Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210734.roa
File:                     AS210734.roa (raw, json)
Hash identifier:          g7j+MisYFiSp5ZL/5pHTh722uxgIE/kmEdLomlQ/KCg=
Subject key identifier:   97:FE:41:C7:20:3C:9B:75:C7:59:B7:9F:99:AE:55:33:1D:78:06:C6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7418D3C0C954AD9C58D1A9A98F33A361A84ED226
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210734.roa
Signing time:             Fri 22 May 2026 04:47:15 +0000
ROA not before:           Fri 22 May 2026 04:42:15 +0000
ROA not after:            Fri 21 May 2027 04:47:15 +0000
asID:                     210734
IP address blocks:        82.22.172.0/24 maxlen: 24
                          82.27.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:18:d3:c0:c9:54:ad:9c:58:d1:a9:a9:8f:33:a3:61:a8:4e:d2:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 22 04:42:15 2026 GMT
            Not After : May 21 04:47:15 2027 GMT
        Subject: CN=97FE41C7203C9B75C759B79F99AE55331D7806C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0f:d5:02:b9:71:d7:19:32:61:22:79:4f:34:
                    ec:3a:39:b5:8f:3a:1d:59:3d:a7:88:46:b3:04:82:
                    dc:b0:12:0d:eb:c5:35:8b:3d:b3:44:a0:75:a0:d0:
                    1f:55:ab:86:ba:ac:19:09:6d:3d:62:66:c4:fa:12:
                    5f:29:0a:d2:df:26:aa:44:dc:74:0e:bc:82:34:f6:
                    84:47:44:71:6e:fe:79:15:1c:e5:5a:82:91:32:30:
                    04:61:5f:b2:51:11:c4:f2:d8:ac:d0:1a:df:96:52:
                    87:21:eb:1a:7d:da:2b:c4:9a:bb:fc:b6:78:ec:19:
                    d4:2a:52:7f:e3:26:9a:0e:08:e6:4d:e3:3e:b0:a8:
                    06:11:f6:3c:97:39:a3:e9:c8:23:eb:c0:2d:6e:35:
                    bf:f5:c3:b5:2d:61:dd:f7:8f:9a:e7:7e:e1:3f:62:
                    34:68:ef:74:82:3a:e4:a5:7f:66:36:04:6f:5f:99:
                    e3:76:58:96:9c:ce:07:83:63:2f:f4:a9:c3:8f:fd:
                    11:ef:4a:10:64:6d:8b:76:79:42:09:7d:03:aa:ca:
                    a3:58:a8:f2:13:2d:80:59:6f:7c:bb:31:02:e6:4c:
                    a8:2e:01:f4:d0:38:14:22:fb:c4:49:62:db:e7:8c:
                    b9:23:d6:bd:27:fd:c3:70:3e:93:b4:06:22:30:50:
                    46:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:FE:41:C7:20:3C:9B:75:C7:59:B7:9F:99:AE:55:33:1D:78:06:C6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.172.0/24
                  82.27.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:48:66:4c:b3:3a:25:0c:be:d4:96:05:e1:d7:e9:fb:54:6c:
         f8:62:b5:b5:d9:0a:14:5b:10:40:44:61:68:3a:31:f1:9c:81:
         05:49:9c:ad:10:0e:bc:1b:3f:6d:84:0b:c5:21:b3:d1:9b:2b:
         3b:39:27:2c:28:61:f5:0f:8c:7f:51:02:f2:e6:a8:10:e2:e9:
         20:bb:a3:63:cd:04:fa:c5:1f:10:27:2a:92:9b:e2:0a:82:4e:
         c5:88:46:0e:b8:74:eb:d0:44:98:85:9b:e8:c3:53:3f:e4:2a:
         6c:0c:57:28:99:56:02:93:5e:ad:5d:dd:a4:52:78:6e:9b:17:
         f6:4e:66:97:8d:8f:13:0d:0f:7f:d5:f5:51:98:fe:6e:26:04:
         72:de:f2:78:9c:e8:67:14:7c:c9:36:d7:63:d4:3c:11:99:ac:
         b1:14:93:41:41:c5:27:fb:93:30:db:04:33:ae:00:ab:7b:57:
         f0:16:c0:f5:3e:fb:b3:30:0c:06:42:59:e2:76:13:03:48:9d:
         d4:5a:52:81:8f:9e:ad:ee:a4:1e:9e:87:af:3e:82:11:72:b4:
         52:d4:66:2d:62:be:8f:06:21:20:5d:6f:49:2a:65:3e:bd:e6:
         36:67:9f:ce:9b:5d:38:6c:3e:7f:b5:01:b9:86:92:ae:6a:c2:
         06:f2:b1:5b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdBjTwMlUrZxY0ampjzOjYahO0iYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjIwNDQyMTVaFw0yNzA1MjEwNDQ3MTVaMDMxMTAvBgNV
BAMTKDk3RkU0MUM3MjAzQzlCNzVDNzU5Qjc5Rjk5QUU1NTMzMUQ3ODA2QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTD9UCuXHXGTJhInlPNOw6ObWP
Oh1ZPaeIRrMEgtywEg3rxTWLPbNEoHWg0B9Vq4a6rBkJbT1iZsT6El8pCtLfJqpE
3HQOvII09oRHRHFu/nkVHOVagpEyMARhX7JREcTy2KzQGt+WUoch6xp92ivEmrv8
tnjsGdQqUn/jJpoOCOZN4z6wqAYR9jyXOaPpyCPrwC1uNb/1w7UtYd33j5rnfuE/
YjRo73SCOuSlf2Y2BG9fmeN2WJaczgeDYy/0qcOP/RHvShBkbYt2eUIJfQOqyqNY
qPITLYBZb3y7MQLmTKguAfTQOBQi+8RJYtvnjLkj1r0n/cNwPpO0BiIwUEZ9AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUl/5BxyA8m3XHWbefma5VMx14BsYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwNzM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhas
AwQAUhvNMA0GCSqGSIb3DQEBCwUAA4IBAQAZSGZMszolDL7UlgXh1+n7VGz4YrW1
2QoUWxBARGFoOjHxnIEFSZytEA68Gz9thAvFIbPRmys7OScsKGH1D4x/UQLy5qgQ
4ukgu6NjzQT6xR8QJyqSm+IKgk7FiEYOuHTr0ESYhZvow1M/5CpsDFcomVYCk16t
Xd2kUnhumxf2TmaXjY8TDQ9/1fVRmP5uJgRy3vJ4nOhnFHzJNtdj1DwRmayxFJNB
QcUn+5Mw2wQzrgCre1fwFsD1PvuzMAwGQlnidhMDSJ3UWlKBj56t7qQenoevPoIR
crRS1GYtYr6PBiEgXW9JKmU+veY2Z5/Om104bD5/tQG5hpKuasIG8rFb
-----END CERTIFICATE-----