Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396356.roa
File:                     AS396356.roa (raw, json)
Hash identifier:          KAE8W5j/FzsSFeVjR/EWfbVqjfYYX9NS+bTGLgV6v/c=
Subject key identifier:   05:98:F1:96:46:F2:D5:08:F4:99:8B:52:C5:B8:50:5D:3E:0F:15:12
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2F209C627005C267E1DEF18975D167FBF5E60A71
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396356.roa
Signing time:             Fri 10 Jul 2026 11:27:26 +0000
ROA not before:           Fri 10 Jul 2026 11:22:26 +0000
ROA not after:            Fri 09 Jul 2027 11:27:26 +0000
asID:                     396356
IP address blocks:        82.21.242.0/24 maxlen: 24
                          82.24.144.0/24 maxlen: 24
                          82.26.243.0/24 maxlen: 24
                          82.27.100.0/24 maxlen: 24
                          82.27.243.0/24 maxlen: 24
                          82.39.81.0/24 maxlen: 24
                          2a13:9500:3::/48 maxlen: 48
                          2a13:9500:1c::/48 maxlen: 48
                          2a13:9500:1d::/48 maxlen: 48
                          2a13:9500:1e::/48 maxlen: 48
                          2a13:9500:1f::/48 maxlen: 48
                          2a13:9500:24::/48 maxlen: 48
                          2a13:9500:25::/48 maxlen: 48
                          2a13:9500:26::/48 maxlen: 48
                          2a13:9500:27::/48 maxlen: 48
                          2a13:9500:28::/48 maxlen: 48
                          2a13:9500:33::/48 maxlen: 48
                          2a13:9500:5b::/48 maxlen: 48
                          2a13:9500:5c::/48 maxlen: 48
                          2a13:9500:5d::/48 maxlen: 48
                          2a13:9500:5e::/48 maxlen: 48
                          2a13:9500:5f::/48 maxlen: 48
                          2a13:9500:82::/48 maxlen: 48
                          2a13:9500:83::/48 maxlen: 48
                          2a13:9500:84::/48 maxlen: 48
                          2a13:9500:85::/48 maxlen: 48
                          2a13:9500:86::/48 maxlen: 48
                          2a13:9500:87::/48 maxlen: 48
                          2a13:9500:88::/48 maxlen: 48
                          2a13:9500:89::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:20:9c:62:70:05:c2:67:e1:de:f1:89:75:d1:67:fb:f5:e6:0a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 10 11:22:26 2026 GMT
            Not After : Jul  9 11:27:26 2027 GMT
        Subject: CN=0598F19646F2D508F4998B52C5B8505D3E0F1512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6b:1b:e5:04:49:6f:88:0f:ad:81:22:2f:67:
                    93:33:e6:dd:bd:41:28:7b:5c:b2:e2:2b:d2:dc:7e:
                    7d:7c:49:6c:c6:70:93:a6:0a:de:13:a5:60:8a:7d:
                    1f:e8:39:09:89:83:ce:74:22:96:0a:9a:cf:05:02:
                    79:4e:e6:cc:3f:0b:47:8d:43:80:9c:79:8c:79:10:
                    54:25:a6:dd:4b:aa:d9:83:ad:fd:52:21:b5:2c:69:
                    5c:cb:54:a5:c9:70:61:b2:aa:67:74:55:52:cd:a3:
                    7d:0a:43:c6:55:d9:b8:00:c9:0c:68:0e:de:80:60:
                    54:9e:47:b1:cc:0e:18:0c:7c:d1:58:a9:4d:98:b6:
                    a3:df:a2:f8:f8:40:05:d1:28:ad:69:89:54:16:1e:
                    11:a3:20:2c:72:c4:d4:1e:b1:96:0f:84:9c:51:ef:
                    cc:1c:07:f4:60:f0:6e:1f:81:5f:c5:c2:10:40:a9:
                    a6:4b:ef:65:1d:02:cf:df:ae:cf:4e:ec:2d:97:d4:
