Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213482.roa
File:                     AS213482.roa (raw, json)
Hash identifier:          KpE9/HvJaU5WUUT8MHKMKOpYDSIzq3SPlyTF6Ctv3QY=
Subject key identifier:   D7:BC:D0:AC:2E:85:A8:41:AD:69:40:9C:60:CE:09:CD:4D:A3:93:31
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       33BA476BCB0109C90CB77634103971783E11E1DE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213482.roa
Signing time:             Sun 12 Jul 2026 00:03:21 +0000
ROA not before:           Sat 11 Jul 2026 23:58:21 +0000
ROA not after:            Sun 11 Jul 2027 00:03:21 +0000
asID:                     213482
IP address blocks:        82.23.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:ba:47:6b:cb:01:09:c9:0c:b7:76:34:10:39:71:78:3e:11:e1:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 11 23:58:21 2026 GMT
            Not After : Jul 11 00:03:21 2027 GMT
        Subject: CN=D7BCD0AC2E85A841AD69409C60CE09CD4DA39331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8c:99:5d:81:15:a3:58:27:30:3c:79:64:ba:
                    05:40:a4:e6:fc:ec:22:09:99:40:61:a6:b1:ad:43:
                    64:b7:8b:bf:4f:d2:83:53:46:54:1d:74:38:0a:38:
                    ab:fd:59:8f:60:5e:72:df:72:c5:94:5b:a5:0a:54:
                    eb:aa:3f:70:ee:59:76:9e:c4:61:3b:90:75:b6:e7:
                    c7:7b:15:14:f3:d4:12:2f:4b:59:70:2f:97:bc:7d:
                    34:78:63:79:94:df:cb:18:3c:50:66:66:67:c8:85:
                    1d:07:1d:f9:b8:4e:b6:e3:4f:46:13:25:71:c2:59:
                    99:a9:0b:de:99:31:2b:e8:1d:6d:14:06:04:d2:99:
                    36:4d:4a:ed:63:23:9c:a3:01:27:38:f8:78:36:b1:
                    46:90:be:e3:de:63:06:00:b8:d1:0b:d5:6a:08:7e:
                    29:f7:f8:e9:30:d9:94:51:d0:45:08:39:06:e6:c6:
                    ba:f0:9d:3f:71:cf:72:41:c1:c1:1a:75:e7:1f:a7:
                    fa:3c:54:73:85:43:57:6f:f1:4a:7b:66:69:2a:49:
                    58:b6:f8:de:3d:cb:6b:83:8e:21:56:af:74:bf:f0:
                    6f:7b:fb:2b:b2:aa:07:ec:99:46:4c:c6:e7:8a:20:
                    4c:72:b4:b6:81:78:75:22:68:18:2c:93:28:51:5c:
                    73:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:BC:D0:AC:2E:85:A8:41:AD:69:40:9C:60:CE:09:CD:4D:A3:93:31
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213482.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:0c:2a:76:48:3b:ae:ac:71:e8:17:29:67:ba:b7:83:65:e1:
         2c:8e:41:85:f0:d2:18:03:ec:b1:35:b9:d4:bc:dc:cf:2c:c8:
         57:c1:11:88:56:56:bd:2d:92:bd:75:48:51:22:20:b7:e6:bd:
         d6:e6:a0:c3:3c:99:ec:eb:7a:57:ed:6b:34:6f:db:75:27:3b:
         a3:55:51:ea:5b:8b:59:f2:83:11:3a:89:6e:54:1a:2a:b4:10:
         f7:b3:57:45:cf:16:f0:1c:63:c6:76:9a:32:7b:27:fc:fa:13:
         b9:a6:68:64:24:6e:9b:c4:4b:b5:2d:b9:06:d3:ab:3c:59:ee:
         3e:95:94:5a:f0:cb:99:15:8e:2b:be:e4:d6:7a:18:9d:75:62:
         70:12:54:34:d0:a8:4b:0d:cf:89:eb:9b:ee:ba:a0:15:5f:89:
         31:00:05:44:6c:7b:6b:98:ac:4d:43:a7:55:d1:32:61:f4:2d:
         45:77:f0:10:c9:cb:18:81:a1:57:69:29:ed:6b:c0:5f:33:60:
         d2:b0:64:05:6e:d3:84:ab:ae:cf:c3:74:ad:3e:97:55:5d:5a:
         f8:e6:f6:2c:0f:fc:4a:60:2b:b2:0b:a9:58:7f:23:2d:a8:8e:
         97:2e:84:19:4d:45:51:32:2c:e0:3e:33:88:bb:d9:c3:9b:30:
         9f:bc:8d:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUM7pHa8sBCckMt3Y0EDlxeD4R4d4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA3MTEyMzU4MjFaFw0yNzA3MTEwMDAzMjFaMDMxMTAvBgNV
BAMTKEQ3QkNEMEFDMkU4NUE4NDFBRDY5NDA5QzYwQ0UwOUNENERBMzkzMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/jJldgRWjWCcwPHlkugVApOb8
7CIJmUBhprGtQ2S3i79P0oNTRlQddDgKOKv9WY9gXnLfcsWUW6UKVOuqP3DuWXae
xGE7kHW258d7FRTz1BIvS1lwL5e8fTR4Y3mU38sYPFBmZmfIhR0HHfm4TrbjT0YT
JXHCWZmpC96ZMSvoHW0UBgTSmTZNSu1jI5yjASc4+Hg2sUaQvuPeYwYAuNEL1WoI
fin3+Okw2ZRR0EUIOQbmxrrwnT9xz3JBwcEadecfp/o8VHOFQ1dv8Up7ZmkqSVi2
+N49y2uDjiFWr3S/8G97+yuyqgfsmUZMxueKIExytLaBeHUiaBgskyhRXHNnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU17zQrC6FqEGtaUCcYM4JzU2jkzEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNDgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUheq
MA0GCSqGSIb3DQEBCwUAA4IBAQAGDCp2SDuurHHoFylnureDZeEsjkGF8NIYA+yx
NbnUvNzPLMhXwRGIVla9LZK9dUhRIiC35r3W5qDDPJns63pX7Ws0b9t1JzujVVHq
W4tZ8oMROoluVBoqtBD3s1dFzxbwHGPGdpoyeyf8+hO5pmhkJG6bxEu1LbkG06s8
We4+lZRa8MuZFY4rvuTWehiddWJwElQ00KhLDc+J65vuuqAVX4kxAAVEbHtrmKxN
Q6dV0TJh9C1Fd/AQycsYgaFXaSnta8BfM2DSsGQFbtOEq67Pw3StPpdVXVr45vYs
D/xKYCuyC6lYfyMtqI6XLoQZTUVRMizgPjOIu9nDmzCfvI14
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:05:17 2026 by rpki-client