Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          9e3/LiGleabw4QQjsbB3iDVSO1ZcKoELu9Nw2YmZzR4=
Subject key identifier:   C4:3E:42:81:31:7D:90:F2:28:F5:77:A5:D8:EC:99:D1:10:76:3E:20
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5812A580D785671A026C345C51A73111BED2AE7B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa
Signing time:             Sat 09 Aug 2025 17:46:51 +0000
ROA not before:           Sat 09 Aug 2025 17:41:51 +0000
ROA not after:            Sat 08 Aug 2026 17:46:51 +0000
asID:                     23470
IP address blocks:        82.24.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 01:23:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:12:a5:80:d7:85:67:1a:02:6c:34:5c:51:a7:31:11:be:d2:ae:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  9 17:41:51 2025 GMT
            Not After : Aug  8 17:46:51 2026 GMT
        Subject: CN=C43E4281317D90F228F577A5D8EC99D110763E20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:08:68:7b:6c:cd:8b:cd:65:0c:c6:5f:ea:82:
                    f2:a7:91:0d:1c:e4:94:7f:19:f0:de:25:b5:70:61:
                    5f:25:d7:e9:f6:f8:34:da:8f:72:6e:c0:95:0a:40:
                    6f:75:14:ca:96:46:f7:87:cd:6a:78:da:72:b6:bb:
                    0d:b1:59:bc:ec:2d:d7:42:66:69:5a:b5:26:0a:e4:
                    4c:d5:e4:b6:8a:7b:5b:24:8c:db:fb:c0:ea:04:b1:
                    f8:bc:5e:d0:02:61:d1:a7:40:5e:5b:7b:bb:26:1c:
                    58:2a:1d:19:b9:cc:b5:f5:b8:8f:a6:86:f1:8f:2b:
                    b7:94:bb:9d:01:b2:7e:ae:4b:d7:fc:28:da:2d:2e:
                    95:26:79:02:c5:58:df:6a:0e:36:c1:ce:b2:02:71:
                    cf:44:8c:fa:63:ce:1e:57:ff:5d:c8:d4:26:4c:7c:
                    86:99:1b:15:0e:ec:54:4c:88:37:48:d0:f4:c0:f7:
                    34:32:ce:f5:78:ac:68:ec:20:26:95:38:99:bc:84:
                    70:2b:f2:2b:b0:e9:b9:a0:86:26:3d:b5:95:0b:6b:
                    ff:a9:d9:d4:49:43:f1:ed:ba:25:35:ef:3b:9c:8d:
                    1a:ab:95:6a:55:6e:7f:2e:e3:63:4e:0e:24:24:2a:
                    e5:8f:1c:a6:d3:ac:86:82:c3:42:e4:bb:ba:f7:da:
                    c9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:3E:42:81:31:7D:90:F2:28:F5:77:A5:D8:EC:99:D1:10:76:3E:20
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:af:d2:81:6d:2a:3c:c8:78:3d:24:06:87:8e:df:31:2a:b5:
         12:fa:ca:30:d1:e5:97:f2:79:7e:ac:3a:9f:47:fb:3a:7f:f8:
         91:1c:24:8a:b2:99:01:c5:56:5d:bb:44:ac:ba:d6:19:22:14:
         90:a2:49:01:a2:fa:f8:39:e6:5c:04:fb:8b:12:a4:f7:51:23:
         68:17:f4:b5:50:37:ad:ea:76:6f:a9:67:62:ed:9c:92:01:f8:
         89:02:23:5e:fc:d7:ea:45:e5:2c:af:09:e5:dd:94:dc:f4:5d:
         73:5a:1c:84:3b:b0:49:85:cb:67:f2:c4:1c:bc:47:79:10:d7:
         9b:c1:00:68:b5:a1:98:6a:ac:5d:33:89:96:35:c3:d8:bf:6e:
         32:8a:47:e2:27:de:e0:8b:69:90:ac:7b:c3:cd:1a:89:62:17:
         49:5f:70:b8:70:04:7a:7b:4e:a1:5e:fd:22:85:35:11:7c:f3:
         66:40:b5:13:58:37:0e:89:53:f6:18:76:85:49:3b:f8:6e:42:
         91:2e:e9:52:0f:cf:4a:62:fd:d9:88:a6:66:ab:ab:fa:87:6e:
         fb:18:4c:fa:50:4f:f0:80:0c:36:ca:ae:5f:3e:5d:2a:f2:aa:
         10:8d:26:b3:a0:1e:ec:1d:79:63:b8:5b:b7:35:69:d9:e3:ea:
         1b:51:71:9d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWBKlgNeFZxoCbDRcUacxEb7SrnswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDkxNzQxNTFaFw0yNjA4MDgxNzQ2NTFaMDMxMTAvBgNV
BAMTKEM0M0U0MjgxMzE3RDkwRjIyOEY1NzdBNUQ4RUM5OUQxMTA3NjNFMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpCGh7bM2LzWUMxl/qgvKnkQ0c
5JR/GfDeJbVwYV8l1+n2+DTaj3JuwJUKQG91FMqWRveHzWp42nK2uw2xWbzsLddC
ZmlatSYK5EzV5LaKe1skjNv7wOoEsfi8XtACYdGnQF5be7smHFgqHRm5zLX1uI+m
hvGPK7eUu50Bsn6uS9f8KNotLpUmeQLFWN9qDjbBzrICcc9EjPpjzh5X/13I1CZM
fIaZGxUO7FRMiDdI0PTA9zQyzvV4rGjsICaVOJm8hHAr8iuw6bmghiY9tZULa/+p
2dRJQ/HtuiU17zucjRqrlWpVbn8u42NODiQkKuWPHKbTrIaCw0Lku7r32sklAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUxD5CgTF9kPIo9Xel2OyZ0RB2PiAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGHsw
DQYJKoZIhvcNAQELBQADggEBAFiv0oFtKjzIeD0kBoeO3zEqtRL6yjDR5ZfyeX6s
Op9H+zp/+JEcJIqymQHFVl27RKy61hkiFJCiSQGi+vg55lwE+4sSpPdRI2gX9LVQ
N63qdm+pZ2LtnJIB+IkCI1781+pF5SyvCeXdlNz0XXNaHIQ7sEmFy2fyxBy8R3kQ
15vBAGi1oZhqrF0ziZY1w9i/bjKKR+In3uCLaZCse8PNGoliF0lfcLhwBHp7TqFe
/SKFNRF882ZAtRNYNw6JU/YYdoVJO/huQpEu6VIPz0pi/dmIpmarq/qHbvsYTPpQ
T/CADDbKrl8+XSryqhCNJrOgHuwdeWO4W7c1adnj6htRcZ0=
-----END CERTIFICATE-----