Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214402.roa
File:                     AS214402.roa (raw, json)
Hash identifier:          isRGVgYRslUjJMQCN56c/peS/HWPZQUgSFZ9lg6bPio=
Subject key identifier:   37:A9:09:58:6A:0E:7D:73:22:5D:A3:22:B4:34:67:5F:04:2E:A8:C6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       20E50D9BA0F16428AD6755763896285D9C219653
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214402.roa
Signing time:             Mon 02 Jun 2025 16:10:03 +0000
ROA not before:           Mon 02 Jun 2025 16:05:03 +0000
ROA not after:            Mon 01 Jun 2026 16:10:03 +0000
asID:                     214402
IP address blocks:        82.26.113.0/24 maxlen: 24
                          2a13:9500:43::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:e5:0d:9b:a0:f1:64:28:ad:67:55:76:38:96:28:5d:9c:21:96:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  2 16:05:03 2025 GMT
            Not After : Jun  1 16:10:03 2026 GMT
        Subject: CN=37A909586A0E7D73225DA322B434675F042EA8C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3a:fa:a1:32:cf:fb:ea:12:90:b2:b2:70:2f:
                    78:44:03:2b:d2:20:bc:db:77:7a:f8:3e:57:b2:8c:
                    85:28:03:cd:06:f3:c9:71:fd:1c:7d:8d:57:f7:2c:
                    ac:59:61:a1:f0:0c:b2:b8:12:f4:88:80:db:f1:ac:
                    7e:4a:64:b9:4a:30:e9:1a:f8:58:74:38:0e:8b:97:
                    f4:41:95:2e:97:30:77:52:7a:de:a1:a0:fe:f1:f3:
                    e6:b9:50:bf:ae:36:4a:72:b9:c0:38:2d:4b:f3:cc:
                    14:6a:72:56:5c:6f:91:1b:00:4c:af:91:74:4c:84:
                    0d:0a:db:b7:a2:d0:76:b0:3d:e6:dc:91:be:cc:ba:
                    b7:52:e7:7e:12:c6:e3:ef:b8:bd:28:29:94:ec:6a:
                    07:ae:c2:36:7d:b5:9f:02:78:8f:a2:60:90:9a:9d:
                    35:3a:61:71:24:c8:58:4b:e0:09:b7:1a:d4:89:62:
                    bf:50:f3:a7:b0:7d:79:a1:5f:8d:03:9c:cf:eb:52:
                    08:1a:cf:81:81:07:81:cd:3b:46:04:c9:58:49:c2:
                    27:64:15:6e:4c:04:01:e1:18:2c:85:5f:ef:07:d9:
                    1c:70:c7:df:60:3d:f7:f9:ec:90:65:a6:43:74:1e:
                    88:bb:94:f9:d2:6c:17:87:39:4a:9b:89:21:b0:f5:
                    0a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A9:09:58:6A:0E:7D:73:22:5D:A3:22:B4:34:67:5F:04:2E:A8:C6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.113.0/24
                IPv6:
                  2a13:9500:43::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:ad:3f:c9:48:4c:23:0a:77:42:f5:d9:de:16:fa:27:91:77:
         27:47:75:88:f8:58:c2:65:3c:2e:78:6a:55:a9:44:2e:0c:97:
         01:20:b4:8c:95:21:e6:b0:7d:42:1d:27:a8:55:a6:88:ca:57:
         93:e7:2e:cc:a5:1f:fb:3e:37:03:53:87:e5:91:4a:02:9d:c6:
         7f:1d:e1:9f:64:77:8a:d1:a1:76:1a:37:ff:e1:c5:b0:e5:7d:
         67:6c:b4:b1:74:f2:54:83:fc:96:06:9a:f3:f6:5c:fc:10:46:
         4b:a8:ac:26:60:31:c5:75:2e:ed:4a:56:11:eb:44:7b:61:54:
         33:40:3e:1e:7a:c0:07:f5:26:49:bd:b7:48:55:e2:b1:43:ce:
         bb:77:5e:d6:7c:d3:f5:26:fe:5c:0c:ba:87:b1:9b:92:3e:eb:
         63:6e:78:41:4b:77:78:35:60:16:22:89:7c:57:99:a9:40:69:
         a3:cc:39:73:4e:7a:52:27:f2:7d:42:8f:42:4e:7e:f0:f3:e7:
         c8:17:2e:15:1a:bb:4a:48:b1:62:9e:86:f0:4d:dd:e0:4c:a7:
         d2:a7:82:1d:11:27:26:95:1d:0d:f2:2b:e1:0b:af:e8:ad:22:
         c4:06:ed:ca:f8:d2:40:dc:91:0c:62:69:f8:df:42:26:da:1d:
         16:e8:ab:15
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUIOUNm6DxZCitZ1V2OJYoXZwhllMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDIxNjA1MDNaFw0yNjA2MDExNjEwMDNaMDMxMTAvBgNV
BAMTKDM3QTkwOTU4NkEwRTdENzMyMjVEQTMyMkI0MzQ2NzVGMDQyRUE4QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7OvqhMs/76hKQsrJwL3hEAyvS
ILzbd3r4PleyjIUoA80G88lx/Rx9jVf3LKxZYaHwDLK4EvSIgNvxrH5KZLlKMOka
+Fh0OA6Ll/RBlS6XMHdSet6hoP7x8+a5UL+uNkpyucA4LUvzzBRqclZcb5EbAEyv
kXRMhA0K27ei0HawPebckb7MurdS534SxuPvuL0oKZTsageuwjZ9tZ8CeI+iYJCa
nTU6YXEkyFhL4Am3GtSJYr9Q86ewfXmhX40DnM/rUggaz4GBB4HNO0YEyVhJwidk
FW5MBAHhGCyFX+8H2Rxwx99gPff57JBlpkN0Hoi7lPnSbBeHOUqbiSGw9QqDAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUN6kJWGoOfXMiXaMitDRnXwQuqMYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhpx
MA8EAgACMAkDBwAqE5UAAEMwDQYJKoZIhvcNAQELBQADggEBAJqtP8lITCMKd0L1
2d4W+ieRdydHdYj4WMJlPC54alWpRC4MlwEgtIyVIeawfUIdJ6hVpojKV5PnLsyl
H/s+NwNTh+WRSgKdxn8d4Z9kd4rRoXYaN//hxbDlfWdstLF08lSD/JYGmvP2XPwQ
RkuorCZgMcV1Lu1KVhHrRHthVDNAPh56wAf1Jkm9t0hV4rFDzrt3XtZ80/Um/lwM
uoexm5I+62NueEFLd3g1YBYiiXxXmalAaaPMOXNOelIn8n1Cj0JOfvDz58gXLhUa
u0pIsWKehvBN3eBMp9Kngh0RJyaVHQ3yK+ELr+itIsQG7cr40kDckQxiafjfQiba
HRboqxU=
-----END CERTIFICATE-----