Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          ODLxq+QdNZohHQ4pATIM+uzozDYGdIanpOsnEW9JKV0=
Subject key identifier:   95:43:B4:2A:20:FA:88:39:69:89:90:F6:C4:4B:3D:74:52:6E:BD:76
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5F75E1E9CADCE19CB072247705877F40DF4F84AE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa
Signing time:             Wed 03 Sep 2025 00:00:46 +0000
ROA not before:           Tue 02 Sep 2025 23:55:46 +0000
ROA not after:            Wed 02 Sep 2026 00:00:46 +0000
asID:                     400909
IP address blocks:        82.24.174.0/24 maxlen: 24
                          82.29.110.0/23 maxlen: 23
                          82.29.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:75:e1:e9:ca:dc:e1:9c:b0:72:24:77:05:87:7f:40:df:4f:84:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep  2 23:55:46 2025 GMT
            Not After : Sep  2 00:00:46 2026 GMT
        Subject: CN=9543B42A20FA8839698990F6C44B3D74526EBD76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:83:2c:cf:30:49:79:6a:d6:7c:05:e8:67:43:
                    1a:13:de:c8:f8:2b:9e:ea:a0:14:ea:1e:e7:c0:74:
                    a3:be:90:53:c5:51:c1:c7:83:a8:a9:2c:df:36:6f:
                    7c:e3:56:28:7f:b2:5c:b6:f7:8b:e9:6e:d3:a7:ce:
                    12:9c:a9:59:49:5e:29:59:df:2e:44:86:cd:00:c4:
                    f5:26:35:8c:71:e2:3f:23:f6:3d:1f:c4:f9:c4:94:
                    4c:20:cf:a0:5c:a7:81:5b:57:d7:11:fc:e6:8b:ac:
                    03:59:bf:06:5a:cf:fe:81:2c:1c:d8:f3:c5:d2:60:
                    96:72:1a:8f:b2:53:be:64:8a:a4:e4:57:cf:df:58:
                    e5:62:1a:04:a7:e3:97:c6:a0:5a:a8:52:df:38:c7:
                    03:5b:ee:0f:fa:c9:35:c1:23:89:db:28:d2:53:cd:
                    9f:34:68:a1:5f:b4:b3:63:3f:ef:02:ba:f1:7a:36:
                    6a:23:c5:d7:df:68:a0:9a:21:78:17:e4:0f:27:e0:
                    f3:ca:86:93:ee:c7:a6:f1:5d:06:1c:7f:9e:9a:49:
                    6e:1e:7e:03:5c:54:53:0e:8d:a0:ad:53:f9:7c:1f:
                    86:a5:6a:0c:f1:19:e8:b7:49:11:45:63:16:14:db:
                    c6:9a:4a:5b:d7:7d:f0:b8:7e:25:ac:9c:d5:7b:36:
                    26:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:43:B4:2A:20:FA:88:39:69:89:90:F6:C4:4B:3D:74:52:6E:BD:76
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.174.0/24
                  82.29.110.0/23
                  82.29.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:a0:b7:87:24:c6:fd:11:59:b6:68:48:83:19:cc:cc:26:b5:
         9e:37:dc:c6:97:e4:59:61:d5:2a:00:b6:38:5c:3e:63:37:15:
         73:87:10:c4:1b:0e:8c:cd:02:b2:9b:be:36:df:63:69:1c:2c:
         66:8e:87:a3:31:5a:23:ec:2c:02:59:c8:6d:68:aa:23:20:47:
         df:ad:5c:2f:9e:0f:98:a4:2f:89:d0:a0:86:2c:15:22:e9:18:
         4f:47:de:66:ee:61:54:d8:ba:31:c7:ab:00:f6:dd:cf:b3:6c:
         95:1a:4b:a0:7d:c1:0d:11:95:c8:19:2e:4b:ba:cd:a7:c7:4f:
         77:33:f3:38:cb:0e:60:04:3f:2a:b6:94:f0:f7:8d:fb:bc:e0:
         6d:b6:f1:cc:b9:2f:2b:65:1b:1f:b7:fa:1f:14:50:28:31:9c:
         f7:cf:03:d0:b2:33:23:2b:5d:9d:08:88:ee:e3:10:a6:51:ff:
         a9:ba:20:83:b8:d7:1a:53:db:f8:b5:66:ae:ad:eb:b2:17:f5:
         cb:f6:4b:d9:68:7c:ad:5b:e8:68:af:e5:5e:51:b1:b8:36:84:
         d8:dc:a8:34:90:4e:d3:38:51:97:31:8b:68:b6:a1:ab:8f:36:
         1d:94:54:b2:d9:7e:15:9f:df:03:b9:1f:3a:cd:69:74:d3:8e:
         f0:6d:fe:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUX3Xh6crc4ZywciR3BYd/QN9PhK4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MDIyMzU1NDZaFw0yNjA5MDIwMDAwNDZaMDMxMTAvBgNV
BAMTKDk1NDNCNDJBMjBGQTg4Mzk2OTg5OTBGNkM0NEIzRDc0NTI2RUJENzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwgyzPMEl5atZ8BehnQxoT3sj4
K57qoBTqHufAdKO+kFPFUcHHg6ipLN82b3zjVih/sly294vpbtOnzhKcqVlJXilZ
3y5Ehs0AxPUmNYxx4j8j9j0fxPnElEwgz6Bcp4FbV9cR/OaLrANZvwZaz/6BLBzY
88XSYJZyGo+yU75kiqTkV8/fWOViGgSn45fGoFqoUt84xwNb7g/6yTXBI4nbKNJT
zZ80aKFftLNjP+8CuvF6NmojxdffaKCaIXgX5A8n4PPKhpPux6bxXQYcf56aSW4e
fgNcVFMOjaCtU/l8H4alagzxGei3SRFFYxYU28aaSlvXffC4fiWsnNV7NiZdAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUlUO0KiD6iDlpiZD2xEs9dFJuvXYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUhiu
AwQBUh1uAwQBUh12MA0GCSqGSIb3DQEBCwUAA4IBAQA2oLeHJMb9EVm2aEiDGczM
JrWeN9zGl+RZYdUqALY4XD5jNxVzhxDEGw6MzQKym74232NpHCxmjoejMVoj7CwC
WchtaKojIEffrVwvng+YpC+J0KCGLBUi6RhPR95m7mFU2Loxx6sA9t3Ps2yVGkug
fcENEZXIGS5Lus2nx093M/M4yw5gBD8qtpTw9437vOBttvHMuS8rZRsft/ofFFAo
MZz3zwPQsjMjK12dCIju4xCmUf+puiCDuNcaU9v4tWaureuyF/XL9kvZaHytW+ho
r+VeUbG4NoTY3Kg0kE7TOFGXMYtotqGrjzYdlFSy2X4Vn98DuR86zWl0047wbf7j
-----END CERTIFICATE-----