Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400810.roa
File:                     AS400810.roa (raw, json)
Hash identifier:          ign24o94UkWqQzySogs8aZZKFu+bacGJIOhaopTDr4M=
Subject key identifier:   F7:A5:1A:B0:56:F6:3C:10:7E:AD:6D:E3:0D:B6:CC:DC:C0:27:4D:84
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3066D7F5DFB654D614854FB5105B501BCC097D56
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400810.roa
Signing time:             Mon 27 Oct 2025 00:05:22 +0000
ROA not before:           Mon 27 Oct 2025 00:00:22 +0000
ROA not after:            Mon 26 Oct 2026 00:05:22 +0000
asID:                     400810
IP address blocks:        82.27.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 23:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:66:d7:f5:df:b6:54:d6:14:85:4f:b5:10:5b:50:1b:cc:09:7d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 27 00:00:22 2025 GMT
            Not After : Oct 26 00:05:22 2026 GMT
        Subject: CN=F7A51AB056F63C107EAD6DE30DB6CCDCC0274D84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e9:94:cd:7d:d4:09:a7:2a:1d:44:75:2d:b5:
                    e3:44:f9:56:46:b0:95:43:ee:79:c0:99:bd:34:61:
                    1f:4c:bc:6c:d3:13:9a:11:d7:a0:c9:a7:59:dc:a5:
                    8e:33:f3:19:61:b5:20:14:fe:db:32:5b:c2:2e:e4:
                    13:1c:ba:60:42:10:a7:c7:94:0f:97:8f:77:85:e0:
                    da:d3:ff:0a:66:a6:e2:d8:d4:cd:c6:ff:56:07:e5:
                    f9:64:e5:2c:b5:46:62:f8:2d:14:20:41:65:45:0c:
                    64:a4:f3:20:fe:f7:90:97:6f:89:da:3b:ce:4c:23:
                    1b:1a:6d:d9:36:4e:e6:e2:b0:95:ac:be:d5:81:94:
                    e0:1b:7f:22:1a:7d:d8:dc:53:4d:0d:de:40:72:4c:
                    5a:bf:0f:2e:a0:36:4a:fb:d8:9f:54:88:5b:a2:4b:
                    68:8c:7c:67:75:ee:ac:0a:0b:54:f5:9d:9f:b4:54:
                    7e:36:84:40:6a:51:14:65:4e:13:32:10:82:e8:51:
                    da:96:d3:be:c8:88:81:ff:d8:91:45:1c:35:a2:36:
                    a3:5a:3f:5a:33:41:e9:7f:e5:eb:ab:9e:05:0c:ca:
                    d4:83:b1:7c:15:6d:e8:6a:c5:86:fb:67:b0:9a:99:
                    cf:30:05:c6:9d:6d:b7:2d:d7:05:d2:0f:16:10:08:
                    9f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A5:1A:B0:56:F6:3C:10:7E:AD:6D:E3:0D:B6:CC:DC:C0:27:4D:84
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:e6:75:65:39:e9:89:46:c1:99:58:fe:36:2f:0b:4d:9b:45:
         7c:c5:56:bc:74:da:8b:aa:72:0a:08:ea:54:17:fc:f4:8e:dd:
         22:d0:8b:db:0b:66:e8:74:78:c8:c9:5f:ec:ad:80:15:fc:a1:
         a6:38:88:15:06:02:2a:1f:96:d0:b7:4d:4c:3e:79:f1:41:ce:
         27:8b:1f:24:f2:a6:3d:3b:a6:3f:fc:1a:df:a2:ac:53:93:47:
         88:da:dc:e1:ad:cd:f6:f3:c3:bf:59:23:47:03:f3:ac:61:5c:
         42:56:3e:34:f3:79:4e:a6:c7:08:4e:ce:c9:5c:f5:94:e6:de:
         4b:eb:43:ef:c2:b5:70:5c:1e:09:83:72:7c:16:fa:2e:99:c9:
         ca:a0:d7:69:43:be:eb:2e:88:9e:f6:50:07:74:89:d6:d4:0d:
         cd:d0:c6:d9:20:4e:89:a9:2b:cf:11:c8:37:43:96:d5:80:5b:
         6f:e0:fa:ee:8a:5c:6f:97:dd:00:53:f2:84:da:2f:db:14:7c:
         aa:e8:3a:b1:b1:6b:15:55:d5:3d:4f:81:89:9a:f0:8e:e1:ec:
         53:ae:fd:77:3c:9d:26:37:82:51:46:79:ac:49:72:4f:21:71:
         1e:d6:66:c4:00:71:be:19:bc:0c:86:2c:45:73:ac:b2:b1:da:
         7b:39:ab:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMGbX9d+2VNYUhU+1EFtQG8wJfVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjcwMDAwMjJaFw0yNjEwMjYwMDA1MjJaMDMxMTAvBgNV
BAMTKEY3QTUxQUIwNTZGNjNDMTA3RUFENkRFMzBEQjZDQ0RDQzAyNzREODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC86ZTNfdQJpyodRHUtteNE+VZG
sJVD7nnAmb00YR9MvGzTE5oR16DJp1ncpY4z8xlhtSAU/tsyW8Iu5BMcumBCEKfH
lA+Xj3eF4NrT/wpmpuLY1M3G/1YH5flk5Sy1RmL4LRQgQWVFDGSk8yD+95CXb4na
O85MIxsabdk2TubisJWsvtWBlOAbfyIafdjcU00N3kByTFq/Dy6gNkr72J9UiFui
S2iMfGd17qwKC1T1nZ+0VH42hEBqURRlThMyEILoUdqW077IiIH/2JFFHDWiNqNa
P1ozQel/5eurngUMytSDsXwVbehqxYb7Z7Camc8wBcadbbct1wXSDxYQCJ+7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU96UasFb2PBB+rW3jDbbM3MAnTYQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAwODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhvJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAx5nVlOemJRsGZWP42LwtNm0V8xVa8dNqLqnIK
COpUF/z0jt0i0IvbC2bodHjIyV/srYAV/KGmOIgVBgIqH5bQt01MPnnxQc4nix8k
8qY9O6Y//BrfoqxTk0eI2tzhrc3288O/WSNHA/OsYVxCVj4083lOpscITs7JXPWU
5t5L60PvwrVwXB4Jg3J8FvoumcnKoNdpQ77rLoie9lAHdInW1A3N0MbZIE6JqSvP
Ecg3Q5bVgFtv4Pruilxvl90AU/KE2i/bFHyq6DqxsWsVVdU9T4GJmvCO4exTrv13
PJ0mN4JRRnmsSXJPIXEe1mbEAHG+GbwMhixFc6yysdp7OauK
-----END CERTIFICATE-----