Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395517.roa
File:                     AS395517.roa (raw, json)
Hash identifier:          SadrvFv/ZSYlzu1+1RGLHhGOgaKihnrLyc8sqVReKgU=
Subject key identifier:   52:0D:CF:9A:84:E0:D8:21:0B:86:3F:8B:90:12:B5:70:A1:C2:86:7B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6EC287459DEDA0C440D87BE863AD8FBED2B23311
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395517.roa
Signing time:             Wed 29 Jan 2025 04:56:42 +0000
ROA not before:           Wed 29 Jan 2025 04:51:42 +0000
ROA not after:            Wed 28 Jan 2026 04:56:42 +0000
asID:                     395517
IP address blocks:        82.21.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:c2:87:45:9d:ed:a0:c4:40:d8:7b:e8:63:ad:8f:be:d2:b2:33:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 29 04:51:42 2025 GMT
            Not After : Jan 28 04:56:42 2026 GMT
        Subject: CN=520DCF9A84E0D8210B863F8B9012B570A1C2867B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ff:c8:26:71:f6:a4:f6:d2:49:c3:08:7f:9a:
                    a5:9a:77:a0:59:df:81:09:95:00:e8:86:27:31:7e:
                    b3:8d:f7:84:84:f5:d5:1f:9b:0b:bc:d5:b7:fb:22:
                    78:e4:db:f9:39:b7:dd:78:54:60:c2:d0:2e:04:5a:
                    b6:ba:cb:88:02:bc:35:c0:9e:87:22:b4:55:21:9c:
                    ee:8d:dd:e1:96:54:19:14:4a:9d:82:f2:44:ed:e3:
                    49:ef:14:6b:ee:1b:74:be:32:63:78:a3:64:f9:bf:
                    ef:c6:ae:9f:2d:31:fb:f0:ff:5f:a2:43:91:06:37:
                    4c:cd:73:35:21:53:d3:df:32:ab:4b:77:0b:ba:7e:
                    32:f4:03:45:3d:8a:90:c5:82:ba:35:8b:b0:68:06:
                    4a:62:5d:28:0c:00:42:e6:45:36:0e:c8:83:4e:af:
                    09:b3:86:fd:a6:42:5c:52:09:ae:b8:bc:f5:11:26:
                    3c:51:7a:ce:30:c8:4c:fc:c9:ef:88:77:6d:11:83:
                    e9:4d:81:00:c5:b1:4d:4d:88:03:10:2f:47:93:fe:
                    9f:04:7c:ad:54:e3:76:95:dd:96:e0:89:e9:55:6c:
                    92:7f:0f:b5:dc:c4:91:83:be:dc:39:c8:fe:41:2d:
                    4d:60:0d:d0:73:b8:9a:e6:a0:06:94:05:1d:09:0b:
                    eb:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:0D:CF:9A:84:E0:D8:21:0B:86:3F:8B:90:12:B5:70:A1:C2:86:7B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:c5:52:68:42:e9:5b:75:f5:cd:2a:77:16:5b:89:ae:63:e3:
         ca:ba:9b:97:67:77:be:b3:88:12:97:7a:c4:64:cc:85:34:18:
         5c:31:69:04:61:de:51:51:11:5e:5b:e4:14:7f:54:33:5d:47:
         1d:f7:c2:77:e9:16:85:7d:c7:a6:d8:16:32:9e:79:a6:52:3c:
         a4:6a:5d:6c:cb:f3:84:64:a5:0e:bb:fb:fe:ee:07:fe:8d:17:
         49:1b:a2:a1:25:2a:6e:b7:de:14:e6:cc:3a:a8:73:ae:b5:4d:
         53:e6:75:fb:ee:dc:0b:d1:8e:93:40:54:3d:54:57:eb:38:dc:
         70:3e:f6:c1:8a:58:b9:d3:45:4b:aa:8e:7f:0f:f2:42:57:24:
         be:e3:a8:3e:45:33:1f:85:a1:3e:e0:c2:6b:65:f3:50:0b:09:
         51:b6:8f:03:c1:c7:2a:7f:dc:5b:f9:90:5d:18:82:04:ea:a9:
         09:15:b2:c4:79:e3:18:5e:61:5b:42:46:ff:50:09:6c:88:ff:
         b0:6a:1f:e7:cf:f5:35:69:af:d4:72:1b:a4:a6:7d:58:cb:11:
         5f:1a:3d:f3:7b:75:db:6d:93:0c:35:80:31:1e:1a:e8:7c:d3:
         06:76:9b:21:fa:82:19:9e:05:48:33:7b:6c:3b:92:23:eb:15:
         37:53:73:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbsKHRZ3toMRA2HvoY62PvtKyMxEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjkwNDUxNDJaFw0yNjAxMjgwNDU2NDJaMDMxMTAvBgNV
BAMTKDUyMERDRjlBODRFMEQ4MjEwQjg2M0Y4QjkwMTJCNTcwQTFDMjg2N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDu/8gmcfak9tJJwwh/mqWad6BZ
34EJlQDohicxfrON94SE9dUfmwu81bf7Injk2/k5t914VGDC0C4EWra6y4gCvDXA
nocitFUhnO6N3eGWVBkUSp2C8kTt40nvFGvuG3S+MmN4o2T5v+/Grp8tMfvw/1+i
Q5EGN0zNczUhU9PfMqtLdwu6fjL0A0U9ipDFgro1i7BoBkpiXSgMAELmRTYOyINO
rwmzhv2mQlxSCa64vPURJjxRes4wyEz8ye+Id20Rg+lNgQDFsU1NiAMQL0eT/p8E
fK1U43aV3ZbgielVbJJ/D7XcxJGDvtw5yP5BLU1gDdBzuJrmoAaUBR0JC+sbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUg3PmoTg2CELhj+LkBK1cKHChnswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk1NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUhUU
MA0GCSqGSIb3DQEBCwUAA4IBAQBoxVJoQulbdfXNKncWW4muY+PKupuXZ3e+s4gS
l3rEZMyFNBhcMWkEYd5RURFeW+QUf1QzXUcd98J36RaFfcem2BYynnmmUjykal1s
y/OEZKUOu/v+7gf+jRdJG6KhJSput94U5sw6qHOutU1T5nX77twL0Y6TQFQ9VFfr
ONxwPvbBili500VLqo5/D/JCVyS+46g+RTMfhaE+4MJrZfNQCwlRto8Dwccqf9xb
+ZBdGIIE6qkJFbLEeeMYXmFbQkb/UAlsiP+wah/nz/U1aa/Uchukpn1YyxFfGj3z
e3XbbZMMNYAxHhrofNMGdpsh+oIZngVIM3tsO5Ij6xU3U3NW
-----END CERTIFICATE-----