Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213200.roa
File:                     AS213200.roa (raw, json)
Hash identifier:          J9A9FbisbUdFw12Cq4ApxC+UocLA12/pg1Pyde05Zhs=
Subject key identifier:   C5:DC:43:80:7F:B7:A9:6E:CD:D4:D6:01:CF:1D:F9:2B:07:40:5E:E2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4C9D6690246A23D4A4BAAC09E35297486141A5C6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213200.roa
Signing time:             Thu 30 Jan 2025 09:58:00 +0000
ROA not before:           Thu 30 Jan 2025 09:53:00 +0000
ROA not after:            Thu 29 Jan 2026 09:58:00 +0000
asID:                     213200
IP address blocks:        82.26.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:9d:66:90:24:6a:23:d4:a4:ba:ac:09:e3:52:97:48:61:41:a5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 30 09:53:00 2025 GMT
            Not After : Jan 29 09:58:00 2026 GMT
        Subject: CN=C5DC43807FB7A96ECDD4D601CF1DF92B07405EE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:65:c1:1d:d9:21:26:1a:3f:14:7a:36:23:bc:
                    5a:99:01:4a:ce:84:f3:ac:c7:2e:f2:c6:91:0c:93:
                    f2:b1:ef:e0:12:cb:e0:7b:44:18:0c:85:90:fc:1c:
                    72:fc:c7:79:c3:f3:af:25:55:95:73:be:6b:81:41:
                    98:48:b6:5d:de:5a:27:76:55:00:7e:96:e8:39:27:
                    df:4a:d9:27:6f:49:11:01:c4:a4:84:7c:68:18:db:
                    29:08:ec:fb:9f:77:87:26:a3:f8:33:ad:18:c0:97:
                    24:c2:d1:97:57:61:8f:ee:d1:bd:13:e8:be:41:84:
                    5e:25:4c:b9:37:7c:5c:47:d5:c8:c1:17:f1:51:15:
                    c2:03:64:80:df:5a:d9:d7:bc:04:8b:21:a7:17:4c:
                    ab:93:62:4d:7b:bd:02:39:42:2b:22:4a:5b:9c:a2:
                    81:73:d8:b6:f4:e8:58:aa:fa:f0:c1:58:7d:93:bd:
                    5b:c0:9b:5d:9f:c2:3c:26:1d:db:80:62:bd:87:2a:
                    cb:c4:b0:98:4b:6f:00:03:44:ab:c1:70:99:48:31:
                    79:92:b8:df:48:5f:78:f1:55:35:42:4f:e3:83:08:
                    d9:be:f0:ef:7a:7d:4e:b4:96:e6:62:77:5e:ef:b4:
                    a5:64:19:86:b3:ae:84:e7:7f:20:17:42:ef:c6:3d:
                    f2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:DC:43:80:7F:B7:A9:6E:CD:D4:D6:01:CF:1D:F9:2B:07:40:5E:E2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213200.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:54:ea:91:01:e0:9c:ab:36:ab:52:5e:96:bb:2b:54:fb:c6:
         02:36:f3:a3:7b:e8:51:b3:65:41:ce:df:bd:4c:ba:61:03:56:
         e0:6b:28:e3:f2:f2:1a:36:7f:5e:ea:c4:a6:cf:51:ec:ea:81:
         08:64:43:bb:d3:75:4c:ca:e5:8f:3d:11:29:ee:ee:f5:fc:5f:
         ea:f6:07:58:8d:cb:e1:a6:a1:09:96:8b:59:ea:9b:76:9c:69:
         d4:c0:e6:a4:08:d7:52:a6:25:a9:6f:c7:a2:a7:d0:18:51:2c:
         80:4c:d4:25:5d:2b:52:2a:cf:0b:d0:51:32:91:7e:62:a9:2b:
         82:0a:c7:64:20:d3:11:e1:03:de:58:6e:a8:1d:f0:0e:dd:35:
         30:f0:e0:3e:fb:e3:66:8d:51:b8:b6:0a:52:51:8b:b2:e8:d2:
         84:f5:32:ba:5f:18:a8:c5:37:bf:25:f7:ab:b7:f9:62:81:ce:
         02:75:7b:ec:5c:e1:85:85:24:81:aa:03:1d:66:d2:45:56:03:
         d5:1a:d9:e4:7d:9a:77:cd:02:dd:66:bc:28:d1:f8:0a:85:80:
         b7:67:95:03:7d:a5:86:85:5f:d3:03:73:ce:30:bd:c2:23:0a:
         47:4c:0f:71:9e:0a:f7:59:21:53:50:f0:27:70:8a:3d:01:6c:
         a1:ae:22:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTJ1mkCRqI9SkuqwJ41KXSGFBpcYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMzAwOTUzMDBaFw0yNjAxMjkwOTU4MDBaMDMxMTAvBgNV
BAMTKEM1REM0MzgwN0ZCN0E5NkVDREQ0RDYwMUNGMURGOTJCMDc0MDVFRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6ZcEd2SEmGj8UejYjvFqZAUrO
hPOsxy7yxpEMk/Kx7+ASy+B7RBgMhZD8HHL8x3nD868lVZVzvmuBQZhItl3eWid2
VQB+lug5J99K2SdvSREBxKSEfGgY2ykI7Pufd4cmo/gzrRjAlyTC0ZdXYY/u0b0T
6L5BhF4lTLk3fFxH1cjBF/FRFcIDZIDfWtnXvASLIacXTKuTYk17vQI5QisiSluc
ooFz2Lb06Fiq+vDBWH2TvVvAm12fwjwmHduAYr2HKsvEsJhLbwADRKvBcJlIMXmS
uN9IX3jxVTVCT+ODCNm+8O96fU60luZid17vtKVkGYazroTnfyAXQu/GPfITAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxdxDgH+3qW7N1NYBzx35KwdAXuIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzMjAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhpK
MA0GCSqGSIb3DQEBCwUAA4IBAQBbVOqRAeCcqzarUl6WuytU+8YCNvOje+hRs2VB
zt+9TLphA1bgayjj8vIaNn9e6sSmz1Hs6oEIZEO703VMyuWPPREp7u71/F/q9gdY
jcvhpqEJlotZ6pt2nGnUwOakCNdSpiWpb8eip9AYUSyATNQlXStSKs8L0FEykX5i
qSuCCsdkINMR4QPeWG6oHfAO3TUw8OA+++NmjVG4tgpSUYuy6NKE9TK6XxioxTe/
Jfert/ligc4CdXvsXOGFhSSBqgMdZtJFVgPVGtnkfZp3zQLdZrwo0fgKhYC3Z5UD
faWGhV/TA3POML3CIwpHTA9xngr3WSFTUPAncIo9AWyhriIr
-----END CERTIFICATE-----