Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS10103.roa
File:                     AS10103.roa (raw, json)
Hash identifier:          sUlRNHUrTRd1mnOtxgi7f19K/9/yD2VgIMUyMEx0IV8=
Subject key identifier:   BB:DD:C6:57:69:82:9F:C2:F5:5D:33:C9:0A:59:4B:32:70:3D:DA:D8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4115247116C3D2C7BB64CC6021054B5A3CDC92AF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS10103.roa
Signing time:             Mon 05 May 2025 13:30:15 +0000
ROA not before:           Mon 05 May 2025 13:25:15 +0000
ROA not after:            Mon 04 May 2026 13:30:15 +0000
asID:                     10103
IP address blocks:        82.26.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 14:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:15:24:71:16:c3:d2:c7:bb:64:cc:60:21:05:4b:5a:3c:dc:92:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  5 13:25:15 2025 GMT
            Not After : May  4 13:30:15 2026 GMT
        Subject: CN=BBDDC65769829FC2F55D33C90A594B32703DDAD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bb:76:dc:38:28:8f:78:20:c5:f0:05:14:8c:
                    d8:77:b6:1f:78:4a:fc:44:2c:4d:a6:0d:2c:c4:41:
                    bb:60:e4:e5:9d:91:41:85:15:26:4d:71:0c:0b:b0:
                    42:b3:e9:0b:bd:17:a6:9f:19:d4:71:4f:71:93:11:
                    31:0a:80:7c:22:b2:b8:3b:cf:24:82:4e:ba:20:4d:
                    20:3b:d5:31:a1:4b:d3:fe:9e:bb:ed:2e:61:c7:ce:
                    57:60:e5:37:58:92:9c:c7:d1:65:00:6e:90:10:fc:
                    6a:47:b7:31:f4:ef:4e:9c:dd:1e:4a:94:bc:2c:0b:
                    5c:3d:e1:99:b4:db:b6:f2:32:cb:3e:9b:1d:a2:50:
                    66:89:79:62:8a:1c:c9:5d:45:a8:03:4f:dd:3f:92:
                    e1:41:59:b1:ed:8d:40:d1:fc:3d:4c:65:7d:4b:0e:
                    fa:79:ec:87:3e:26:d1:1b:79:17:ba:fb:29:b9:f0:
                    c2:52:1a:e7:ba:83:c8:de:4a:6e:25:7e:b1:98:27:
                    0d:c2:96:53:cd:0a:b6:75:b1:db:da:b6:ae:74:59:
                    98:f2:13:73:82:62:c1:26:79:ff:3a:89:10:51:54:
                    fd:8d:2b:c5:84:d5:f3:ad:69:3a:3d:b1:18:6f:cd:
                    59:23:3d:fe:1d:c5:30:85:00:03:89:39:24:ec:b0:
                    8a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:DD:C6:57:69:82:9F:C2:F5:5D:33:C9:0A:59:4B:32:70:3D:DA:D8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS10103.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e9:6e:76:73:d7:20:06:e8:ca:8f:4d:e8:10:e5:0b:63:36:
         55:d3:03:33:51:11:e0:48:4a:2f:26:ad:71:a3:e1:0d:60:a3:
         d4:a5:45:3a:2c:1c:8a:0a:a3:74:b5:4b:50:b2:12:b0:ba:95:
         f5:ed:59:48:7c:70:a4:16:39:1f:44:fe:0b:3a:b3:3f:65:a7:
         62:59:c4:c8:07:17:10:46:d5:a4:8e:3b:47:b8:8e:25:bb:52:
         e2:a9:72:33:94:2e:95:30:fe:27:4a:19:b4:48:e4:29:51:55:
         3b:ba:6a:bc:f3:88:9a:b8:64:be:ad:23:e1:8b:b2:be:83:d6:
         73:e2:ce:ff:09:01:e2:8f:0b:61:f6:9a:4b:09:e2:3a:79:7a:
         88:43:44:09:03:2a:f0:fa:96:7e:0f:b0:31:42:23:91:7b:8f:
         6a:b0:b9:51:d5:1e:04:8e:5d:b3:0b:cd:a7:cf:05:de:b1:7d:
         c3:81:01:b9:3b:70:fd:b6:0a:e1:4c:af:71:dc:51:ce:1b:c7:
         8a:f5:a4:89:4c:18:b4:e1:63:19:12:64:d9:2c:53:00:0c:00:
         14:eb:cd:3e:41:27:66:9f:bc:5f:55:0d:f7:de:0f:28:0d:48:
         17:26:b6:36:fc:11:f3:36:48:a5:d5:74:7f:d3:f4:38:be:53:
         47:dd:94:9c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQRUkcRbD0se7ZMxgIQVLWjzckq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MDUxMzI1MTVaFw0yNjA1MDQxMzMwMTVaMDMxMTAvBgNV
BAMTKEJCRERDNjU3Njk4MjlGQzJGNTVEMzNDOTBBNTk0QjMyNzAzRERBRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/u3bcOCiPeCDF8AUUjNh3th94
SvxELE2mDSzEQbtg5OWdkUGFFSZNcQwLsEKz6Qu9F6afGdRxT3GTETEKgHwisrg7
zySCTrogTSA71TGhS9P+nrvtLmHHzldg5TdYkpzH0WUAbpAQ/GpHtzH0706c3R5K
lLwsC1w94Zm027byMss+mx2iUGaJeWKKHMldRagDT90/kuFBWbHtjUDR/D1MZX1L
Dvp57Ic+JtEbeRe6+ym58MJSGue6g8jeSm4lfrGYJw3CllPNCrZ1sdvatq50WZjy
E3OCYsEmef86iRBRVP2NK8WE1fOtaTo9sRhvzVkjPf4dxTCFAAOJOSTssIrdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUu93GV2mCn8L1XTPJCllLMnA92tgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTAxMDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGoIw
DQYJKoZIhvcNAQELBQADggEBAKDpbnZz1yAG6MqPTegQ5QtjNlXTAzNREeBISi8m
rXGj4Q1go9SlRTosHIoKo3S1S1CyErC6lfXtWUh8cKQWOR9E/gs6sz9lp2JZxMgH
FxBG1aSOO0e4jiW7UuKpcjOULpUw/idKGbRI5ClRVTu6arzziJq4ZL6tI+GLsr6D
1nPizv8JAeKPC2H2mksJ4jp5eohDRAkDKvD6ln4PsDFCI5F7j2qwuVHVHgSOXbML
zafPBd6xfcOBAbk7cP22CuFMr3HcUc4bx4r1pIlMGLThYxkSZNksUwAMABTrzT5B
J2afvF9VDffeDygNSBcmtjb8EfM2SKXVdH/T9Di+U0fdlJw=
-----END CERTIFICATE-----