Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS274078.roa
File:                     AS274078.roa (raw, json)
Hash identifier:          fKILIOHFTHzl1NP8aC/DZDnGJxbNy8X+kif/Z9W9Mfs=
Subject key identifier:   8E:85:BB:CA:70:01:3F:FD:B0:85:D0:7C:BC:0F:A3:7D:84:99:F7:8C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5363BF2A945A9A17EBABDB4A1FF5CF64D1666649
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS274078.roa
Signing time:             Thu 27 Mar 2025 10:10:20 +0000
ROA not before:           Thu 27 Mar 2025 10:05:20 +0000
ROA not after:            Thu 26 Mar 2026 10:10:20 +0000
asID:                     274078
IP address blocks:        82.27.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:63:bf:2a:94:5a:9a:17:eb:ab:db:4a:1f:f5:cf:64:d1:66:66:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 27 10:05:20 2025 GMT
            Not After : Mar 26 10:10:20 2026 GMT
        Subject: CN=8E85BBCA70013FFDB085D07CBC0FA37D8499F78C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a7:ca:23:bb:fa:18:8d:cd:f7:d4:cc:84:9d:
                    46:05:d1:2b:0d:38:39:a1:43:5d:de:12:39:33:8b:
                    d2:62:f5:59:e0:f8:d0:8a:79:d9:d3:f6:94:6d:e5:
                    74:b5:3e:f4:32:7c:c2:70:aa:45:98:1f:7b:f2:1f:
                    e3:9d:be:a9:4f:07:af:f9:02:47:cf:19:23:9f:5d:
                    34:3e:fc:a5:01:3b:56:53:d0:5d:9a:d9:24:3e:ae:
                    06:08:24:56:90:5e:87:a8:dd:fb:e0:92:dc:d2:87:
                    ef:fb:8c:94:89:ab:e5:92:cd:79:44:92:d5:7f:62:
                    ba:9d:e7:dc:ed:e5:2d:05:b7:d8:89:4c:93:20:19:
                    28:2a:90:b3:a0:f8:de:ee:3f:e1:1e:2a:18:32:98:
                    18:4f:8b:00:5a:ef:ff:90:b4:75:14:7e:13:6e:3e:
                    91:e6:d6:e8:7b:20:d9:f4:03:f0:d0:87:9b:ba:4b:
                    24:94:43:fd:77:a9:97:f7:7e:2e:1b:57:1f:2a:e0:
                    c7:8f:69:25:2a:e2:84:e1:05:9c:d8:f2:9f:e0:ca:
                    2e:ca:45:ba:a0:12:b4:00:31:7f:3a:cc:49:cc:22:
                    c2:54:8a:4d:33:85:6c:81:46:aa:ad:ef:2a:ae:72:
                    5c:c0:0e:af:6e:7c:b6:c5:f3:10:94:a6:79:3e:af:
                    70:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:85:BB:CA:70:01:3F:FD:B0:85:D0:7C:BC:0F:A3:7D:84:99:F7:8C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS274078.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:85:db:a8:26:f6:b3:78:bd:9f:5f:a3:0a:58:c1:a4:4c:1f:
         80:0d:7c:ca:02:41:6e:ab:76:36:c5:c3:9b:27:55:bb:f2:06:
         23:9b:4e:c7:9e:f6:03:58:64:30:a0:c3:d5:70:47:55:d6:a4:
         4f:73:45:0f:63:4c:40:fc:70:d4:68:de:1c:75:93:95:f9:77:
         bd:1f:ae:44:e5:7e:bb:95:18:8a:85:7a:3a:28:5a:bd:79:a3:
         0c:29:94:9e:27:23:2b:8b:53:61:fb:1b:3b:30:2e:d2:bb:78:
         c6:6d:1c:bf:ae:76:0c:40:2e:af:15:13:49:d7:c8:bd:0b:91:
         cd:3e:44:1d:7c:96:12:60:2d:93:af:39:56:ac:c2:be:81:8b:
         9e:dc:01:68:01:6d:d0:3a:0a:5a:a2:c5:53:6c:87:b3:56:93:
         a9:42:bf:ca:d3:5e:48:75:da:55:05:b3:57:c3:7a:6e:23:ab:
         34:21:ab:2b:72:eb:72:de:b8:30:55:17:64:99:f1:72:86:53:
         50:b3:82:86:86:b2:2c:9d:24:b2:a9:e5:4b:d7:8d:bb:87:7b:
         9c:fe:30:58:ef:a1:72:ad:58:de:d8:e6:e1:70:92:f6:05:9a:
         dd:9a:4f:73:81:43:ab:00:e7:f7:bc:36:01:9c:5d:b2:13:b4:
         3d:2e:9d:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU2O/KpRamhfrq9tKH/XPZNFmZkkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAzMjcxMDA1MjBaFw0yNjAzMjYxMDEwMjBaMDMxMTAvBgNV
BAMTKDhFODVCQkNBNzAwMTNGRkRCMDg1RDA3Q0JDMEZBMzdEODQ5OUY3OEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1p8oju/oYjc331MyEnUYF0SsN
ODmhQ13eEjkzi9Ji9Vng+NCKednT9pRt5XS1PvQyfMJwqkWYH3vyH+OdvqlPB6/5
AkfPGSOfXTQ+/KUBO1ZT0F2a2SQ+rgYIJFaQXoeo3fvgktzSh+/7jJSJq+WSzXlE
ktV/Yrqd59zt5S0Ft9iJTJMgGSgqkLOg+N7uP+EeKhgymBhPiwBa7/+QtHUUfhNu
PpHm1uh7INn0A/DQh5u6SySUQ/13qZf3fi4bVx8q4MePaSUq4oThBZzY8p/gyi7K
RbqgErQAMX86zEnMIsJUik0zhWyBRqqt7yquclzADq9ufLbF8xCUpnk+r3CDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjoW7ynABP/2whdB8vA+jfYSZ94wwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjc0MDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhtm
MA0GCSqGSIb3DQEBCwUAA4IBAQB8hduoJvazeL2fX6MKWMGkTB+ADXzKAkFuq3Y2
xcObJ1W78gYjm07HnvYDWGQwoMPVcEdV1qRPc0UPY0xA/HDUaN4cdZOV+Xe9H65E
5X67lRiKhXo6KFq9eaMMKZSeJyMri1Nh+xs7MC7Su3jGbRy/rnYMQC6vFRNJ18i9
C5HNPkQdfJYSYC2TrzlWrMK+gYue3AFoAW3QOgpaosVTbIezVpOpQr/K015IddpV
BbNXw3puI6s0Iasrcuty3rgwVRdkmfFyhlNQs4KGhrIsnSSyqeVL1427h3uc/jBY
76FyrVje2ObhcJL2BZrdmk9zgUOrAOf3vDYBnF2yE7Q9Lp27
-----END CERTIFICATE-----