Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33355.roa
File:                     AS33355.roa (raw, json)
Hash identifier:          JuPx1iYgCJhcYAo2kjxLo5+SAPxm6YD+cp14mUL2DkM=
Subject key identifier:   85:F3:FD:02:45:C9:6C:A6:2C:6B:78:E0:85:F5:4A:99:EB:4E:7C:4C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       68F6E7C12ADBA0039EDC42A345A84230B8569FD5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33355.roa
Signing time:             Tue 26 May 2026 09:06:20 +0000
ROA not before:           Tue 26 May 2026 09:01:20 +0000
ROA not after:            Tue 25 May 2027 09:06:20 +0000
asID:                     33355
IP address blocks:        82.39.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f6:e7:c1:2a:db:a0:03:9e:dc:42:a3:45:a8:42:30:b8:56:9f:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 26 09:01:20 2026 GMT
            Not After : May 25 09:06:20 2027 GMT
        Subject: CN=85F3FD0245C96CA62C6B78E085F54A99EB4E7C4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6d:df:09:87:20:9e:2d:a5:9b:c3:d4:37:c5:
                    5c:21:fa:b4:92:de:5c:87:67:a6:33:17:00:df:b8:
                    d8:bd:eb:34:98:c9:c7:32:80:10:71:8f:60:21:69:
                    aa:3e:52:3c:ca:ab:37:c1:96:4d:b5:fd:4d:04:1c:
                    0a:02:61:55:b4:d1:ba:e3:1c:69:89:c0:03:2d:b6:
                    c3:39:22:44:7d:4f:c0:be:35:b6:d4:d1:2d:1c:62:
                    64:2a:d3:c6:ec:0e:0f:0d:0e:d4:6d:df:07:50:37:
                    0f:3d:7a:cc:51:52:3e:9c:ea:e0:44:2e:cf:8e:6f:
                    be:c3:32:32:af:87:78:76:c0:c9:84:93:f2:2b:c9:
                    12:e2:3f:59:9f:a1:f1:89:c9:3a:b1:1a:2e:43:42:
                    85:81:65:ca:f9:f2:e1:aa:d9:bd:cc:25:d7:2a:8d:
                    7c:7e:8c:00:4c:5d:95:37:6e:05:80:dc:4d:8a:b8:
                    04:ce:ce:f7:e3:e0:cf:9e:49:ba:21:d0:ba:44:1e:
                    24:39:c0:f9:44:c3:38:b9:03:b8:08:50:77:52:19:
                    0b:36:4b:11:a2:fe:a4:9f:39:f1:a9:ad:a4:f2:ad:
                    1c:5a:60:a6:d2:59:bc:2f:e8:35:11:fc:91:d7:c2:
                    7c:ab:84:13:32:d1:71:78:0e:01:04:2e:15:d5:99:
                    bf:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F3:FD:02:45:C9:6C:A6:2C:6B:78:E0:85:F5:4A:99:EB:4E:7C:4C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS33355.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:7b:6a:ab:67:76:04:3d:d1:3b:a9:b7:88:94:df:a0:fb:e8:
         56:f5:26:67:27:90:b2:7d:8b:00:13:71:e9:a5:38:2b:e7:6a:
         88:01:fc:98:b8:8d:1a:39:36:4d:16:05:35:92:13:10:15:96:
         f3:4f:5a:e1:4a:7f:3d:16:7a:74:a5:a0:1d:2c:a6:f5:74:18:
         a2:8a:f0:99:ad:e7:ac:e8:f6:32:68:dd:c4:31:a2:34:3b:8c:
         a2:94:6e:a6:5d:43:bc:a5:d7:96:13:e8:7f:43:9f:9e:19:84:
         44:77:72:f3:a1:7a:12:12:38:19:4e:50:e1:c4:22:25:4c:91:
         5b:15:3a:5f:a6:b4:50:a0:0a:5d:cb:b2:ff:b5:b7:80:63:cf:
         0b:a4:9a:2a:a0:2f:c3:71:bc:64:7c:ab:5f:fe:55:a9:d6:94:
         13:6c:82:8e:e3:d1:ee:7b:91:77:20:e7:a4:0f:b4:15:24:73:
         53:8a:94:8c:c5:83:5f:8b:dd:f3:46:8b:e4:30:4a:49:2f:c3:
         65:ef:00:c4:c8:e4:fb:77:fd:7a:75:5d:a4:c2:db:94:d9:ef:
         f2:5b:90:11:b5:ad:9f:8b:93:c8:fc:af:31:3d:7e:06:13:cc:
         3f:fe:54:8c:7c:98:dc:79:bd:86:3a:3c:81:e3:aa:c0:c0:07:
         4f:bb:91:81
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaPbnwSrboAOe3EKjRahCMLhWn9UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjYwOTAxMjBaFw0yNzA1MjUwOTA2MjBaMDMxMTAvBgNV
BAMTKDg1RjNGRDAyNDVDOTZDQTYyQzZCNzhFMDg1RjU0QTk5RUI0RTdDNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDbd8JhyCeLaWbw9Q3xVwh+rSS
3lyHZ6YzFwDfuNi96zSYyccygBBxj2Ahaao+UjzKqzfBlk21/U0EHAoCYVW00brj
HGmJwAMttsM5IkR9T8C+NbbU0S0cYmQq08bsDg8NDtRt3wdQNw89esxRUj6c6uBE
Ls+Ob77DMjKvh3h2wMmEk/IryRLiP1mfofGJyTqxGi5DQoWBZcr58uGq2b3MJdcq
jXx+jABMXZU3bgWA3E2KuATOzvfj4M+eSboh0LpEHiQ5wPlEwzi5A7gIUHdSGQs2
SxGi/qSfOfGpraTyrRxaYKbSWbwv6DUR/JHXwnyrhBMy0XF4DgEELhXVmb/pAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUhfP9AkXJbKYsa3jghfVKmetOfEwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzMzNTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSJ3Qw
DQYJKoZIhvcNAQELBQADggEBACV7aqtndgQ90Tupt4iU36D76Fb1JmcnkLJ9iwAT
cemlOCvnaogB/Ji4jRo5Nk0WBTWSExAVlvNPWuFKfz0WenSloB0spvV0GKKK8Jmt
56zo9jJo3cQxojQ7jKKUbqZdQ7yl15YT6H9Dn54ZhER3cvOhehISOBlOUOHEIiVM
kVsVOl+mtFCgCl3Lsv+1t4BjzwukmiqgL8NxvGR8q1/+VanWlBNsgo7j0e57kXcg
56QPtBUkc1OKlIzFg1+L3fNGi+QwSkkvw2XvAMTI5Pt3/Xp1XaTC25TZ7/JbkBG1
rZ+Lk8j8rzE9fgYTzD/+VIx8mNx5vYY6PIHjqsDAB0+7kYE=
-----END CERTIFICATE-----