Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395517.roa
File:                     AS395517.roa (raw, json)
Hash identifier:          B/pF1kq2DhwJhc4j0me/szxfu9ki5LClUOoIpd/uFVc=
Subject key identifier:   E5:C7:E2:40:67:71:65:CD:D5:B7:09:23:95:5D:BD:D2:F0:21:76:3E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1CC387A5932798092F8A649BC44DAA38C69113BC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395517.roa
Signing time:             Wed 31 Dec 2025 05:55:33 +0000
ROA not before:           Wed 31 Dec 2025 05:50:33 +0000
ROA not after:            Wed 30 Dec 2026 05:55:33 +0000
asID:                     395517
IP address blocks:        82.21.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 15:25:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:c3:87:a5:93:27:98:09:2f:8a:64:9b:c4:4d:aa:38:c6:91:13:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Dec 31 05:50:33 2025 GMT
            Not After : Dec 30 05:55:33 2026 GMT
        Subject: CN=E5C7E240677165CDD5B70923955DBDD2F021763E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:5b:36:43:f2:bc:32:5e:e3:44:15:2f:db:38:
                    ed:7a:b9:b4:1d:84:4b:88:c9:5f:5b:02:86:55:e6:
                    a1:d7:ed:8c:28:75:e7:02:66:89:a8:50:68:ea:90:
                    74:7a:37:62:e4:ec:28:aa:4b:00:94:52:c4:42:ca:
                    64:d7:2e:06:c3:26:9b:f0:60:08:7b:37:0d:3b:09:
                    79:54:04:06:1e:53:31:44:2a:ea:49:c1:3f:cb:59:
                    5c:1e:74:c5:6e:9b:de:7c:06:e3:cf:ee:99:b1:f8:
                    62:5b:b1:83:e3:f1:11:b5:d6:ba:a5:74:bc:13:74:
                    e1:54:a3:39:e1:df:97:e3:ee:10:df:04:ea:28:a5:
                    6b:80:c9:23:d5:8e:a8:10:b6:c6:89:67:e7:04:a3:
                    58:a4:36:aa:8e:12:a0:c6:8a:95:79:77:23:f5:4a:
                    ec:87:c5:f2:e8:9c:22:16:56:c2:66:da:95:1b:05:
                    fc:66:7a:74:8d:d7:28:6a:b3:51:f7:ed:53:31:1f:
                    7d:6a:2b:b9:00:4d:ac:2c:3d:fc:b1:c9:a7:c7:33:
                    86:c6:a4:af:bb:ed:ad:4c:2c:a8:67:29:d6:a5:f1:
                    fc:29:c3:41:61:a6:b1:0e:3c:fe:94:6e:7c:d4:6d:
                    2e:f2:c2:b3:99:04:d2:29:10:41:4d:e5:2f:44:95:
                    ad:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:C7:E2:40:67:71:65:CD:D5:B7:09:23:95:5D:BD:D2:F0:21:76:3E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:95:36:90:1d:4f:81:dd:25:13:9d:52:2c:1c:5d:fa:e2:8f:
         72:a0:b4:a4:1d:e8:d2:33:9b:ad:c8:29:a7:33:63:10:eb:20:
         12:89:64:60:97:a7:ec:8f:3e:ca:af:29:c1:b4:6d:9e:d6:1f:
         dd:5a:61:d6:63:0f:be:01:24:d3:0b:32:5f:27:72:f1:04:cb:
         9f:a1:fb:57:12:69:2a:47:56:7d:06:be:a9:87:c8:75:97:8f:
         0d:46:b3:a1:b4:37:b0:f0:24:8a:81:ec:16:11:63:28:e2:d4:
         32:04:39:be:fc:50:f0:ef:ec:98:3c:38:bd:29:c9:69:2c:70:
         80:11:74:ff:1f:d7:11:9d:61:e9:09:02:b5:7e:fe:28:ea:94:
         48:28:28:3f:8a:9a:0c:e9:17:03:5e:e2:32:61:98:50:df:2f:
         4e:bc:94:69:92:f9:ab:a0:8c:82:15:47:5a:d4:50:b9:56:1d:
         00:dc:8b:3f:f7:06:9c:21:35:88:31:16:73:bc:3e:b3:ec:eb:
         07:8e:5c:75:b7:8c:6b:cb:7d:7f:f3:45:28:25:80:aa:b3:f6:
         d3:89:85:00:11:f9:5e:33:28:4c:7f:cb:69:8a:a9:62:ee:dc:
         39:eb:cf:46:e6:4d:ee:09:22:a8:f3:ee:18:c7:d7:05:6c:53:
         eb:0c:23:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHMOHpZMnmAkvimSbxE2qOMaRE7wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEyMzEwNTUwMzNaFw0yNjEyMzAwNTU1MzNaMDMxMTAvBgNV
BAMTKEU1QzdFMjQwNjc3MTY1Q0RENUI3MDkyMzk1NURCREQyRjAyMTc2M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4WzZD8rwyXuNEFS/bOO16ubQd
hEuIyV9bAoZV5qHX7YwodecCZomoUGjqkHR6N2Lk7CiqSwCUUsRCymTXLgbDJpvw
YAh7Nw07CXlUBAYeUzFEKupJwT/LWVwedMVum958BuPP7pmx+GJbsYPj8RG11rql
dLwTdOFUoznh35fj7hDfBOoopWuAySPVjqgQtsaJZ+cEo1ikNqqOEqDGipV5dyP1
SuyHxfLonCIWVsJm2pUbBfxmenSN1yhqs1H37VMxH31qK7kATawsPfyxyafHM4bG
pK+77a1MLKhnKdal8fwpw0FhprEOPP6UbnzUbS7ywrOZBNIpEEFN5S9Ela2nAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5cfiQGdxZc3VtwkjlV290vAhdj4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk1NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUhUU
MA0GCSqGSIb3DQEBCwUAA4IBAQB2lTaQHU+B3SUTnVIsHF364o9yoLSkHejSM5ut
yCmnM2MQ6yASiWRgl6fsjz7KrynBtG2e1h/dWmHWYw++ASTTCzJfJ3LxBMufoftX
EmkqR1Z9Br6ph8h1l48NRrOhtDew8CSKgewWEWMo4tQyBDm+/FDw7+yYPDi9Kclp
LHCAEXT/H9cRnWHpCQK1fv4o6pRIKCg/ipoM6RcDXuIyYZhQ3y9OvJRpkvmroIyC
FUda1FC5Vh0A3Is/9wacITWIMRZzvD6z7OsHjlx1t4xry31/80UoJYCqs/bTiYUA
EfleMyhMf8tpiqli7tw5689G5k3uCSKo8+4Yx9cFbFPrDCPu
-----END CERTIFICATE-----