Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47741.roa
File:                     AS47741.roa (raw, json)
Hash identifier:          vH6ypgKdJr+s8j6CtXKc3ypHqdjrkamwynkcod1VcKo=
Subject key identifier:   F9:BB:B1:8D:72:B2:79:FE:3D:19:A4:7B:EF:20:F0:28:92:58:FD:D4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       666CE0D900DB20F863047BD12284F5DF8EA2929B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47741.roa
Signing time:             Sat 08 Feb 2025 05:53:47 +0000
ROA not before:           Sat 08 Feb 2025 05:48:47 +0000
ROA not after:            Sat 07 Feb 2026 05:53:47 +0000
asID:                     47741
IP address blocks:        82.21.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:6c:e0:d9:00:db:20:f8:63:04:7b:d1:22:84:f5:df:8e:a2:92:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  8 05:48:47 2025 GMT
            Not After : Feb  7 05:53:47 2026 GMT
        Subject: CN=F9BBB18D72B279FE3D19A47BEF20F0289258FDD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3d:3a:8f:ae:d6:98:88:5a:cd:7b:15:eb:d7:
                    77:31:69:9b:ad:c6:6e:c5:2f:fd:22:a0:10:fa:9b:
                    29:a0:a6:28:62:76:19:c6:b1:c8:d0:a9:28:92:75:
                    07:35:74:b1:61:2e:90:3c:51:d6:0b:b6:ee:85:ad:
                    10:ee:d0:4d:46:a8:bc:48:3f:3e:b6:f3:c1:e4:09:
                    7c:ed:ab:53:1d:90:5e:f9:b2:4e:89:bc:a4:60:c5:
                    88:2b:36:64:c4:e2:e5:7d:d1:a6:2f:47:7f:81:2d:
                    9b:70:f3:2d:0a:aa:57:fb:ce:1b:fe:7b:94:e9:3e:
                    06:7d:dd:ca:41:12:f6:96:2c:af:ec:63:51:7f:c1:
                    ec:4f:44:25:33:6e:f3:1f:a8:c7:f7:4e:ed:78:a4:
                    9b:6f:cf:fc:1e:c2:81:1c:42:ec:b2:cd:b1:36:23:
                    22:00:b9:7b:2b:14:d9:11:7c:86:14:7a:ca:af:ac:
                    55:2f:cf:e7:64:f7:be:ea:f6:81:2d:bb:fa:35:e2:
                    75:c5:e4:18:b2:43:4b:a2:50:fa:eb:01:5e:de:05:
                    ed:45:67:0c:e2:0e:be:61:dc:8b:92:be:d5:9c:03:
                    c9:58:6e:12:4d:dd:3b:dd:f4:83:85:6d:83:29:91:
                    33:0f:52:5a:3a:8b:aa:9a:62:b1:8e:e4:2d:ee:be:
                    9d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:BB:B1:8D:72:B2:79:FE:3D:19:A4:7B:EF:20:F0:28:92:58:FD:D4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47741.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:27:b4:cb:85:77:b8:69:fd:2e:f3:7c:6e:d3:2a:2a:2b:71:
         c9:e0:eb:2e:6e:00:ff:86:4d:78:e2:25:f4:28:f0:00:d1:ca:
         f4:06:d8:89:ab:4c:30:fd:2a:03:8f:33:25:c5:d1:02:84:80:
         0a:8a:f6:9d:dc:1d:d4:29:dc:50:af:4d:79:d7:e2:b9:66:ee:
         04:5c:11:bc:ca:9f:07:b0:8d:51:78:c0:b0:f4:8f:4f:41:b2:
         b3:8b:af:6d:31:8d:7c:61:76:a1:84:f0:f7:cc:af:22:d5:a2:
         a6:e4:ff:a0:02:c8:67:e8:09:26:30:bb:8d:ce:55:c0:17:f1:
         a8:ab:91:f4:dd:be:74:6c:8a:f9:f7:be:e4:6d:97:d6:d7:ee:
         e0:a6:65:4e:eb:d0:27:26:cb:7c:94:2f:c3:5d:24:ae:27:0d:
         a9:ef:a5:d7:54:b3:c1:7f:cc:67:bd:ca:7c:4c:9d:77:49:67:
         a6:f6:5e:94:7b:58:57:d1:43:55:e6:48:c5:a4:75:36:5e:69:
         0f:2d:61:c4:eb:88:e3:44:b3:8f:ce:1e:35:ce:59:42:19:53:
         e7:41:32:83:35:0b:93:e4:f4:70:9d:4e:c0:f0:6f:6a:f6:48:
         76:cc:f1:be:c5:5f:ca:a6:64:78:f2:13:41:86:ea:54:d8:27:
         94:fc:52:14
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZmzg2QDbIPhjBHvRIoT1346ikpswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAyMDgwNTQ4NDdaFw0yNjAyMDcwNTUzNDdaMDMxMTAvBgNV
BAMTKEY5QkJCMThENzJCMjc5RkUzRDE5QTQ3QkVGMjBGMDI4OTI1OEZERDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDPTqPrtaYiFrNexXr13cxaZut
xm7FL/0ioBD6mymgpihidhnGscjQqSiSdQc1dLFhLpA8UdYLtu6FrRDu0E1GqLxI
Pz6288HkCXztq1MdkF75sk6JvKRgxYgrNmTE4uV90aYvR3+BLZtw8y0Kqlf7zhv+
e5TpPgZ93cpBEvaWLK/sY1F/wexPRCUzbvMfqMf3Tu14pJtvz/wewoEcQuyyzbE2
IyIAuXsrFNkRfIYUesqvrFUvz+dk977q9oEtu/o14nXF5BiyQ0uiUPrrAV7eBe1F
ZwziDr5h3IuSvtWcA8lYbhJN3Tvd9IOFbYMpkTMPUlo6i6qaYrGO5C3uvp3FAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+buxjXKyef49GaR77yDwKJJY/dQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDc3NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFQcw
DQYJKoZIhvcNAQELBQADggEBAIkntMuFd7hp/S7zfG7TKiorccng6y5uAP+GTXji
JfQo8ADRyvQG2ImrTDD9KgOPMyXF0QKEgAqK9p3cHdQp3FCvTXnX4rlm7gRcEbzK
nwewjVF4wLD0j09BsrOLr20xjXxhdqGE8PfMryLVoqbk/6ACyGfoCSYwu43OVcAX
8airkfTdvnRsivn3vuRtl9bX7uCmZU7r0Ccmy3yUL8NdJK4nDanvpddUs8F/zGe9
ynxMnXdJZ6b2XpR7WFfRQ1XmSMWkdTZeaQ8tYcTriONEs4/OHjXOWUIZU+dBMoM1
C5Pk9HCdTsDwb2r2SHbM8b7FX8qmZHjyE0GG6lTYJ5T8UhQ=
-----END CERTIFICATE-----