Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          QkS/AvAqvXnaEceYjgdeWEH81KMXt/K4qxHgvfYdkQw=
Subject key identifier:   04:19:56:10:55:34:7A:0F:6E:2B:88:66:AD:2A:F5:E6:C3:69:6F:E1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5CBE33E0EB3FDF12A3FC2AD0BBDFD490670A6A11
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
Signing time:             Mon 01 Jun 2026 12:25:32 +0000
ROA not before:           Mon 01 Jun 2026 12:20:32 +0000
ROA not after:            Mon 31 May 2027 12:25:32 +0000
asID:                     21840
IP address blocks:        82.26.160.0/24 maxlen: 24
                          82.47.54.0/24 maxlen: 24
                          178.83.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:be:33:e0:eb:3f:df:12:a3:fc:2a:d0:bb:df:d4:90:67:0a:6a:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  1 12:20:32 2026 GMT
            Not After : May 31 12:25:32 2027 GMT
        Subject: CN=0419561055347A0F6E2B8866AD2AF5E6C3696FE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:64:08:cb:e0:f4:d1:aa:33:0d:d1:63:42:ef:
                    bd:37:dd:61:9f:8e:9f:a1:6f:da:78:d7:65:eb:09:
                    f6:3e:0d:f2:3e:58:8d:4c:dd:54:ec:95:f4:fa:99:
                    d3:cc:1e:16:87:9a:9b:32:e5:a5:31:b0:fd:1b:eb:
                    a5:54:b4:1b:0a:70:e8:ae:86:6c:a2:2e:c5:c9:8b:
                    ff:8f:04:c1:ea:c6:32:39:c0:68:ae:6e:25:34:56:
                    4b:dd:4d:3c:aa:0e:b9:91:04:55:40:1d:4c:ff:03:
                    09:d2:eb:1d:6a:e3:9b:63:39:c0:4b:b4:17:5c:da:
                    65:99:6f:00:70:ae:c5:66:72:d9:72:bf:ae:63:4d:
                    c9:95:a0:1d:83:dd:48:27:19:df:28:96:77:91:6f:
                    2e:03:bc:e8:39:76:20:ff:d5:96:6c:93:4c:82:a6:
                    0d:30:69:99:18:0a:21:bc:5e:32:38:4a:8e:4d:de:
                    e8:0c:de:d5:7e:65:e6:2e:2e:52:96:4b:6b:76:3b:
                    d3:e6:02:4a:b8:83:1b:c0:b3:4f:2d:e1:75:c0:e3:
                    c5:b7:3a:ce:93:1e:fe:38:b9:c7:6f:ef:00:9b:d1:
                    2d:db:c2:7d:e6:f6:7a:c1:28:2f:12:f2:3c:18:42:
                    32:6a:35:43:d4:70:0b:8f:29:ef:50:a3:08:f8:ae:
                    2b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:19:56:10:55:34:7A:0F:6E:2B:88:66:AD:2A:F5:E6:C3:69:6F:E1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.160.0/24
                  82.47.54.0/24
                  178.83.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:22:29:3e:0b:96:22:b3:39:c1:b4:a2:0c:2f:d1:a4:f3:d2:
         f8:f5:fa:6c:0d:05:73:27:a7:72:88:2c:c4:38:6f:38:01:8d:
         79:47:81:6f:2b:08:97:e0:e8:67:38:41:ee:08:c9:ae:73:ba:
         04:04:cf:e9:cd:aa:1f:41:87:6c:ff:0e:a3:e2:72:34:e1:7c:
         1d:18:d1:53:cf:49:5f:ae:b9:e7:03:60:84:1b:99:bb:ec:b1:
         cc:2f:be:4d:e7:49:61:77:94:50:cb:f5:f1:b3:1c:85:84:c0:
         94:62:ba:2a:56:61:dd:ec:08:99:25:3c:d4:26:41:92:5a:39:
         84:ea:cf:71:8d:33:ef:5b:b2:d0:50:99:6c:d4:7f:1e:bb:01:
         b7:07:51:84:7d:78:66:bf:05:be:89:bc:ec:5a:a2:d4:b6:59:
         fd:03:25:d3:d9:2b:c1:f8:d8:13:3d:49:b4:54:0e:26:8c:80:
         9e:61:d9:3c:09:8a:d0:50:62:45:da:dd:ff:14:89:8f:ec:35:
         4f:11:e7:04:7b:99:b5:f9:79:a7:c3:fb:01:22:7c:82:5c:57:
         4b:03:02:d8:44:1d:81:95:19:cb:f6:2c:5f:e6:02:f1:42:e2:
         6f:08:c9:8f:b6:13:87:17:d9:12:fe:db:1c:b8:1f:12:21:0e:
         11:21:1d:e2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUXL4z4Os/3xKj/CrQu9/UkGcKahEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDExMjIwMzJaFw0yNzA1MzExMjI1MzJaMDMxMTAvBgNV
BAMTKDA0MTk1NjEwNTUzNDdBMEY2RTJCODg2NkFEMkFGNUU2QzM2OTZGRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyZAjL4PTRqjMN0WNC77033WGf
jp+hb9p412XrCfY+DfI+WI1M3VTslfT6mdPMHhaHmpsy5aUxsP0b66VUtBsKcOiu
hmyiLsXJi/+PBMHqxjI5wGiubiU0VkvdTTyqDrmRBFVAHUz/AwnS6x1q45tjOcBL
tBdc2mWZbwBwrsVmctlyv65jTcmVoB2D3UgnGd8olneRby4DvOg5diD/1ZZsk0yC
pg0waZkYCiG8XjI4So5N3ugM3tV+ZeYuLlKWS2t2O9PmAkq4gxvAs08t4XXA48W3
Os6THv44ucdv7wCb0S3bwn3m9nrBKC8S8jwYQjJqNUPUcAuPKe9Qowj4ris5AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUBBlWEFU0eg9uK4hmrSr15sNpb+EwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABSGqAD
BABSLzYDBACyU54wDQYJKoZIhvcNAQELBQADggEBAI0iKT4LliKzOcG0ogwv0aTz
0vj1+mwNBXMnp3KILMQ4bzgBjXlHgW8rCJfg6Gc4Qe4Iya5zugQEz+nNqh9Bh2z/
DqPicjThfB0Y0VPPSV+uuecDYIQbmbvsscwvvk3nSWF3lFDL9fGzHIWEwJRiuipW
Yd3sCJklPNQmQZJaOYTqz3GNM+9bstBQmWzUfx67AbcHUYR9eGa/Bb6JvOxaotS2
Wf0DJdPZK8H42BM9SbRUDiaMgJ5h2TwJitBQYkXa3f8UiY/sNU8R5wR7mbX5eafD
+wEifIJcV0sDAthEHYGVGcv2LF/mAvFC4m8IyY+2E4cX2RL+2xy4HxIhDhEhHeI=
-----END CERTIFICATE-----