Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa
File:                     AS214693.roa (raw, json)
Hash identifier:          OSV3rFbRTRxpVRkG9IketbFMi/GsfMlMVWGyXFbzJM4=
Subject key identifier:   42:09:24:E2:F8:FB:A4:E5:1E:D7:1E:6F:4A:3F:D1:09:18:F8:8B:D4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       759514BFCE6A8815A29D9B967B2198150AE62A07
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa
Signing time:             Wed 26 Mar 2025 19:11:20 +0000
ROA not before:           Wed 26 Mar 2025 19:06:20 +0000
ROA not after:            Wed 25 Mar 2026 19:11:20 +0000
asID:                     214693
IP address blocks:        82.22.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 18:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:95:14:bf:ce:6a:88:15:a2:9d:9b:96:7b:21:98:15:0a:e6:2a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 26 19:06:20 2025 GMT
            Not After : Mar 25 19:11:20 2026 GMT
        Subject: CN=420924E2F8FBA4E51ED71E6F4A3FD10918F88BD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4c:b1:9d:ab:c6:86:ad:1a:5f:67:81:38:12:
                    ba:8d:c3:3e:59:aa:f6:f2:78:5a:bd:4b:31:4d:7f:
                    95:e0:b7:ec:ad:81:0e:7d:75:2c:0e:09:eb:fb:e3:
                    12:46:9d:b2:4e:07:4a:f9:4d:53:bc:fe:1c:c8:15:
                    42:59:30:21:60:6a:bd:4e:27:3a:e6:e8:5c:bc:d2:
                    d2:d3:2a:98:81:8a:5d:68:6e:0d:cd:9b:7d:6b:69:
                    9c:38:9b:e9:f4:c3:a1:5b:48:ff:6b:6f:02:f5:3d:
                    56:aa:e9:69:b4:01:4f:87:9d:09:bf:60:3e:1b:4d:
                    61:2d:1c:c9:2c:a4:01:e0:dc:2c:70:6f:76:12:14:
                    ec:70:cc:6e:f6:0c:6e:a9:ee:41:54:03:09:21:e4:
                    ec:03:89:4f:5c:93:4d:a9:6f:cc:d2:8a:f2:64:94:
                    84:01:c0:08:4a:e3:4e:8c:f7:b1:e3:aa:04:71:57:
                    46:a4:18:ec:aa:ed:76:df:ea:d9:3c:74:72:71:63:
                    35:fd:0f:c6:c7:ac:91:b8:27:5b:f4:3c:22:c4:79:
                    ab:c1:5d:22:70:e7:7a:20:2b:86:85:10:01:11:9f:
                    ee:c3:c6:2b:fd:cd:eb:b6:db:b0:66:06:81:52:57:
                    ff:b2:9e:5a:c2:71:b0:56:bc:b3:04:27:e0:48:27:
                    88:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:09:24:E2:F8:FB:A4:E5:1E:D7:1E:6F:4A:3F:D1:09:18:F8:8B:D4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:11:4e:bf:3a:42:64:b1:fb:9a:f2:c5:38:0a:86:3e:a5:a1:
         66:5f:87:49:2b:f4:8e:f4:e1:16:10:5f:67:c3:2a:f5:12:c0:
         3a:5b:fa:00:ee:43:50:4a:1a:bb:8c:0f:e7:75:fa:87:55:48:
         10:b9:7a:5b:bc:45:57:9d:6d:6b:45:0b:5b:47:78:d8:be:1a:
         78:94:1e:6d:bd:98:93:51:dd:e1:fd:35:e5:88:0c:e5:74:ef:
         2d:a9:e4:1c:4d:69:6c:21:ea:be:02:7a:8d:95:eb:d1:8c:1d:
         9c:9e:14:48:10:8a:95:d7:3a:09:60:8b:a7:84:80:7f:c7:8b:
         e7:4f:04:83:94:ac:f5:3b:91:59:e4:f1:82:76:a6:84:c0:4a:
         e1:6d:f9:24:71:1a:b7:37:fd:e3:b7:ac:27:c6:de:16:11:71:
         0d:3e:8c:76:c9:65:fe:1d:12:06:72:fe:0d:c4:87:fd:b5:a7:
         8a:20:81:16:04:6f:2c:57:c3:62:53:29:37:bd:77:c9:63:57:
         77:e8:3d:25:d3:8e:77:40:23:76:55:b2:a6:81:0f:84:3f:56:
         80:6c:45:82:44:90:95:fb:35:4e:35:b7:50:43:02:ae:db:eb:
         6a:91:2a:91:8b:e7:c9:23:92:47:84:48:01:96:33:eb:b4:4a:
         7c:25:fe:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdZUUv85qiBWinZuWeyGYFQrmKgcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAzMjYxOTA2MjBaFw0yNjAzMjUxOTExMjBaMDMxMTAvBgNV
BAMTKDQyMDkyNEUyRjhGQkE0RTUxRUQ3MUU2RjRBM0ZEMTA5MThGODhCRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiTLGdq8aGrRpfZ4E4ErqNwz5Z
qvbyeFq9SzFNf5Xgt+ytgQ59dSwOCev74xJGnbJOB0r5TVO8/hzIFUJZMCFgar1O
Jzrm6Fy80tLTKpiBil1obg3Nm31raZw4m+n0w6FbSP9rbwL1PVaq6Wm0AU+HnQm/
YD4bTWEtHMkspAHg3Cxwb3YSFOxwzG72DG6p7kFUAwkh5OwDiU9ck02pb8zSivJk
lIQBwAhK406M97HjqgRxV0akGOyq7Xbf6tk8dHJxYzX9D8bHrJG4J1v0PCLEeavB
XSJw53ogK4aFEAERn+7Dxiv9zeu227BmBoFSV/+ynlrCcbBWvLMEJ+BIJ4gjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQgkk4vj7pOUe1x5vSj/RCRj4i9QwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhbI
MA0GCSqGSIb3DQEBCwUAA4IBAQBZEU6/OkJksfua8sU4CoY+paFmX4dJK/SO9OEW
EF9nwyr1EsA6W/oA7kNQShq7jA/ndfqHVUgQuXpbvEVXnW1rRQtbR3jYvhp4lB5t
vZiTUd3h/TXliAzldO8tqeQcTWlsIeq+AnqNlevRjB2cnhRIEIqV1zoJYIunhIB/
x4vnTwSDlKz1O5FZ5PGCdqaEwErhbfkkcRq3N/3jt6wnxt4WEXENPox2yWX+HRIG
cv4NxIf9taeKIIEWBG8sV8NiUyk3vXfJY1d36D0l0453QCN2VbKmgQ+EP1aAbEWC
RJCV+zVONbdQQwKu2+tqkSqRi+fJI5JHhEgBljPrtEp8Jf4V
-----END CERTIFICATE-----