Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          hqrODgBz/mGilxVXR5UgOOEgwvyu3vN/uI+MP69kmq0=
Subject key identifier:   6A:49:2B:2A:F6:5D:F3:A1:BF:C2:BA:6A:80:49:25:9D:C4:D5:02:0F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       137F8326D756B3B36C43DCABA2D1639AD9268D87
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa
Signing time:             Fri 27 Mar 2026 10:17:21 +0000
ROA not before:           Fri 27 Mar 2026 10:12:21 +0000
ROA not after:            Fri 26 Mar 2027 10:17:21 +0000
asID:                     23470
IP address blocks:        82.41.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 15:15:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:7f:83:26:d7:56:b3:b3:6c:43:dc:ab:a2:d1:63:9a:d9:26:8d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 27 10:12:21 2026 GMT
            Not After : Mar 26 10:17:21 2027 GMT
        Subject: CN=6A492B2AF65DF3A1BFC2BA6A8049259DC4D5020F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:06:ca:1d:45:13:bb:f4:26:e1:0c:c8:c1:48:
                    08:c1:8a:dc:58:b6:1a:ab:86:0e:41:e9:2e:63:02:
                    b9:2b:39:57:41:92:5f:70:d7:9a:d5:60:9a:f0:eb:
                    b5:35:06:b1:4e:79:b1:f5:e0:2b:82:a7:52:52:97:
                    f5:91:b1:2f:f6:4d:48:32:4d:dd:cf:3d:3c:ba:7e:
                    57:11:2d:97:c3:63:9e:95:30:40:4f:10:1a:aa:39:
                    d8:08:5e:01:2b:96:51:a0:19:60:b1:75:2f:bb:f1:
                    61:00:5c:31:94:51:6c:70:19:53:df:89:09:9a:d8:
                    64:73:be:9d:d7:f3:43:16:0c:f9:39:97:f0:c2:b0:
                    18:66:3f:75:ec:08:2a:52:de:b2:d7:91:fd:47:8d:
                    60:3c:a0:0e:4a:e8:34:df:ac:f6:ab:54:1d:40:98:
                    ed:4e:ed:b4:ab:00:84:6c:c4:65:23:b4:f6:06:9b:
                    2b:a2:c4:f4:ba:2c:42:50:56:10:7f:1e:ee:22:a6:
                    79:87:6a:0c:01:8c:41:d7:c4:2a:79:e0:e1:bd:a7:
                    0a:94:f4:6a:f9:96:11:6b:fc:e9:7d:8e:ab:8c:43:
                    f6:c4:45:74:fc:6c:bc:bd:3b:88:4a:0a:f4:45:d1:
                    92:2d:f0:cf:d7:39:78:ad:bc:43:35:1c:79:23:62:
                    9d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:49:2B:2A:F6:5D:F3:A1:BF:C2:BA:6A:80:49:25:9D:C4:D5:02:0F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:0d:af:88:35:70:38:12:d1:ec:96:b1:a7:41:d2:2b:52:f5:
         86:25:b2:66:c2:54:57:63:c6:6c:ee:75:2f:2e:9b:ee:5f:96:
         40:11:54:bf:82:1f:f6:8f:42:ca:de:50:f0:49:51:0a:40:63:
         a0:a4:89:c1:f3:1d:c7:e8:8f:a3:23:f9:23:62:54:eb:00:c6:
         02:2f:6d:a2:cb:72:30:08:2b:14:26:11:35:ba:40:4e:a3:42:
         58:8f:ad:d8:81:70:79:00:46:9f:ca:6a:b4:e6:81:10:84:6b:
         dc:39:1b:b2:63:a6:36:81:f9:ae:c8:79:48:d4:55:38:9c:37:
         33:b3:63:8c:ad:f7:a6:2d:6e:20:64:c9:33:35:bc:a8:f6:17:
         ee:30:61:34:65:e1:3c:20:b2:ad:99:38:68:f2:c7:e5:88:7f:
         66:e7:6f:c8:2b:f4:4e:07:0a:da:f0:92:cd:03:93:70:15:7c:
         64:ba:ca:f4:d6:d5:e8:e6:d9:13:42:09:e2:76:51:0b:b8:68:
         ed:ea:4e:79:b5:90:c4:37:52:e9:77:d6:7c:6a:8a:fd:76:64:
         e8:19:d7:00:cb:84:8a:40:94:5c:c7:4f:bd:f9:ec:cd:02:90:
         05:37:88:d6:62:66:24:1e:b1:60:66:88:26:54:c8:52:ec:5a:
         ab:98:e3:25
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUE3+DJtdWs7NsQ9yrotFjmtkmjYcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjcxMDEyMjFaFw0yNzAzMjYxMDE3MjFaMDMxMTAvBgNV
BAMTKDZBNDkyQjJBRjY1REYzQTFCRkMyQkE2QTgwNDkyNTlEQzRENTAyMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcBsodRRO79CbhDMjBSAjBitxY
thqrhg5B6S5jArkrOVdBkl9w15rVYJrw67U1BrFOebH14CuCp1JSl/WRsS/2TUgy
Td3PPTy6flcRLZfDY56VMEBPEBqqOdgIXgErllGgGWCxdS+78WEAXDGUUWxwGVPf
iQma2GRzvp3X80MWDPk5l/DCsBhmP3XsCCpS3rLXkf1HjWA8oA5K6DTfrParVB1A
mO1O7bSrAIRsxGUjtPYGmyuixPS6LEJQVhB/Hu4ipnmHagwBjEHXxCp54OG9pwqU
9Gr5lhFr/Ol9jquMQ/bERXT8bLy9O4hKCvRF0ZIt8M/XOXitvEM1HHkjYp2DAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUakkrKvZd86G/wrpqgEklncTVAg8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSKYQw
DQYJKoZIhvcNAQELBQADggEBAHkNr4g1cDgS0eyWsadB0itS9YYlsmbCVFdjxmzu
dS8um+5flkARVL+CH/aPQsreUPBJUQpAY6CkicHzHcfoj6Mj+SNiVOsAxgIvbaLL
cjAIKxQmETW6QE6jQliPrdiBcHkARp/KarTmgRCEa9w5G7JjpjaB+a7IeUjUVTic
NzOzY4yt96YtbiBkyTM1vKj2F+4wYTRl4Twgsq2ZOGjyx+WIf2bnb8gr9E4HCtrw
ks0Dk3AVfGS6yvTW1ejm2RNCCeJ2UQu4aO3qTnm1kMQ3Uul31nxqiv12ZOgZ1wDL
hIpAlFzHT7357M0CkAU3iNZiZiQesWBmiCZUyFLsWquY4yU=
-----END CERTIFICATE-----