Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          GkbFPRK2xfU/C5vuf96ihTMLqqDCeawSmYwmxFVA11c=
Subject key identifier:   D9:E7:57:55:52:D0:70:20:71:29:BE:C8:2B:27:89:F1:A1:9A:E9:B3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       597254F2F1FF8632C84EEF0C28165B082F73486B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS57043.roa
Signing time:             Sat 06 Sep 2025 00:05:26 +0000
ROA not before:           Sat 06 Sep 2025 00:00:26 +0000
ROA not after:            Sat 05 Sep 2026 00:05:26 +0000
asID:                     57043
IP address blocks:        82.25.20.0/24 maxlen: 24
                          82.25.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 12:58:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:72:54:f2:f1:ff:86:32:c8:4e:ef:0c:28:16:5b:08:2f:73:48:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep  6 00:00:26 2025 GMT
            Not After : Sep  5 00:05:26 2026 GMT
        Subject: CN=D9E7575552D070207129BEC82B2789F1A19AE9B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:80:7b:d8:a9:14:36:c4:01:0a:7b:e7:1c:d4:
                    84:b9:f5:d7:89:91:82:73:39:de:c7:76:a7:14:ba:
                    d1:22:cf:27:f6:00:94:5f:be:fa:f3:4d:88:f5:fd:
                    cf:e6:31:18:44:b1:8c:52:ac:1b:01:8a:9e:1a:89:
                    e0:59:70:ec:8d:a0:f5:8e:65:f8:5e:6b:02:a3:05:
                    d2:79:df:f8:d2:19:d2:e0:45:65:4a:d0:6a:f8:a8:
                    f6:c5:54:c2:2a:16:a7:52:01:86:2f:fa:ca:40:be:
                    35:40:79:09:33:30:a7:28:d6:52:5e:bf:02:5e:1c:
                    8e:08:20:09:b8:66:39:3e:d8:94:cc:c5:21:23:47:
                    27:d3:e8:1f:fb:07:db:8b:a3:b9:90:af:2f:8f:c5:
                    94:42:9d:10:3e:32:5d:80:65:b7:c4:11:4c:6a:b8:
                    a5:17:55:00:f0:f1:a2:c9:ba:bb:10:29:09:ef:2c:
                    d0:d9:f3:03:ac:2e:d3:7c:40:bb:5b:fa:3c:e7:94:
                    f7:0a:22:f1:72:45:5d:a1:cf:4e:f9:11:32:49:c4:
                    97:ed:b6:5f:c4:c5:19:9a:d3:bf:b9:45:ed:78:35:
                    e1:f0:cb:4c:f9:5b:b1:99:b1:d1:ee:4a:dc:88:84:
                    09:2c:c1:14:78:cc:61:b4:e5:23:5b:80:fa:e2:b4:
                    9c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:E7:57:55:52:D0:70:20:71:29:BE:C8:2B:27:89:F1:A1:9A:E9:B3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.20.0/24
                  82.25.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c1:3c:fd:03:36:1c:51:db:9a:12:15:a7:ad:b9:cc:76:91:
         86:96:05:21:44:79:41:48:d9:c2:61:92:4f:af:82:a5:34:68:
         37:9d:01:a4:c5:0e:a9:e9:48:69:69:b2:a6:32:be:ea:86:1d:
         0b:6a:bd:74:92:79:93:3b:4b:b6:b7:02:cf:6a:fe:58:b5:38:
         51:82:be:11:40:70:f7:97:fe:66:59:3c:db:a5:bf:ce:e0:19:
         36:fc:7a:c5:2f:d3:e2:52:2d:95:67:b9:1b:84:a8:f4:0c:95:
         de:8a:71:66:87:c6:95:d2:d8:85:78:46:03:00:26:b6:96:5d:
         fe:dd:0f:fe:bb:b8:9a:15:4b:28:f0:df:b7:81:02:7b:27:b3:
         65:81:f6:c0:07:58:75:63:bb:8a:4c:dd:3c:31:90:c7:50:32:
         9b:ed:d2:f0:e4:1a:86:25:5f:53:d2:da:1c:87:60:0c:3a:3b:
         b0:49:e9:e3:d6:9f:50:f1:15:bb:13:58:79:f7:23:73:47:79:
         11:8d:ed:66:9b:9f:a0:83:1d:e8:b0:2a:b1:15:b0:5e:27:19:
         a1:3c:ef:e3:b7:66:00:ba:e5:6d:9e:49:93:39:bc:19:dd:36:
         31:eb:18:ff:d3:18:cf:84:1c:e7:a4:f2:31:d4:db:fa:0b:be:
         d5:89:2a:8b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUWXJU8vH/hjLITu8MKBZbCC9zSGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MDYwMDAwMjZaFw0yNjA5MDUwMDA1MjZaMDMxMTAvBgNV
BAMTKEQ5RTc1NzU1NTJEMDcwMjA3MTI5QkVDODJCMjc4OUYxQTE5QUU5QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQgHvYqRQ2xAEKe+cc1IS59deJ
kYJzOd7HdqcUutEizyf2AJRfvvrzTYj1/c/mMRhEsYxSrBsBip4aieBZcOyNoPWO
ZfheawKjBdJ53/jSGdLgRWVK0Gr4qPbFVMIqFqdSAYYv+spAvjVAeQkzMKco1lJe
vwJeHI4IIAm4Zjk+2JTMxSEjRyfT6B/7B9uLo7mQry+PxZRCnRA+Ml2AZbfEEUxq
uKUXVQDw8aLJursQKQnvLNDZ8wOsLtN8QLtb+jznlPcKIvFyRV2hz075ETJJxJft
tl/ExRma07+5Re14NeHwy0z5W7GZsdHuStyIhAkswRR4zGG05SNbgPritJwTAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU2edXVVLQcCBxKb7IKyeJ8aGa6bMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSGRQD
BABSGTowDQYJKoZIhvcNAQELBQADggEBAKHBPP0DNhxR25oSFaetucx2kYaWBSFE
eUFI2cJhkk+vgqU0aDedAaTFDqnpSGlpsqYyvuqGHQtqvXSSeZM7S7a3As9q/li1
OFGCvhFAcPeX/mZZPNulv87gGTb8esUv0+JSLZVnuRuEqPQMld6KcWaHxpXS2IV4
RgMAJraWXf7dD/67uJoVSyjw37eBAnsns2WB9sAHWHVju4pM3TwxkMdQMpvt0vDk
GoYlX1PS2hyHYAw6O7BJ6ePWn1DxFbsTWHn3I3NHeRGN7Wabn6CDHeiwKrEVsF4n
GaE87+O3ZgC65W2eSZM5vBndNjHrGP/TGM+EHOek8jHU2/oLvtWJKos=
-----END CERTIFICATE-----