                    db:2d:fe:4a:5a:58:a9:9e:b3:b9:90:99:27:06:75:
                    8a:81:9c:57:da:4d:39:16:c1:15:75:7a:ca:4b:28:
                    63:69:93:f1:21:df:b9:17:17:f8:e1:51:4b:9d:9f:
                    14:d0:84:13:8e:e6:4d:e8:11:97:77:e5:29:fb:2d:
                    e4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:98:F1:96:46:F2:D5:08:F4:99:8B:52:C5:B8:50:5D:3E:0F:15:12
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.242.0/24
                  82.24.144.0/24
                  82.26.243.0/24
                  82.27.100.0/24
                  82.27.243.0/24
                  82.39.81.0/24
                IPv6:
                  2a13:9500:3::/48
                  2a13:9500:1c::/46
                  2a13:9500:24::-2a13:9500:28:ffff:ffff:ffff:ffff:ffff
                  2a13:9500:33::/48
                  2a13:9500:5b::-2a13:9500:5f:ffff:ffff:ffff:ffff:ffff
                  2a13:9500:82::-2a13:9500:89:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         95:9d:66:e5:15:40:b6:b2:77:32:6d:c4:e7:13:77:88:ba:a8:
         56:45:96:c2:5d:b8:46:5a:3f:fc:24:51:c8:5d:18:e5:93:e2:
         51:ea:9f:bf:30:1a:7b:9d:95:6e:fd:9d:82:e9:61:24:d4:cf:
         86:8b:6c:27:88:f2:e4:9c:9d:f1:61:a6:05:e5:80:18:07:e0:
         cc:24:a7:46:e1:80:e5:37:b0:09:1b:3e:df:44:66:6e:50:04:
         cc:c8:03:bf:26:45:9d:4e:68:af:e0:e6:2a:f6:a5:ca:9d:ff:
         9b:bf:ca:e6:2d:ed:4f:f1:d7:b7:97:1a:db:5d:f4:7a:f7:53:
         11:92:bc:5a:d1:b8:20:2c:b4:bd:a2:7d:e2:da:ea:1e:b8:d4:
         93:e4:6c:fb:db:48:68:f5:c8:09:2c:8a:32:62:28:2c:b6:fd:
         3a:24:28:10:b3:ac:5c:a7:86:bc:04:df:24:30:27:42:26:8c:
         9f:96:96:46:c2:fc:54:c1:89:3a:08:9c:89:76:bc:09:85:74:
         0c:33:75:58:6e:a5:bf:40:c9:6e:52:f2:9f:85:7b:3e:20:18:
         70:87:0e:00:43:42:34:ba:f7:55:31:c9:3d:d7:9c:3e:78:13:
         c6:67:d8:93:8a:bb:8a:74:a4:86:09:c2:e7:e1:46:46:6e:79:
         8a:e2:be:2e
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgIULyCcYnAFwmfh3vGJddFn+/XmCnEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA3MTAxMTIyMjZaFw0yNzA3MDkxMTI3MjZaMDMxMTAvBgNV
BAMTKDA1OThGMTk2NDZGMkQ1MDhGNDk5OEI1MkM1Qjg1MDVEM0UwRjE1MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxaxvlBElviA+tgSIvZ5Mz5t29
QSh7XLLiK9Lcfn18SWzGcJOmCt4TpWCKfR/oOQmJg850IpYKms8FAnlO5sw/C0eN
Q4CceYx5EFQlpt1LqtmDrf1SIbUsaVzLVKXJcGGyqmd0VVLNo30KQ8ZV2bgAyQxo
Dt6AYFSeR7HMDhgMfNFYqU2YtqPfovj4QAXRKK1piVQWHhGjICxyxNQesZYPhJxR
78wcB/Rg8G4fgV/FwhBAqaZL72UdAs/frs9O7C2X1Nst/kpaWKmes7mQmScGdYqB
nFfaTTkWwRV1espLKGNpk/Eh37kXF/jhUUudnxTQhBOO5k3oEZd35Sn7LeThAgMB
AAGjggKKMIIChjAdBgNVHQ4EFgQUBZjxlkby1Qj0mYtSxbhQXT4PFRIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk2MzU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMIGeBggrBgEFBQcBBwEB/wSBjjCBizAqBAIAATAkAwQA
UhXyAwQAUhiQAwQAUhrzAwQAUhtkAwQAUhvzAwQAUidRMF0EAgACMFcDBwAqE5UA
AAMDBwIqE5UAABwwEgMHAioTlQAAJAMHACoTlQAAKAMHACoTlQAAMzASAwcAKhOV
AABbAwcFKhOVAABAMBIDBwEqE5UAAIIDBwEqE5UAAIgwDQYJKoZIhvcNAQELBQAD
ggEBAJWdZuUVQLaydzJtxOcTd4i6qFZFlsJduEZaP/wkUchdGOWT4lHqn78wGnud
lW79nYLpYSTUz4aLbCeI8uScnfFhpgXlgBgH4Mwkp0bhgOU3sAkbPt9EZm5QBMzI
A78mRZ1OaK/g5ir2pcqd/5u/yuYt7U/x17eXGttd9Hr3UxGSvFrRuCAstL2ifeLa
6h641JPkbPvbSGj1yAksijJiKCy2/TokKBCzrFynhrwE3yQwJ0ImjJ+WlkbC/FTB
iToInIl2vAmFdAwzdVhupb9AyW5S8p+Fez4gGHCHDgBDQjS691UxyT3XnD54E8Zn
2JOKu4p0pIYJwufhRkZueYrivi4=
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:08:25 2026 by rpki-client