Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          UNPMCwcFS5mePKvld1rCLjkrjxQU7OVPdUUd7Zp3fas=
Subject key identifier:   FA:47:5B:7E:60:C2:DF:EF:9F:3C:4F:CC:18:28:89:CC:63:97:62:4E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       111EB797E82D0BFA920DEF644C61DF973946597E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
Signing time:             Fri 06 Jun 2025 02:06:13 +0000
ROA not before:           Fri 06 Jun 2025 02:01:13 +0000
ROA not after:            Fri 05 Jun 2026 02:06:13 +0000
asID:                     21840
IP address blocks:        82.26.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:1e:b7:97:e8:2d:0b:fa:92:0d:ef:64:4c:61:df:97:39:46:59:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  6 02:01:13 2025 GMT
            Not After : Jun  5 02:06:13 2026 GMT
        Subject: CN=FA475B7E60C2DFEF9F3C4FCC182889CC6397624E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f0:c5:62:33:82:dc:fb:91:09:5c:0e:fe:bf:
                    f9:82:ab:04:14:f4:75:28:c7:5e:35:12:a0:f5:a4:
                    d5:fd:e8:59:7b:48:b2:00:63:10:60:0a:54:a2:bd:
                    e4:4f:a8:dd:12:a1:f3:98:9f:2b:d8:1c:c0:c6:3c:
                    4c:14:c8:43:e3:5b:35:27:19:86:44:c3:f6:62:fb:
                    d3:f4:5c:6b:87:f5:66:aa:1f:58:78:3c:e5:8e:be:
                    f2:12:95:18:e8:fa:3d:fc:d2:1c:5b:92:95:52:93:
                    21:e9:b9:99:49:7c:b2:0a:e6:d4:14:14:04:2c:fb:
                    c3:20:44:08:9c:8d:fd:59:f9:71:b8:38:0c:51:c1:
                    14:5d:11:f2:07:2e:09:09:92:69:e4:78:dd:64:ef:
                    79:a7:c1:f5:b5:6d:b6:f7:88:7d:36:11:25:8f:7a:
                    67:be:b0:6d:ef:36:14:68:3c:94:52:b7:bc:b5:e9:
                    76:e9:0c:89:e8:f6:5d:21:bb:da:cc:8a:d5:81:74:
                    10:36:ae:af:f0:12:aa:b8:cc:fa:2a:07:f0:78:6b:
                    d3:2a:62:96:27:ff:9d:26:7f:19:bb:0e:f6:65:c1:
                    50:04:f6:dc:8d:16:75:ec:4d:78:e1:bf:93:ce:24:
                    62:b4:89:77:9f:2f:65:0a:26:75:e8:b2:a6:3c:d6:
                    e4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:47:5B:7E:60:C2:DF:EF:9F:3C:4F:CC:18:28:89:CC:63:97:62:4E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:75:0d:a7:9f:ab:d7:ef:d4:29:00:e3:2e:71:d6:57:cb:70:
         f1:c7:f6:da:bc:4a:69:cd:c9:3a:1b:20:20:9e:3c:3f:4c:8b:
         90:61:04:a5:0a:f0:db:8e:9a:f4:df:2b:c4:65:7d:fe:0e:c4:
         50:e0:1d:61:9f:80:63:9d:9d:9b:91:bd:da:26:5b:ae:28:b8:
         61:2d:46:ee:58:c5:59:30:10:d4:ab:fc:2f:bc:d1:23:df:7a:
         73:fc:88:6c:ad:b8:0f:59:d5:5d:38:ce:64:99:61:a2:02:d1:
         f3:ea:04:3e:be:f3:8f:c9:65:dd:64:76:dd:53:34:63:2a:98:
         8a:f2:0b:ce:0c:ba:34:19:71:33:a5:92:91:11:11:86:9c:58:
         52:e3:93:c4:74:11:48:50:2f:13:ad:38:16:8f:d8:8d:d7:fc:
         8c:fa:96:42:e2:4f:b2:ac:0f:c9:b6:01:54:3e:08:95:37:46:
         d1:e7:73:4c:bb:cc:46:aa:ba:39:f6:3d:4b:e9:29:3a:bf:41:
         f7:db:d7:08:24:f3:28:9c:72:4b:d6:02:7d:aa:90:32:44:d3:
         4d:5b:41:47:e9:95:2d:a8:2f:5d:6c:7c:16:bd:47:ec:73:ac:
         09:18:bf:c9:e6:9e:2d:72:f4:6b:19:b5:20:b8:e0:cd:74:77:
         b6:52:76:70
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUER63l+gtC/qSDe9kTGHflzlGWX4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDYwMjAxMTNaFw0yNjA2MDUwMjA2MTNaMDMxMTAvBgNV
BAMTKEZBNDc1QjdFNjBDMkRGRUY5RjNDNEZDQzE4Mjg4OUNDNjM5NzYyNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz8MViM4Lc+5EJXA7+v/mCqwQU
9HUox141EqD1pNX96Fl7SLIAYxBgClSiveRPqN0SofOYnyvYHMDGPEwUyEPjWzUn
GYZEw/Zi+9P0XGuH9WaqH1h4POWOvvISlRjo+j380hxbkpVSkyHpuZlJfLIK5tQU
FAQs+8MgRAicjf1Z+XG4OAxRwRRdEfIHLgkJkmnkeN1k73mnwfW1bbb3iH02ESWP
eme+sG3vNhRoPJRSt7y16XbpDIno9l0hu9rMitWBdBA2rq/wEqq4zPoqB/B4a9Mq
YpYn/50mfxm7DvZlwVAE9tyNFnXsTXjhv5POJGK0iXefL2UKJnXosqY81uQZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+kdbfmDC3++fPE/MGCiJzGOXYk4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGqAw
DQYJKoZIhvcNAQELBQADggEBACR1Daefq9fv1CkA4y5x1lfLcPHH9tq8SmnNyTob
ICCePD9Mi5BhBKUK8NuOmvTfK8Rlff4OxFDgHWGfgGOdnZuRvdomW64ouGEtRu5Y
xVkwENSr/C+80SPfenP8iGytuA9Z1V04zmSZYaIC0fPqBD6+84/JZd1kdt1TNGMq
mIryC84MujQZcTOlkpEREYacWFLjk8R0EUhQLxOtOBaP2I3X/Iz6lkLiT7KsD8m2
AVQ+CJU3RtHnc0y7zEaqujn2PUvpKTq/Qffb1wgk8yicckvWAn2qkDJE001bQUfp
lS2oL11sfBa9R+xzrAkYv8nmni1y9GsZtSC44M10d7ZSdnA=
-----END CERTIFICATE-----