Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213163.roa
File:                     AS213163.roa (raw, json)
Hash identifier:          Lxc//Ly3kArE3ByD938A4eopnSpuLKlegLM+Oo57Sp8=
Subject key identifier:   21:94:DA:6D:C7:53:E0:E3:68:41:EF:D9:79:5B:C7:6F:03:E6:01:21
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3DFC9434DF0F6E73AAA67937616172766FFFEB88
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213163.roa
Signing time:             Thu 05 Mar 2026 15:10:38 +0000
ROA not before:           Thu 05 Mar 2026 15:05:38 +0000
ROA not after:            Thu 04 Mar 2027 15:10:38 +0000
asID:                     213163
IP address blocks:        82.41.37.0/24 maxlen: 24
                          82.41.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 20:09:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:fc:94:34:df:0f:6e:73:aa:a6:79:37:61:61:72:76:6f:ff:eb:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  5 15:05:38 2026 GMT
            Not After : Mar  4 15:10:38 2027 GMT
        Subject: CN=2194DA6DC753E0E36841EFD9795BC76F03E60121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0c:28:f1:13:ba:2c:f1:bc:8a:85:c9:85:7a:
                    bb:12:15:37:94:81:3b:56:f9:1e:d6:70:19:8f:8e:
                    b2:94:3e:38:6a:87:59:56:27:51:c0:8d:ab:3f:5a:
                    97:99:8f:6e:f7:1b:22:34:ae:8f:49:c5:60:c0:a6:
                    e7:9c:9f:ec:ba:93:65:db:00:8e:c4:30:b2:d2:52:
                    cd:6e:54:94:1e:39:f6:e9:15:44:dc:e7:a2:34:2a:
                    a8:ba:f0:23:93:14:b5:84:ce:48:2e:d7:12:36:27:
                    a0:3c:e3:15:85:fb:c3:ee:50:45:a0:96:a8:77:fe:
                    fb:ec:75:fb:69:d9:d8:d8:27:58:cc:ca:45:96:a6:
                    17:51:50:9a:5e:7a:be:82:ce:74:c4:18:db:31:56:
                    8c:5e:96:85:ab:eb:66:af:c8:14:31:85:dc:0e:8f:
                    2b:b7:75:97:f2:9e:61:6d:47:c3:20:e8:4a:e5:44:
                    d8:e2:9b:8c:26:e6:c5:b9:6e:f8:4f:96:e4:de:3b:
                    ec:55:d3:b0:75:ed:34:cc:0e:a5:1b:b2:b0:7a:1a:
                    35:75:48:8b:05:7f:7d:5a:49:f9:2e:de:1c:32:8e:
                    d4:71:35:2d:e3:13:56:95:16:d8:19:64:0a:22:20:
                    a7:b2:33:d0:81:9a:e6:00:d7:18:c3:04:41:96:ce:
                    15:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:94:DA:6D:C7:53:E0:E3:68:41:EF:D9:79:5B:C7:6F:03:E6:01:21
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213163.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.37.0/24
                  82.41.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:ee:de:d2:cc:0e:36:88:33:f9:d3:05:80:fa:e4:23:37:10:
         96:91:f1:25:c4:0a:cf:85:76:ca:b5:25:44:35:12:ea:9e:52:
         38:51:d5:e8:ba:76:91:3c:b8:73:ca:f2:ca:b7:e2:3b:4e:ab:
         c3:f8:a8:11:f7:e4:dd:7c:4a:0f:23:4b:1e:8c:e4:49:18:82:
         e7:41:50:b8:37:47:dc:89:ed:f8:95:ba:24:75:87:4d:7c:f8:
         91:1c:5d:50:cf:22:53:82:87:25:08:ea:00:20:90:20:30:bd:
         30:78:2b:8b:e5:ef:24:21:60:8a:79:35:6c:71:76:50:d6:23:
         ca:6c:8f:6a:81:26:52:36:d8:33:d6:14:36:05:28:4e:7e:a3:
         55:10:3a:12:47:65:75:63:af:0f:c8:31:68:50:73:9a:4f:32:
         79:ac:7b:cb:34:c8:c8:37:4f:85:27:fc:ec:81:a3:23:51:47:
         25:d0:72:4d:79:1e:2b:01:03:78:c4:47:a0:40:4d:69:df:b1:
         95:52:cd:5c:5e:be:99:33:dc:8a:78:1a:8d:eb:3a:a4:f0:07:
         26:b4:8e:0a:25:e9:87:91:6f:89:9e:1c:ad:88:ee:06:cf:a5:
         6f:07:09:5f:0a:9d:6e:43:dc:c9:2b:58:b3:8e:3b:c2:80:07:
         a3:fb:f7:78
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUPfyUNN8PbnOqpnk3YWFydm//64gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDUxNTA1MzhaFw0yNzAzMDQxNTEwMzhaMDMxMTAvBgNV
BAMTKDIxOTREQTZEQzc1M0UwRTM2ODQxRUZEOTc5NUJDNzZGMDNFNjAxMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1DCjxE7os8byKhcmFersSFTeU
gTtW+R7WcBmPjrKUPjhqh1lWJ1HAjas/WpeZj273GyI0ro9JxWDApuecn+y6k2Xb
AI7EMLLSUs1uVJQeOfbpFUTc56I0Kqi68COTFLWEzkgu1xI2J6A84xWF+8PuUEWg
lqh3/vvsdftp2djYJ1jMykWWphdRUJpeer6CznTEGNsxVoxeloWr62avyBQxhdwO
jyu3dZfynmFtR8Mg6ErlRNjim4wm5sW5bvhPluTeO+xV07B17TTMDqUbsrB6GjV1
SIsFf31aSfku3hwyjtRxNS3jE1aVFtgZZAoiIKeyM9CBmuYA1xjDBEGWzhUNAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUIZTabcdT4ONoQe/ZeVvHbwPmASEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzMTYzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUikl
AwQAUinKMA0GCSqGSIb3DQEBCwUAA4IBAQAX7t7SzA42iDP50wWA+uQjNxCWkfEl
xArPhXbKtSVENRLqnlI4UdXounaRPLhzyvLKt+I7TqvD+KgR9+TdfEoPI0sejORJ
GILnQVC4N0fcie34lbokdYdNfPiRHF1QzyJTgoclCOoAIJAgML0weCuL5e8kIWCK
eTVscXZQ1iPKbI9qgSZSNtgz1hQ2BShOfqNVEDoSR2V1Y68PyDFoUHOaTzJ5rHvL
NMjIN0+FJ/zsgaMjUUcl0HJNeR4rAQN4xEegQE1p37GVUs1cXr6ZM9yKeBqN6zqk
8AcmtI4KJemHkW+JnhytiO4Gz6VvBwlfCp1uQ9zJK1izjjvCgAej+/d4
-----END CERTIFICATE-----