Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42093.roa
File:                     AS42093.roa (raw, json)
Hash identifier:          uOEyv4EX7Tga0crvnoI9VIx1m62DukwgrosBXfw3YY8=
Subject key identifier:   E7:BF:12:8C:5D:F6:4D:15:86:98:8F:F2:CC:21:0C:9A:58:2D:50:B8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       19991128353064256A38579F9139F2BC72EDB56A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42093.roa
Signing time:             Fri 17 Apr 2026 11:56:31 +0000
ROA not before:           Fri 17 Apr 2026 11:51:31 +0000
ROA not after:            Fri 16 Apr 2027 11:56:31 +0000
asID:                     42093
IP address blocks:        82.24.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:99:11:28:35:30:64:25:6a:38:57:9f:91:39:f2:bc:72:ed:b5:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 17 11:51:31 2026 GMT
            Not After : Apr 16 11:56:31 2027 GMT
        Subject: CN=E7BF128C5DF64D1586988FF2CC210C9A582D50B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:25:01:3e:bf:16:92:95:43:94:a6:dc:00:22:
                    46:4c:a8:bf:04:83:13:df:eb:62:fc:4b:09:8d:7b:
                    c0:3c:51:e8:4b:b9:27:29:81:6f:2c:94:8f:c8:51:
                    8e:5e:93:01:84:5e:1b:77:a6:7f:34:b7:5d:02:6a:
                    65:cc:1d:8a:91:82:11:3c:49:bb:2e:c3:f4:8a:58:
                    77:6e:75:56:5c:ef:ec:64:d5:fd:93:8d:03:c4:4d:
                    18:71:5b:75:6c:30:ae:1b:52:f8:63:08:3b:73:f9:
                    f1:04:28:2f:a5:7d:a1:3e:e6:40:16:67:5b:39:0b:
                    62:6b:9a:98:d6:04:74:d6:d6:ad:cb:ac:f0:30:99:
                    b6:61:49:c4:a7:2a:dc:6d:b4:9e:fe:28:74:85:5e:
                    7f:e5:4e:4a:ed:61:93:03:65:58:ff:e7:ee:14:c3:
                    3b:93:98:8b:a0:3d:c7:be:3c:5a:3f:4e:3e:ec:49:
                    ca:01:db:cb:fe:33:77:71:1c:05:6c:ad:56:0a:60:
                    94:36:db:78:75:2f:a3:34:a5:9e:0d:71:9a:a6:d9:
                    cd:4f:96:ab:24:4c:18:a4:ca:2c:57:4e:ab:22:bc:
                    75:ef:07:fd:70:53:1b:11:0d:02:61:a3:b5:2f:7e:
                    38:1c:f5:c6:8a:b2:94:57:c9:23:c3:6b:19:76:47:
                    b9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:BF:12:8C:5D:F6:4D:15:86:98:8F:F2:CC:21:0C:9A:58:2D:50:B8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42093.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:4e:13:a3:f5:ef:8b:50:57:39:17:3f:88:f8:33:e4:42:08:
         56:c9:c7:aa:fd:f4:dd:2d:10:ba:cc:af:32:ba:45:f1:26:0c:
         99:5a:92:52:94:25:dd:16:7b:8c:e0:61:45:aa:c9:ad:e1:7b:
         e6:70:6d:b0:66:13:29:01:3c:ad:a6:48:43:1e:b0:90:47:32:
         50:bf:7f:43:2a:d9:da:3c:a1:c2:76:26:84:39:e5:1e:4e:70:
         10:a1:b1:87:6a:36:30:ef:42:bc:ed:96:db:c1:4d:5a:67:af:
         bd:56:b5:cd:88:44:b2:4a:ec:32:ad:5c:63:b3:f0:76:bb:e2:
         98:03:e1:70:6b:36:47:85:b5:5e:6f:c6:11:de:16:64:5e:0d:
         13:96:53:73:18:3f:60:08:d1:c6:aa:05:7f:b8:4e:e8:ef:d4:
         12:b5:f1:eb:d2:29:66:36:e4:30:ae:bb:d4:83:9e:5e:06:41:
         96:dc:b2:97:fe:68:98:9a:14:6f:c7:4d:d9:5b:9b:b2:c1:89:
         09:c9:94:be:e5:79:77:87:a8:46:dd:fd:a2:76:ec:16:f8:89:
         11:c1:4e:d3:55:5c:76:2d:c1:f4:8f:5f:d8:59:74:8a:6d:77:
         f9:fc:12:be:eb:0e:3a:29:6d:ef:b5:95:22:88:ef:05:73:01:
         20:d9:9b:93
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGZkRKDUwZCVqOFefkTnyvHLttWowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTcxMTUxMzFaFw0yNzA0MTYxMTU2MzFaMDMxMTAvBgNV
BAMTKEU3QkYxMjhDNURGNjREMTU4Njk4OEZGMkNDMjEwQzlBNTgyRDUwQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaJQE+vxaSlUOUptwAIkZMqL8E
gxPf62L8SwmNe8A8UehLuScpgW8slI/IUY5ekwGEXht3pn80t10CamXMHYqRghE8
Sbsuw/SKWHdudVZc7+xk1f2TjQPETRhxW3VsMK4bUvhjCDtz+fEEKC+lfaE+5kAW
Z1s5C2JrmpjWBHTW1q3LrPAwmbZhScSnKtxttJ7+KHSFXn/lTkrtYZMDZVj/5+4U
wzuTmIugPce+PFo/Tj7sScoB28v+M3dxHAVsrVYKYJQ223h1L6M0pZ4NcZqm2c1P
lqskTBikyixXTqsivHXvB/1wUxsRDQJho7Uvfjgc9caKspRXySPDaxl2R7mRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU578SjF32TRWGmI/yzCEMmlgtULgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDIwOTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGFsw
DQYJKoZIhvcNAQELBQADggEBAIlOE6P174tQVzkXP4j4M+RCCFbJx6r99N0tELrM
rzK6RfEmDJlaklKUJd0We4zgYUWqya3he+ZwbbBmEykBPK2mSEMesJBHMlC/f0Mq
2do8ocJ2JoQ55R5OcBChsYdqNjDvQrztltvBTVpnr71Wtc2IRLJK7DKtXGOz8Ha7
4pgD4XBrNkeFtV5vxhHeFmReDROWU3MYP2AI0caqBX+4Tujv1BK18evSKWY25DCu
u9SDnl4GQZbcspf+aJiaFG/HTdlbm7LBiQnJlL7leXeHqEbd/aJ27Bb4iRHBTtNV
XHYtwfSPX9hZdIptd/n8Er7rDjopbe+1lSKI7wVzASDZm5M=
-----END CERTIFICATE-----