Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS27176.roa
File:                     AS27176.roa (raw, json)
Hash identifier:          CY41MCHasVZE8sZk1oelUsADCsvKCKsJ+fqxwZqVsm4=
Subject key identifier:   99:64:0A:0E:7B:F1:59:F4:C0:F4:8D:69:47:A1:C5:10:39:D7:FC:69
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6F4360491D2B2D3353E1C963D645DAA0D76A8CE4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS27176.roa
Signing time:             Thu 23 Jan 2025 16:50:35 +0000
ROA not before:           Thu 23 Jan 2025 16:45:35 +0000
ROA not after:            Thu 22 Jan 2026 16:50:35 +0000
asID:                     27176
IP address blocks:        82.21.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:43:60:49:1d:2b:2d:33:53:e1:c9:63:d6:45:da:a0:d7:6a:8c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 23 16:45:35 2025 GMT
            Not After : Jan 22 16:50:35 2026 GMT
        Subject: CN=99640A0E7BF159F4C0F48D6947A1C51039D7FC69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3b:b7:13:43:45:d6:0f:37:f3:99:da:ef:6d:
                    57:4f:cc:13:d9:5f:59:b7:9e:22:f3:df:c3:7e:12:
                    bc:e5:6b:5d:a1:39:43:0b:b6:ff:7c:aa:90:a5:71:
                    7b:bf:ff:6a:4e:17:20:fd:d7:32:19:d5:0b:ca:1a:
                    0c:ea:8a:a3:41:b0:15:6c:81:af:93:7b:8e:bf:35:
                    b3:84:c7:2a:6f:e3:9a:96:71:61:f4:7a:94:1c:6b:
                    2a:87:be:9e:b9:a6:55:bc:92:84:0f:ae:db:0c:95:
                    3d:69:e9:b2:8d:73:cf:45:b6:c2:89:1c:6b:a2:2b:
                    3f:3f:5a:fb:39:2d:be:d3:93:88:18:19:d0:fe:cb:
                    d5:e5:ad:95:9b:1f:26:52:3a:eb:af:8d:10:e6:38:
                    2a:fe:56:51:2a:67:db:d0:68:ea:e7:6d:23:89:d3:
                    5e:74:3a:7a:44:36:b7:11:c5:03:c7:96:d6:fc:8a:
                    9e:dd:7e:2b:e9:c8:39:69:22:14:f4:43:e8:41:f9:
                    47:da:db:f5:ab:a1:9e:bd:99:1c:54:c4:62:58:34:
                    f7:52:93:a2:49:68:5b:63:9d:c5:04:ef:ea:03:ff:
                    9a:3c:38:72:8a:5d:57:36:9d:82:d6:06:e6:96:6b:
                    80:d7:7e:83:11:ee:e7:a2:0f:bf:9a:61:c6:2e:d1:
                    a6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:64:0A:0E:7B:F1:59:F4:C0:F4:8D:69:47:A1:C5:10:39:D7:FC:69
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS27176.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:5a:d0:9e:eb:45:3a:68:09:b5:ce:14:68:fa:e1:08:dd:26:
         86:86:3b:3a:42:a0:62:90:57:a8:f8:c0:c9:89:c0:f1:ea:ef:
         60:c3:63:42:1f:45:af:64:72:b2:98:26:13:75:74:56:93:11:
         9e:a2:24:f3:1a:dc:8e:c4:22:55:bc:a6:31:80:45:ea:dc:f9:
         12:94:cd:e0:e8:a6:af:c4:f1:45:6d:92:87:b4:70:be:06:bb:
         e2:eb:2d:59:74:87:51:91:e2:11:4d:63:41:6b:dc:82:ee:39:
         82:da:19:39:b8:1b:9f:2b:b2:3b:44:06:03:15:9b:34:ba:f3:
         10:e0:df:8f:ee:8d:ca:02:39:af:80:1e:d0:eb:05:c6:c1:81:
         50:9e:02:d3:94:fb:83:cb:8c:f8:e2:10:8d:ac:78:a0:40:46:
         b9:38:63:71:80:3a:97:a7:4e:01:4c:7c:1b:45:d3:94:23:63:
         16:cc:c7:1f:22:d2:8d:24:37:8f:cb:67:59:c1:7c:97:41:ce:
         6c:4c:1f:60:b9:31:cc:c4:15:80:72:59:e3:76:ec:79:df:55:
         24:ae:5e:c8:53:7d:2f:cc:8c:b8:5f:19:dd:56:8f:8c:07:39:
         d1:f0:6d:d3:9a:e5:9f:82:6a:c0:71:40:54:82:27:cf:f0:8e:
         e4:5b:5b:63
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUb0NgSR0rLTNT4clj1kXaoNdqjOQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjMxNjQ1MzVaFw0yNjAxMjIxNjUwMzVaMDMxMTAvBgNV
BAMTKDk5NjQwQTBFN0JGMTU5RjRDMEY0OEQ2OTQ3QTFDNTEwMzlEN0ZDNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+O7cTQ0XWDzfzmdrvbVdPzBPZ
X1m3niLz38N+Erzla12hOUMLtv98qpClcXu//2pOFyD91zIZ1QvKGgzqiqNBsBVs
ga+Te46/NbOExypv45qWcWH0epQcayqHvp65plW8koQPrtsMlT1p6bKNc89FtsKJ
HGuiKz8/Wvs5Lb7Tk4gYGdD+y9XlrZWbHyZSOuuvjRDmOCr+VlEqZ9vQaOrnbSOJ
0150OnpENrcRxQPHltb8ip7dfivpyDlpIhT0Q+hB+Ufa2/WroZ69mRxUxGJYNPdS
k6JJaFtjncUE7+oD/5o8OHKKXVc2nYLWBuaWa4DXfoMR7ueiD7+aYcYu0aZfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUmWQKDnvxWfTA9I1pR6HFEDnX/GkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjcxNzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFbkw
DQYJKoZIhvcNAQELBQADggEBAGla0J7rRTpoCbXOFGj64QjdJoaGOzpCoGKQV6j4
wMmJwPHq72DDY0IfRa9kcrKYJhN1dFaTEZ6iJPMa3I7EIlW8pjGARerc+RKUzeDo
pq/E8UVtkoe0cL4Gu+LrLVl0h1GR4hFNY0Fr3ILuOYLaGTm4G58rsjtEBgMVmzS6
8xDg34/ujcoCOa+AHtDrBcbBgVCeAtOU+4PLjPjiEI2seKBARrk4Y3GAOpenTgFM
fBtF05QjYxbMxx8i0o0kN4/LZ1nBfJdBzmxMH2C5MczEFYByWeN27HnfVSSuXshT
fS/MjLhfGd1Wj4wHOdHwbdOa5Z+CasBxQFSCJ8/wjuRbW2M=
-----END CERTIFICATE-----