Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401673.roa
File:                     AS401673.roa (raw, json)
Hash identifier:          qOTZbGc0UGKq7kZ7ZfGwHwVbwvA4wQqUyST+YU0PKEc=
Subject key identifier:   B9:7C:70:69:48:83:BB:53:D0:BA:BE:48:AB:02:86:FD:88:5B:D6:EC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       135FF1E6E154BD13BB45CBEE02AD64093B394FCB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401673.roa
Signing time:             Thu 30 Oct 2025 14:50:48 +0000
ROA not before:           Thu 30 Oct 2025 14:45:48 +0000
ROA not after:            Thu 29 Oct 2026 14:50:48 +0000
asID:                     401673
IP address blocks:        82.38.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Nov 2025 20:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:5f:f1:e6:e1:54:bd:13:bb:45:cb:ee:02:ad:64:09:3b:39:4f:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 30 14:45:48 2025 GMT
            Not After : Oct 29 14:50:48 2026 GMT
        Subject: CN=B97C70694883BB53D0BABE48AB0286FD885BD6EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:23:cc:c1:92:38:5a:77:5c:70:03:4d:78:44:
                    5b:90:92:83:71:f0:8e:93:58:ca:61:d1:6d:ec:50:
                    36:df:24:2a:f9:d6:56:73:c8:10:4f:5a:db:d3:42:
                    cf:5f:c6:f3:cf:38:01:73:43:23:24:85:dc:1e:77:
                    7a:57:ad:cd:a8:a9:56:d9:81:46:f1:49:a1:4c:97:
                    91:b3:cb:01:1d:bd:97:00:34:3e:57:f0:9a:06:0d:
                    08:2b:b5:69:c8:da:4f:91:9e:61:16:f2:ac:65:d5:
                    77:e1:d9:23:23:d7:c2:ec:ab:58:c6:50:29:a2:c5:
                    cc:fc:25:ff:a5:3e:48:e1:66:ef:d2:af:6f:60:58:
                    12:df:cd:d9:5c:bb:ac:9c:51:1a:ef:8e:34:85:ad:
                    90:31:99:20:10:d8:8d:ea:80:00:e7:5f:cf:2e:36:
                    64:93:9c:69:c1:4c:27:da:be:b1:0e:04:aa:30:da:
                    a3:ce:77:a9:40:b2:ff:ff:46:f7:3b:fc:4e:ec:d7:
                    e8:31:6d:f7:4e:46:6e:b4:05:66:68:cb:29:6a:7a:
                    df:09:e3:0f:d5:83:b9:57:62:2d:8e:ce:dc:96:3a:
                    43:b5:89:bb:41:d3:5f:d6:f0:05:dd:00:77:17:d6:
                    40:c3:82:ed:5f:90:50:08:de:e8:65:cf:ac:28:22:
                    fc:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7C:70:69:48:83:BB:53:D0:BA:BE:48:AB:02:86:FD:88:5B:D6:EC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:c9:43:b8:2d:49:00:aa:cf:92:f2:f6:e4:c9:77:4d:cc:ed:
         be:18:5e:f5:5b:f9:c4:d9:39:b9:ef:15:ca:5f:83:aa:d4:83:
         c3:69:4c:95:24:92:4a:12:18:30:24:1b:e3:d7:da:10:af:1c:
         21:cd:bf:30:3f:9c:c5:89:91:7f:a9:8d:72:b7:d7:e5:74:05:
         e7:cf:0a:c7:3e:21:3d:34:b7:11:a7:e4:8a:36:38:52:bd:da:
         8a:23:c2:d8:4b:18:a1:94:d0:07:b0:58:ae:a8:eb:70:ac:c2:
         95:22:ee:de:7c:c4:fa:f1:ed:5c:f6:c9:35:25:88:11:4a:6a:
         38:7f:83:60:64:e8:17:0e:71:1b:2b:fa:b6:40:c4:f6:f3:0a:
         bf:96:cf:b6:2c:b2:08:b0:9c:2c:26:26:5a:24:26:3a:ac:61:
         97:3f:09:96:cc:6a:04:c3:88:57:17:4e:e7:01:e0:d3:6c:8b:
         da:24:ec:e3:51:46:ba:54:bf:ed:39:b0:38:d4:d9:69:0f:bb:
         22:e5:13:73:61:8a:c0:65:ba:db:44:f6:f4:73:88:29:42:76:
         2f:80:3f:d3:b0:85:63:b8:82:2f:72:3b:3d:b0:3e:48:7c:71:
         9a:57:6c:77:53:ab:ae:2a:2b:9f:c9:d1:e6:f1:d2:e1:5e:6e:
         55:87:d2:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUE1/x5uFUvRO7RcvuAq1kCTs5T8swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMzAxNDQ1NDhaFw0yNjEwMjkxNDUwNDhaMDMxMTAvBgNV
BAMTKEI5N0M3MDY5NDg4M0JCNTNEMEJBQkU0OEFCMDI4NkZEODg1QkQ2RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJI8zBkjhad1xwA014RFuQkoNx
8I6TWMph0W3sUDbfJCr51lZzyBBPWtvTQs9fxvPPOAFzQyMkhdwed3pXrc2oqVbZ
gUbxSaFMl5GzywEdvZcAND5X8JoGDQgrtWnI2k+RnmEW8qxl1Xfh2SMj18Lsq1jG
UCmixcz8Jf+lPkjhZu/Sr29gWBLfzdlcu6ycURrvjjSFrZAxmSAQ2I3qgADnX88u
NmSTnGnBTCfavrEOBKow2qPOd6lAsv//Rvc7/E7s1+gxbfdORm60BWZoyylqet8J
4w/Vg7lXYi2OztyWOkO1ibtB01/W8AXdAHcX1kDDgu1fkFAI3uhlz6woIvxlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuXxwaUiDu1PQur5IqwKG/Yhb1uwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAxNjczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUibY
MA0GCSqGSIb3DQEBCwUAA4IBAQAWyUO4LUkAqs+S8vbkyXdNzO2+GF71W/nE2Tm5
7xXKX4Oq1IPDaUyVJJJKEhgwJBvj19oQrxwhzb8wP5zFiZF/qY1yt9fldAXnzwrH
PiE9NLcRp+SKNjhSvdqKI8LYSxihlNAHsFiuqOtwrMKVIu7efMT68e1c9sk1JYgR
Smo4f4NgZOgXDnEbK/q2QMT28wq/ls+2LLIIsJwsJiZaJCY6rGGXPwmWzGoEw4hX
F07nAeDTbIvaJOzjUUa6VL/tObA41NlpD7si5RNzYYrAZbrbRPb0c4gpQnYvgD/T
sIVjuIIvcjs9sD5IfHGaV2x3U6uuKiufydHm8dLhXm5Vh9JD
-----END CERTIFICATE-----