Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51082.roa
File:                     AS51082.roa (raw, json)
Hash identifier:          eAm1SJWUzjjBrjdmcqqvp5jhWm2vPJmZMPAYxTiGzRo=
Subject key identifier:   18:E9:86:4C:E0:B1:89:84:BF:DC:C3:6B:93:AA:C8:73:F0:22:40:3E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       13970D8E80DC8647F40BF1CD2DCB42BDBB0032E3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51082.roa
Signing time:             Thu 23 Apr 2026 15:00:48 +0000
ROA not before:           Thu 23 Apr 2026 14:55:48 +0000
ROA not after:            Thu 22 Apr 2027 15:00:48 +0000
asID:                     51082
IP address blocks:        82.22.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Apr 2026 18:56:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:97:0d:8e:80:dc:86:47:f4:0b:f1:cd:2d:cb:42:bd:bb:00:32:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 23 14:55:48 2026 GMT
            Not After : Apr 22 15:00:48 2027 GMT
        Subject: CN=18E9864CE0B18984BFDCC36B93AAC873F022403E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:05:18:1d:1b:60:e0:c9:ef:5b:f8:75:9d:f3:
                    85:b5:7b:29:7a:15:c9:e8:85:05:94:2a:4e:46:00:
                    60:06:22:53:a9:1d:20:d8:3f:78:11:70:e7:7c:74:
                    44:b6:12:14:05:d2:4c:7c:fa:70:57:45:f4:a7:06:
                    16:af:d6:83:a0:bd:29:21:23:17:21:cc:f2:b5:69:
                    f7:83:21:13:da:69:8e:5e:c0:53:4c:04:5c:20:e6:
                    30:d9:45:2d:77:a6:c9:44:d0:a7:de:43:80:17:11:
                    a8:23:74:20:4a:d2:48:92:c9:7e:6a:98:51:e1:f0:
                    0a:88:a1:9d:ca:c1:2e:65:c1:e9:a5:bf:fa:82:c6:
                    00:0c:54:70:59:66:73:7c:b5:cf:e1:e2:1b:0a:d2:
                    1e:6d:a9:e8:4b:46:0b:af:c7:01:69:98:1f:1e:23:
                    cc:15:ea:97:85:67:5e:69:83:cf:f3:a3:d9:59:45:
                    c7:0d:4c:8f:3e:61:39:1f:a5:4c:84:da:73:2d:03:
                    32:f3:d5:11:c6:fb:f9:d7:46:65:f7:07:16:eb:57:
                    13:0b:21:bf:70:94:60:2b:57:f7:82:16:7e:e0:1f:
                    a7:26:1c:92:72:21:77:1f:38:32:11:18:dc:cb:18:
                    e9:89:53:be:bf:98:11:e9:44:12:44:5c:0e:7a:b3:
                    49:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:E9:86:4C:E0:B1:89:84:BF:DC:C3:6B:93:AA:C8:73:F0:22:40:3E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51082.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:65:b1:3f:39:98:1d:3b:d7:03:47:bd:d7:90:59:2d:3c:d3:
         43:fc:a7:7a:d9:cb:ed:fb:60:69:db:88:80:0d:64:e0:b0:c7:
         07:c4:68:fa:b2:9b:f2:b6:8e:6b:01:7a:37:3f:05:db:00:d2:
         04:86:3f:24:ec:33:85:e4:7f:b7:ec:fe:9f:70:b9:99:6d:b0:
         1a:da:eb:7f:32:f8:29:40:9c:0c:3c:ff:42:31:7a:4a:28:cb:
         2f:d7:e2:99:62:42:c3:2f:85:ca:9f:43:30:b4:70:a0:91:40:
         62:31:1e:a8:b3:3e:a1:e9:dd:a1:38:d2:04:47:b6:a1:c0:4e:
         07:ef:8b:e9:91:65:ef:3d:69:1c:69:16:41:52:ee:36:27:dc:
         f5:f0:72:bd:11:7e:27:c8:6f:a6:9e:51:0b:36:ec:b0:c2:d9:
         00:7a:bc:33:d1:3d:41:c6:bd:5c:01:ef:41:8c:26:56:cf:37:
         af:1a:ff:3b:a4:4c:dc:e1:bb:2f:76:91:ba:d7:8c:4f:ca:7c:
         76:0c:c9:e5:08:c3:29:3c:93:7f:82:73:3d:3c:e8:13:b4:af:
         af:0f:ec:64:19:ce:ee:06:55:85:96:0a:e4:38:35:f7:90:fb:
         11:1d:50:33:8b:90:d7:8b:41:c3:71:9c:58:66:76:45:61:0e:
         6d:ac:e2:a4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUE5cNjoDchkf0C/HNLctCvbsAMuMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjMxNDU1NDhaFw0yNzA0MjIxNTAwNDhaMDMxMTAvBgNV
BAMTKDE4RTk4NjRDRTBCMTg5ODRCRkRDQzM2QjkzQUFDODczRjAyMjQwM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTBRgdG2Dgye9b+HWd84W1eyl6
FcnohQWUKk5GAGAGIlOpHSDYP3gRcOd8dES2EhQF0kx8+nBXRfSnBhav1oOgvSkh
IxchzPK1afeDIRPaaY5ewFNMBFwg5jDZRS13pslE0KfeQ4AXEagjdCBK0kiSyX5q
mFHh8AqIoZ3KwS5lwemlv/qCxgAMVHBZZnN8tc/h4hsK0h5tqehLRguvxwFpmB8e
I8wV6peFZ15pg8/zo9lZRccNTI8+YTkfpUyE2nMtAzLz1RHG+/nXRmX3BxbrVxML
Ib9wlGArV/eCFn7gH6cmHJJyIXcfODIRGNzLGOmJU76/mBHpRBJEXA56s0kHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUGOmGTOCxiYS/3MNrk6rIc/AiQD4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTEwODIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFhUw
DQYJKoZIhvcNAQELBQADggEBAHplsT85mB071wNHvdeQWS0800P8p3rZy+37YGnb
iIANZOCwxwfEaPqym/K2jmsBejc/BdsA0gSGPyTsM4Xkf7fs/p9wuZltsBra638y
+ClAnAw8/0Ixekooyy/X4pliQsMvhcqfQzC0cKCRQGIxHqizPqHp3aE40gRHtqHA
Tgfvi+mRZe89aRxpFkFS7jYn3PXwcr0RfifIb6aeUQs27LDC2QB6vDPRPUHGvVwB
70GMJlbPN68a/zukTNzhuy92kbrXjE/KfHYMyeUIwyk8k3+Ccz086BO0r68P7GQZ
zu4GVYWWCuQ4NfeQ+xEdUDOLkNeLQcNxnFhmdkVhDm2s4qQ=
-----END CERTIFICATE-----