e:1f:5c:79:61:8e:99:54:ba:7b:
                    b2:56:3f:fc:44:0c:03:59:66:69:2c:8f:98:56:f1:
                    2f:63:83:72:fa:74:5c:8e:84:dc:0b:c6:6c:62:2b:
                    6c:44:0d:26:05:54:31:50:4e:69:99:10:53:06:b6:
                    bb:f4:95:98:ae:6e:a8:fd:ff:77:af:7a:fc:84:f2:
                    18:9a:5b:54:a5:49:91:7c:25:9d:ab:05:89:c7:ca:
                    99:84:bf:99:4e:be:0a:7e:4e:42:a0:76:3a:53:2a:
                    df:9b:ae:a2:34:21:fb:f7:80:62:1d:2a:e1:62:1c:
                    1c:5f:75:6f:a7:c0:af:f8:36:a7:b1:cc:51:46:1a:
                    6b:6b:3a:15:34:75:95:35:6b:5c:37:d7:3d:ec:0e:
                    81:90:3b:e4:14:40:aa:f9:c6:80:82:69:91:d6:e3:
                    09:bd:38:14:1b:44:c2:65:5d:52:9e:9a:ad:34:c4:
                    68:85:9a:72:a3:b2:6e:a1:be:00:c1:ed:32:d1:09:
                    f7:d0:a4:9d:7c:ed:ca:6f:0f:6b:e7:a2:58:de:59:
                    ca:b4:db:ee:87:da:4e:56:b1:96:f1:17:f6:7f:e3:
                    ce:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:67:FB:EF:77:38:E1:AC:61:AC:17:4E:D0:AB:BF:EA:66:6D:51:57
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209888.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:d1:f3:bb:61:9a:8e:86:c2:d2:20:96:cf:51:90:3d:0b:06:
         2f:9b:56:8f:28:22:eb:89:87:73:66:f5:67:c8:fe:6a:9d:26:
         1c:30:69:14:c8:7d:73:c2:b9:10:02:8b:cf:0a:c9:ce:a6:6a:
         ef:aa:75:10:d0:ae:f5:4f:db:fb:b1:75:d2:50:0a:d9:05:17:
         92:94:c2:be:73:e4:ac:49:bd:a3:31:f9:d8:53:34:e8:30:e4:
         83:39:41:c9:4f:a3:5b:09:72:0f:b7:6e:0e:cd:f6:b0:74:62:
         90:6a:07:0e:3e:41:45:5a:7e:28:d0:98:43:b3:6f:65:d2:b1:
         5e:22:b0:1c:1d:eb:8e:28:8a:51:73:07:98:7a:1d:cc:c5:46:
         aa:c6:19:80:6a:30:e5:a0:aa:d8:05:a7:10:a6:1a:42:ab:a1:
         46:7c:1a:37:63:34:25:31:c3:9c:b0:52:22:42:cc:1c:d2:38:
         58:e4:74:1d:ab:bd:7c:8b:fb:ab:5e:1d:6b:10:10:14:2a:a0:
         6f:37:c5:21:03:9b:3f:ff:8f:cd:ae:28:01:6f:ce:64:13:9e:
         d7:dd:16:06:b8:40:20:9b:33:0e:9b:1e:06:c3:fd:4f:d6:8d:
         99:c8:d7:52:b5:8f:bf:c1:87:31:85:d8:8a:e3:b9:db:b5:6c:
         d3:3d:e1:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUep+rVIyPhOSrT8VPwCl05ECLfnswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA3MDcwODQxMDJaFw0yNzA3MDYwODQ2MDJaMDMxMTAvBgNV
BAMTKDExNjdGQkVGNzczOEUxQUM2MUFDMTc0RUQwQUJCRkVBNjY2RDUxNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi3HhdE8ragh6Xbmy32tDVVgwY
sH8GQrAxBwuqdyDoBBeFLh9ceWGOmVS6e7JWP/xEDANZZmksj5hW8S9jg3L6dFyO
hNwLxmxiK2xEDSYFVDFQTmmZEFMGtrv0lZiubqj9/3evevyE8hiaW1SlSZF8JZ2r
BYnHypmEv5lOvgp+TkKgdjpTKt+brqI0Ifv3gGIdKuFiHBxfdW+nwK/4NqexzFFG
GmtrOhU0dZU1a1w31z3sDoGQO+QUQKr5xoCCaZHW4wm9OBQbRMJlXVKemq00xGiF
mnKjsm6hvgDB7TLRCffQpJ187cpvD2vnoljeWcq02+6H2k5WsZbxF/Z/485fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEWf773c44axhrBdO0Ku/6mZtUVcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5ODg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUifn
MA0GCSqGSIb3DQEBCwUAA4IBAQBV0fO7YZqOhsLSIJbPUZA9CwYvm1aPKCLriYdz
ZvVnyP5qnSYcMGkUyH1zwrkQAovPCsnOpmrvqnUQ0K71T9v7sXXSUArZBReSlMK+
c+SsSb2jMfnYUzToMOSDOUHJT6NbCXIPt24OzfawdGKQagcOPkFFWn4o0JhDs29l
0rFeIrAcHeuOKIpRcweYeh3MxUaqxhmAajDloKrYBacQphpCq6FGfBo3YzQlMcOc
sFIiQswc0jhY5HQdq718i/urXh1rEBAUKqBvN8UhA5s//4/NrigBb85kE57X3RYG
uEAgmzMOmx4Gw/1P1o2ZyNdStY+/wYcxhdiK47nbtWzTPeH6
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:07:33 2026 by rpki-client