Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213845.roa
File:                     AS213845.roa (raw, json)
Hash identifier:          Ktj54UzslZD7hyupX/LM1yozOBDEWnbY7rg8dcW9gUU=
Subject key identifier:   AA:0B:42:E0:38:FE:00:6A:87:51:47:36:5C:70:25:A5:35:F2:55:6D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       24154723D53A56E70EC62DFAE05F4ADE213827F0
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213845.roa
Signing time:             Wed 29 Jan 2025 03:12:05 +0000
ROA not before:           Wed 29 Jan 2025 03:07:05 +0000
ROA not after:            Wed 28 Jan 2026 03:12:05 +0000
asID:                     213845
IP address blocks:        82.23.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:15:47:23:d5:3a:56:e7:0e:c6:2d:fa:e0:5f:4a:de:21:38:27:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 29 03:07:05 2025 GMT
            Not After : Jan 28 03:12:05 2026 GMT
        Subject: CN=AA0B42E038FE006A875147365C7025A535F2556D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:4d:5e:e8:f5:71:86:0c:1b:35:29:96:29:
                    66:05:a9:e5:85:04:dc:cf:0c:be:ea:f7:2c:a9:5d:
                    dd:1a:5d:c1:94:17:c7:a4:00:bb:3a:e9:f4:27:64:
                    a6:ed:81:06:2f:f0:1c:85:18:9d:6c:f1:8a:d8:3e:
                    69:d6:dc:14:dc:7d:44:e9:43:70:c0:21:d6:49:cb:
                    60:54:2f:09:ca:80:96:e4:ac:92:24:38:04:b6:a4:
                    30:04:cd:d6:4a:cd:83:e4:e6:34:48:2d:a7:e5:7b:
                    8b:e3:1e:05:31:bf:8b:4e:de:f4:a4:53:fc:e7:db:
                    15:d9:d3:f8:76:e6:a6:4b:1b:f1:f4:30:bd:68:ab:
                    b3:91:1d:b7:a4:76:5c:64:7a:f7:4f:b2:92:90:34:
                    a2:5f:55:70:87:47:f9:a2:cd:ee:c0:2e:25:7e:e3:
                    b3:77:1b:f2:3e:60:1b:47:f0:bf:c0:62:de:9c:84:
                    cd:cc:c5:57:93:fe:c9:88:ef:c8:12:d2:ef:00:bf:
                    b3:e2:39:a4:cc:6a:7b:cd:b0:1a:76:1d:5d:ed:78:
                    32:ff:28:f4:2a:f8:08:db:53:55:9d:ee:63:fe:17:
                    ad:e6:4a:c3:8b:4b:76:d4:16:41:6b:40:ea:c2:3f:
                    77:30:3f:b1:f3:3a:0d:a3:7d:d3:c2:bf:cf:ce:21:
                    b9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:0B:42:E0:38:FE:00:6A:87:51:47:36:5C:70:25:A5:35:F2:55:6D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213845.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:3d:ea:5c:04:e2:3b:2a:39:76:f1:91:8c:a0:1f:b9:da:bc:
         6f:9b:33:0d:d3:97:94:03:28:b3:ab:b5:3c:a4:51:b9:72:4e:
         d9:62:8f:7a:b0:07:db:87:70:5d:05:a9:72:28:55:75:c0:48:
         6f:d9:b9:0d:47:58:ef:00:e8:42:2f:28:58:33:3a:8b:ec:bd:
         0d:06:db:8f:20:b6:de:90:3f:78:aa:b1:4b:4c:cf:76:38:dc:
         33:67:f0:87:a0:60:3b:97:b6:42:5b:f6:85:f3:ac:c4:fe:4b:
         22:02:dd:11:c9:9b:3c:1d:bf:df:c4:f0:b6:20:2b:a0:9d:00:
         bc:2c:8d:fd:84:05:97:94:7c:0d:78:b2:74:28:bf:fe:14:08:
         ef:da:f5:2c:03:c0:ba:54:cf:ff:c9:de:2e:50:31:f7:5c:3c:
         03:6c:94:e6:10:c5:92:a9:b8:1c:cd:f8:87:65:16:ea:e6:a3:
         18:8a:79:08:dd:ae:b9:f1:8a:fc:88:d3:8c:98:d4:b4:d6:97:
         ac:42:48:c5:72:fc:c9:e0:82:e7:eb:6d:b8:70:ff:14:61:15:
         42:8b:a2:02:a9:1e:5e:d0:4a:dd:59:eb:17:63:95:9b:74:8e:
         d7:43:b8:77:bc:5f:3a:e0:6d:5e:f6:b4:80:0b:07:df:0f:f7:
         88:cc:d8:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJBVHI9U6VucOxi364F9K3iE4J/AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjkwMzA3MDVaFw0yNjAxMjgwMzEyMDVaMDMxMTAvBgNV
BAMTKEFBMEI0MkUwMzhGRTAwNkE4NzUxNDczNjVDNzAyNUE1MzVGMjU1NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsPk1e6PVxhgwbNSmWKWYFqeWF
BNzPDL7q9yypXd0aXcGUF8ekALs66fQnZKbtgQYv8ByFGJ1s8YrYPmnW3BTcfUTp
Q3DAIdZJy2BULwnKgJbkrJIkOAS2pDAEzdZKzYPk5jRILafle4vjHgUxv4tO3vSk
U/zn2xXZ0/h25qZLG/H0ML1oq7ORHbekdlxkevdPspKQNKJfVXCHR/mize7ALiV+
47N3G/I+YBtH8L/AYt6chM3MxVeT/smI78gS0u8Av7PiOaTManvNsBp2HV3teDL/
KPQq+AjbU1Wd7mP+F63mSsOLS3bUFkFrQOrCP3cwP7HzOg2jfdPCv8/OIbl5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqgtC4Dj+AGqHUUc2XHAlpTXyVW0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzODQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhex
MA0GCSqGSIb3DQEBCwUAA4IBAQAEPepcBOI7Kjl28ZGMoB+52rxvmzMN05eUAyiz
q7U8pFG5ck7ZYo96sAfbh3BdBalyKFV1wEhv2bkNR1jvAOhCLyhYMzqL7L0NBtuP
ILbekD94qrFLTM92ONwzZ/CHoGA7l7ZCW/aF86zE/ksiAt0RyZs8Hb/fxPC2ICug
nQC8LI39hAWXlHwNeLJ0KL/+FAjv2vUsA8C6VM//yd4uUDH3XDwDbJTmEMWSqbgc
zfiHZRbq5qMYinkI3a658Yr8iNOMmNS01pesQkjFcvzJ4ILn6224cP8UYRVCi6IC
qR5e0ErdWesXY5WbdI7XQ7h3vF864G1e9rSACwffD/eIzNiO
-----END CERTIFICATE-----