Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          dY4Nqs2cAbt+LN3dmLNe1f9qSSiNuMEuYrtJKvbgxd8=
Subject key identifier:   C5:04:78:DA:4F:0B:D8:05:E7:0E:54:35:11:4A:A0:1C:BE:4E:48:92
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0F25B5F7A129ADE121C3D20C65AC43C96F36D713
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135402.roa
Signing time:             Wed 11 Jun 2025 13:35:54 +0000
ROA not before:           Wed 11 Jun 2025 13:30:54 +0000
ROA not after:            Wed 10 Jun 2026 13:35:54 +0000
asID:                     135402
IP address blocks:        82.21.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:25:b5:f7:a1:29:ad:e1:21:c3:d2:0c:65:ac:43:c9:6f:36:d7:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 11 13:30:54 2025 GMT
            Not After : Jun 10 13:35:54 2026 GMT
        Subject: CN=C50478DA4F0BD805E70E5435114AA01CBE4E4892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5a:73:c7:9c:55:b8:85:1a:9a:4c:cb:64:a0:
                    f8:46:9c:c8:e1:d9:e2:85:be:c2:4a:01:6c:4f:4f:
                    b8:a5:e0:0e:07:4b:1a:f8:b3:3f:42:c9:7f:68:9d:
                    62:d7:65:9f:53:7a:26:b1:96:61:cc:44:6f:0a:42:
                    5d:5e:63:7c:f3:63:6a:a8:8b:25:69:2a:52:17:e2:
                    1c:c5:10:fa:40:7c:b1:a6:18:2f:6e:13:61:0b:1e:
                    92:fb:e8:b2:61:7b:a1:1a:37:08:a1:f0:02:c9:95:
                    f5:a3:8b:46:75:ef:d4:36:f9:10:6e:86:1a:35:5a:
                    75:e1:db:a5:32:89:71:9b:00:5a:52:c0:1a:83:3b:
                    7b:6b:93:f6:2b:75:f2:40:b1:d1:b6:8b:2c:a7:df:
                    7d:53:04:7a:a1:91:3f:8a:77:27:aa:fa:50:e3:58:
                    1f:bf:6d:e4:e1:f4:11:66:54:ef:82:34:79:09:ab:
                    b4:f6:45:c9:a7:ed:f2:1c:a0:54:11:c2:e9:b9:a9:
                    1f:1a:1c:27:fa:a2:bf:7d:19:16:fa:e0:08:a2:a4:
                    8e:28:2b:5c:58:e8:bf:6d:2e:85:10:96:4c:fc:be:
                    94:12:a3:53:52:94:0c:2e:a3:1b:40:ad:49:29:cb:
                    d7:9c:ef:7d:5f:99:04:50:9c:27:1c:41:dc:6c:32:
                    10:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:04:78:DA:4F:0B:D8:05:E7:0E:54:35:11:4A:A0:1C:BE:4E:48:92
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:59:5f:1b:3a:fc:6b:3c:94:73:88:3a:af:70:a9:ab:0b:ed:
         ac:21:b9:be:98:8c:1b:86:2d:9f:f5:6c:4c:6f:2d:ee:28:1d:
         5c:d5:1e:8b:5a:0b:98:4d:cf:5b:00:8f:94:bf:6a:87:93:c4:
         0d:e3:1f:b9:73:37:c7:41:e3:58:9c:47:7b:77:d1:5f:0c:f8:
         4a:3f:f1:44:4e:ac:eb:46:38:e6:51:b5:14:92:67:f0:a5:05:
         9c:d6:65:2e:1d:43:d6:bf:81:20:09:85:e6:b7:c1:ba:8a:0d:
         f3:df:6a:f9:05:30:c4:4a:fb:50:a2:0d:c4:1e:47:67:12:42:
         91:4a:51:01:ae:cc:65:b5:cd:2d:5b:8a:59:d6:95:e5:1b:42:
         d0:24:90:d4:97:b3:84:2e:38:fd:ea:57:a1:5a:9e:e7:ba:9a:
         fb:a9:a2:e3:55:8b:89:5b:24:5c:44:9d:85:83:57:97:2e:1e:
         8f:13:dd:05:9f:d2:18:46:89:a1:7c:6b:dc:8a:7a:02:b5:df:
         3b:7e:a0:e6:0c:15:72:19:f4:cf:1c:47:00:db:a4:9d:49:f9:
         d2:79:97:dd:54:33:b2:92:ba:26:67:f3:e0:a0:86:33:71:50:
         ef:95:8e:28:e9:7f:de:97:1f:23:7c:ff:10:16:f5:c5:52:d5:
         57:8d:75:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDyW196EpreEhw9IMZaxDyW821xMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTExMzMwNTRaFw0yNjA2MTAxMzM1NTRaMDMxMTAvBgNV
BAMTKEM1MDQ3OERBNEYwQkQ4MDVFNzBFNTQzNTExNEFBMDFDQkU0RTQ4OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDWnPHnFW4hRqaTMtkoPhGnMjh
2eKFvsJKAWxPT7il4A4HSxr4sz9CyX9onWLXZZ9TeiaxlmHMRG8KQl1eY3zzY2qo
iyVpKlIX4hzFEPpAfLGmGC9uE2ELHpL76LJhe6EaNwih8ALJlfWji0Z179Q2+RBu
hho1WnXh26UyiXGbAFpSwBqDO3trk/YrdfJAsdG2iyyn331TBHqhkT+Kdyeq+lDj
WB+/beTh9BFmVO+CNHkJq7T2Rcmn7fIcoFQRwum5qR8aHCf6or99GRb64AiipI4o
K1xY6L9tLoUQlkz8vpQSo1NSlAwuoxtArUkpy9ec731fmQRQnCccQdxsMhAFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxQR42k8L2AXnDlQ1EUqgHL5OSJIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhXM
MA0GCSqGSIb3DQEBCwUAA4IBAQBBWV8bOvxrPJRziDqvcKmrC+2sIbm+mIwbhi2f
9WxMby3uKB1c1R6LWguYTc9bAI+Uv2qHk8QN4x+5czfHQeNYnEd7d9FfDPhKP/FE
TqzrRjjmUbUUkmfwpQWc1mUuHUPWv4EgCYXmt8G6ig3z32r5BTDESvtQog3EHkdn
EkKRSlEBrsxltc0tW4pZ1pXlG0LQJJDUl7OELjj96lehWp7nupr7qaLjVYuJWyRc
RJ2Fg1eXLh6PE90Fn9IYRomhfGvcinoCtd87fqDmDBVyGfTPHEcA26SdSfnSeZfd
VDOykromZ/PgoIYzcVDvlY4o6X/elx8jfP8QFvXFUtVXjXWz
-----END CERTIFICATE-----