Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401476.roa
File:                     AS401476.roa (raw, json)
Hash identifier:          ZoIc4TxvNiadF0AGedyd5+Gn/ZMBAMfTFvfs35YXbNk=
Subject key identifier:   3F:6B:72:FE:40:14:26:E5:65:98:B0:46:69:99:5B:D2:37:5F:CD:AB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       723B299E525280AD674C845D5E7DEE716C9DCCAB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401476.roa
Signing time:             Tue 30 Sep 2025 12:56:01 +0000
ROA not before:           Tue 30 Sep 2025 12:51:01 +0000
ROA not after:            Tue 29 Sep 2026 12:56:01 +0000
asID:                     401476
IP address blocks:        82.26.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:3b:29:9e:52:52:80:ad:67:4c:84:5d:5e:7d:ee:71:6c:9d:cc:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 30 12:51:01 2025 GMT
            Not After : Sep 29 12:56:01 2026 GMT
        Subject: CN=3F6B72FE401426E56598B04669995BD2375FCDAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f2:4e:ac:89:e5:01:11:03:f9:ce:08:f4:89:
                    d5:bb:f7:70:37:63:e6:c9:4e:05:7d:83:f7:c2:71:
                    14:ae:15:30:98:8c:49:54:29:c0:12:c1:0f:4b:9d:
                    fd:ad:0c:28:0a:c2:bb:1b:05:97:14:fb:fa:2e:e1:
                    ed:d0:62:14:8b:77:91:74:dd:a3:50:34:3e:6b:41:
                    ff:67:7c:42:ad:3e:4d:74:7a:e5:fd:c7:a1:fe:b6:
                    19:72:66:94:32:37:d1:76:b5:6f:84:b1:c4:7d:05:
                    2c:b2:63:5a:0b:10:e6:76:b2:d9:80:c0:8b:86:ae:
                    1c:e6:45:35:5c:77:dd:3d:ac:b7:31:2a:c0:05:7f:
                    64:3f:a2:76:3d:5d:ba:35:89:2c:ef:70:93:95:b8:
                    f9:c9:ca:d4:f4:f1:8d:cd:b8:ac:bb:68:9d:16:c4:
                    e8:df:94:01:49:31:49:17:0a:83:f9:87:ca:1e:9d:
                    5b:46:a7:b5:d7:6a:ee:4d:7b:21:8f:7d:d7:34:b2:
                    b7:58:1d:3e:c2:0a:e0:5c:bf:eb:e0:a4:bd:c7:7b:
                    4d:d7:57:8c:b8:98:6a:26:a6:f4:64:2e:5b:ec:0c:
                    36:2e:5a:64:c4:da:87:6b:85:16:81:12:3c:4b:63:
                    9e:4a:16:23:8f:20:67:55:c9:bd:3b:eb:18:b2:9f:
                    c4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6B:72:FE:40:14:26:E5:65:98:B0:46:69:99:5B:D2:37:5F:CD:AB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401476.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:5f:48:e1:12:91:4d:ba:53:15:b3:e3:c9:59:65:fe:4d:e7:
         ee:ba:a8:86:a2:7d:38:87:f8:b6:2e:ef:7e:75:11:55:ca:ee:
         13:90:b2:a1:35:bb:c0:dd:00:97:54:4e:53:05:84:4d:d8:94:
         8e:ed:33:0f:c7:f5:46:70:df:9b:d1:8e:5d:28:ad:eb:87:95:
         99:d2:3e:4c:7b:61:f8:ed:bc:29:d2:bd:71:aa:77:85:a8:fb:
         98:f9:df:e5:93:1a:31:6d:40:3d:d7:bf:30:52:ef:68:09:ff:
         79:a0:c6:12:85:16:c7:71:b8:f3:e8:47:f6:41:16:e1:07:e0:
         8c:f8:16:2c:d9:5f:35:f3:2a:81:58:d0:d1:bc:47:64:7c:e3:
         96:37:00:06:64:14:ca:d1:f7:60:92:47:7b:3f:ae:13:0f:56:
         b9:71:ab:81:40:ab:c3:a4:3c:51:f0:cb:3c:16:65:06:48:df:
         48:de:3a:37:51:1d:8c:fa:36:9c:08:50:35:17:64:2c:f7:6e:
         c2:d0:61:62:76:d3:54:18:4e:4a:12:29:3e:47:97:f2:66:cf:
         f4:80:ad:a7:04:ab:ed:71:fb:6f:26:66:59:f2:fa:38:95:77:
         30:fb:2c:fb:8d:eb:1d:c8:6e:14:1f:71:46:94:68:6d:a5:1f:
         fd:8b:f8:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcjspnlJSgK1nTIRdXn3ucWydzKswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MzAxMjUxMDFaFw0yNjA5MjkxMjU2MDFaMDMxMTAvBgNV
BAMTKDNGNkI3MkZFNDAxNDI2RTU2NTk4QjA0NjY5OTk1QkQyMzc1RkNEQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC38k6sieUBEQP5zgj0idW793A3
Y+bJTgV9g/fCcRSuFTCYjElUKcASwQ9Lnf2tDCgKwrsbBZcU+/ou4e3QYhSLd5F0
3aNQND5rQf9nfEKtPk10euX9x6H+thlyZpQyN9F2tW+EscR9BSyyY1oLEOZ2stmA
wIuGrhzmRTVcd909rLcxKsAFf2Q/onY9Xbo1iSzvcJOVuPnJytT08Y3NuKy7aJ0W
xOjflAFJMUkXCoP5h8oenVtGp7XXau5NeyGPfdc0srdYHT7CCuBcv+vgpL3He03X
V4y4mGompvRkLlvsDDYuWmTE2odrhRaBEjxLY55KFiOPIGdVyb076xiyn8SpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUP2ty/kAUJuVlmLBGaZlb0jdfzaswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAxNDc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhqF
MA0GCSqGSIb3DQEBCwUAA4IBAQBPX0jhEpFNulMVs+PJWWX+TefuuqiGon04h/i2
Lu9+dRFVyu4TkLKhNbvA3QCXVE5TBYRN2JSO7TMPx/VGcN+b0Y5dKK3rh5WZ0j5M
e2H47bwp0r1xqneFqPuY+d/lkxoxbUA9178wUu9oCf95oMYShRbHcbjz6Ef2QRbh
B+CM+BYs2V818yqBWNDRvEdkfOOWNwAGZBTK0fdgkkd7P64TD1a5cauBQKvDpDxR
8Ms8FmUGSN9I3jo3UR2M+jacCFA1F2Qs927C0GFidtNUGE5KEik+R5fyZs/0gK2n
BKvtcftvJmZZ8vo4lXcw+yz7jesdyG4UH3FGlGhtpR/9i/jD
-----END CERTIFICATE-----