Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS133731.roa
File:                     AS133731.roa (raw, json)
Hash identifier:          y1HCvDKNi7eyln3FIW2MoRU+j0rwumnOg9++RPV+0kU=
Subject key identifier:   A7:76:A3:E7:A4:06:2D:3F:7C:B5:F3:16:1F:FF:1F:F7:00:3C:2F:49
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0970808E083E834C8E328C1BDFCED3500541279F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS133731.roa
Signing time:             Thu 03 Jul 2025 05:36:20 +0000
ROA not before:           Thu 03 Jul 2025 05:31:20 +0000
ROA not after:            Thu 02 Jul 2026 05:36:20 +0000
asID:                     133731
IP address blocks:        82.23.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:70:80:8e:08:3e:83:4c:8e:32:8c:1b:df:ce:d3:50:05:41:27:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  3 05:31:20 2025 GMT
            Not After : Jul  2 05:36:20 2026 GMT
        Subject: CN=A776A3E7A4062D3F7CB5F3161FFF1FF7003C2F49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:11:c8:c5:ca:cd:ed:e6:bb:a2:ee:1a:88:41:
                    14:f4:01:41:b3:1f:a3:b5:fb:81:01:79:e9:fe:5d:
                    53:06:ed:d6:eb:49:f0:08:8c:65:52:f6:0b:f7:cf:
                    22:b5:94:b9:50:27:51:5f:ca:61:2c:ac:dc:f0:dd:
                    ff:65:16:32:c0:b3:12:28:01:b4:8c:b5:d0:0c:dd:
                    4f:af:23:9b:5b:4f:c8:2c:ed:bb:68:21:78:2a:3e:
                    5d:15:72:84:76:ae:88:fe:5f:18:08:94:91:7f:fd:
                    a9:12:c9:cf:3a:64:b6:d8:db:20:28:91:3a:4e:87:
                    c1:d3:a0:c4:4f:13:b8:c1:43:c3:5b:55:74:d4:b6:
                    e1:18:87:26:ae:53:a6:93:26:0b:56:77:8d:c8:59:
                    6f:7b:92:54:44:68:f2:17:fa:8e:fa:e0:86:38:5f:
                    14:a6:da:2d:c9:be:f2:f9:b8:3f:e9:dc:56:6f:d5:
                    af:ba:c4:f8:5b:62:65:e8:e1:77:15:f3:45:66:bf:
                    55:8d:3a:f2:b8:f4:5f:be:e9:b5:31:1e:50:59:15:
                    2c:16:ca:45:e1:97:7b:2e:22:42:4b:de:95:ad:f9:
                    98:fc:5f:16:0b:b7:05:5f:ca:a3:2f:ad:d3:6e:0a:
                    fc:a8:65:31:5c:cb:b7:10:3f:85:92:df:5a:86:10:
                    92:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:76:A3:E7:A4:06:2D:3F:7C:B5:F3:16:1F:FF:1F:F7:00:3C:2F:49
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS133731.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:4b:71:ec:17:43:79:e1:97:3c:90:ca:ce:d6:e8:c7:5e:52:
         75:23:73:d1:dd:eb:5d:34:e4:9d:90:c7:72:87:11:b6:ad:d1:
         98:e4:70:35:8f:d5:8a:11:f2:a2:af:d5:4c:78:2d:be:76:ec:
         41:52:67:2d:2f:30:63:84:83:48:62:c0:cc:73:49:12:c7:7d:
         7d:2c:f3:92:e1:ef:c7:9b:ea:f3:c0:1c:17:17:60:01:ed:df:
         cc:e0:9f:3c:63:4c:5c:dc:75:07:d8:80:13:a8:55:c1:e6:d9:
         bb:c7:ce:f3:d0:1d:e4:12:33:2e:93:88:76:47:a5:a3:88:76:
         d3:1b:15:0f:15:20:02:b4:6d:bc:4e:f9:6e:f5:41:7b:3b:5d:
         49:3e:d8:59:ba:be:70:55:10:9b:4b:02:b7:82:ca:b4:e2:20:
         5d:e1:cc:20:f3:8b:5f:c2:cb:81:80:98:5f:97:c8:14:bf:3a:
         8d:c8:5f:67:2e:0f:29:62:6a:2b:e4:0f:d0:e0:77:a2:87:fd:
         40:f4:61:5f:c7:8d:f0:89:47:3f:5a:85:2f:25:38:9b:7f:77:
         01:e3:38:e2:f5:87:8b:c0:3e:1d:37:59:8a:ba:b7:de:1c:41:
         5d:46:92:d5:d3:20:85:cc:ba:30:e7:d6:9a:61:d5:97:ff:e7:
         d2:1a:9e:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCXCAjgg+g0yOMowb387TUAVBJ58wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDMwNTMxMjBaFw0yNjA3MDIwNTM2MjBaMDMxMTAvBgNV
BAMTKEE3NzZBM0U3QTQwNjJEM0Y3Q0I1RjMxNjFGRkYxRkY3MDAzQzJGNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6EcjFys3t5rui7hqIQRT0AUGz
H6O1+4EBeen+XVMG7dbrSfAIjGVS9gv3zyK1lLlQJ1FfymEsrNzw3f9lFjLAsxIo
AbSMtdAM3U+vI5tbT8gs7btoIXgqPl0VcoR2roj+XxgIlJF//akSyc86ZLbY2yAo
kTpOh8HToMRPE7jBQ8NbVXTUtuEYhyauU6aTJgtWd43IWW97klREaPIX+o764IY4
XxSm2i3JvvL5uD/p3FZv1a+6xPhbYmXo4XcV80Vmv1WNOvK49F++6bUxHlBZFSwW
ykXhl3suIkJL3pWt+Zj8XxYLtwVfyqMvrdNuCvyoZTFcy7cQP4WS31qGEJLzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUp3aj56QGLT98tfMWH/8f9wA8L0kwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTMzNzMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhf2
MA0GCSqGSIb3DQEBCwUAA4IBAQBJS3HsF0N54Zc8kMrO1ujHXlJ1I3PR3etdNOSd
kMdyhxG2rdGY5HA1j9WKEfKir9VMeC2+duxBUmctLzBjhINIYsDMc0kSx319LPOS
4e/Hm+rzwBwXF2AB7d/M4J88Y0xc3HUH2IATqFXB5tm7x87z0B3kEjMuk4h2R6Wj
iHbTGxUPFSACtG28Tvlu9UF7O11JPthZur5wVRCbSwK3gsq04iBd4cwg84tfwsuB
gJhfl8gUvzqNyF9nLg8pYmor5A/Q4Heih/1A9GFfx43wiUc/WoUvJTibf3cB4zji
9YeLwD4dN1mKurfeHEFdRpLV0yCFzLow59aaYdWX/+fSGp43
-----END CERTIFICATE-----