Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          YZDRAJJpND98jrlu9+yK3ztbSg/6nIJzV7QY9BsnxgI=
Subject key identifier:   0E:B2:17:F5:09:09:31:01:99:C1:47:5F:9E:58:5C:30:1A:AD:FF:12
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       55342C13EFF721F19D7131894D3918A64C6C6EEA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135402.roa
Signing time:             Fri 26 Sep 2025 12:32:45 +0000
ROA not before:           Fri 26 Sep 2025 12:27:45 +0000
ROA not after:            Fri 25 Sep 2026 12:32:45 +0000
asID:                     135402
IP address blocks:        82.21.204.0/24 maxlen: 24
                          82.24.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:34:2c:13:ef:f7:21:f1:9d:71:31:89:4d:39:18:a6:4c:6c:6e:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 26 12:27:45 2025 GMT
            Not After : Sep 25 12:32:45 2026 GMT
        Subject: CN=0EB217F50909310199C1475F9E585C301AADFF12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:48:f0:39:05:b9:29:ca:71:ef:49:5e:fd:c8:
                    18:c6:20:41:a8:33:80:8f:f2:2b:6b:3c:1e:ad:a2:
                    10:2d:81:c9:f1:4a:c1:38:dd:e4:77:f8:4c:1c:fe:
                    34:2b:d1:fa:c5:0a:0e:d1:b6:a3:8b:f0:05:2e:f4:
                    6c:02:85:1d:d2:66:a4:8a:44:26:61:08:ca:3a:0d:
                    af:b1:75:4d:27:5f:ad:f1:82:bc:cf:59:9d:eb:41:
                    6f:5d:24:5a:70:d5:be:40:e9:09:79:75:fb:67:87:
                    b0:f0:a5:69:31:45:22:23:e9:56:de:4d:df:2a:12:
                    78:57:7b:64:ad:e4:53:ce:6b:cc:a0:90:a0:d6:48:
                    e1:f9:cb:a4:56:35:00:93:78:e4:3a:39:eb:e7:74:
                    46:24:94:30:4d:c0:22:47:a2:29:f1:95:a9:ea:98:
                    30:1a:cd:f5:83:e5:bd:a4:e6:f1:f7:c7:b5:35:de:
                    64:38:14:c0:9f:1f:4a:1a:78:b9:c7:5e:be:ff:2a:
                    d8:52:bc:98:51:1d:f0:b3:8e:3d:13:ae:a7:aa:9d:
                    a1:51:ea:c7:1c:8e:de:bd:dc:61:ed:0e:d9:6a:5c:
                    44:29:9e:af:33:d4:dd:a4:a9:19:69:30:3b:13:b8:
                    77:6d:70:cf:72:02:57:c9:bb:28:81:73:17:c9:11:
                    49:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B2:17:F5:09:09:31:01:99:C1:47:5F:9E:58:5C:30:1A:AD:FF:12
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.204.0/24
                  82.24.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:cc:9b:16:c2:87:24:da:a1:a7:50:ea:b3:a9:b4:34:ba:74:
         a4:8a:2e:9d:17:80:62:51:ad:31:b7:a5:69:30:4c:6e:6f:9a:
         94:c4:72:91:66:f0:1e:48:30:1f:00:85:4c:a2:fe:d0:97:c0:
         bf:a2:4c:36:9c:7b:42:4c:d3:13:c8:24:4b:ee:5a:53:58:eb:
         5a:51:cc:86:ce:da:80:53:90:da:0a:ec:ac:d2:9b:45:3a:72:
         0e:da:d5:f5:47:9c:52:a3:ed:ad:7b:73:11:50:d7:60:7c:02:
         85:eb:3c:7f:10:33:20:32:8c:7b:47:91:a5:f4:88:56:77:70:
         a1:dd:d3:b9:25:e1:c5:ef:d8:eb:29:21:29:f8:1f:99:14:78:
         dd:f0:32:ab:5a:7d:b3:46:e1:dc:aa:64:80:c7:66:77:42:32:
         b4:e3:07:64:f5:03:e5:48:0d:1b:a2:11:4b:97:56:04:fd:92:
         48:35:8d:20:74:86:37:55:12:c9:4c:03:14:76:b8:14:f2:3f:
         bb:cf:6d:c7:9e:40:ac:4e:ca:39:40:60:1a:a7:37:f9:51:0f:
         5f:b1:e2:1f:b6:68:cf:ce:ae:2b:32:6f:34:96:01:99:c8:6c:
         6d:d1:13:8d:23:99:51:7b:f8:1e:75:e5:8f:8c:18:bb:54:eb:
         15:04:d3:e9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUVTQsE+/3IfGdcTGJTTkYpkxsbuowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MjYxMjI3NDVaFw0yNjA5MjUxMjMyNDVaMDMxMTAvBgNV
BAMTKDBFQjIxN0Y1MDkwOTMxMDE5OUMxNDc1RjlFNTg1QzMwMUFBREZGMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkSPA5BbkpynHvSV79yBjGIEGo
M4CP8itrPB6tohAtgcnxSsE43eR3+Ewc/jQr0frFCg7RtqOL8AUu9GwChR3SZqSK
RCZhCMo6Da+xdU0nX63xgrzPWZ3rQW9dJFpw1b5A6Ql5dftnh7DwpWkxRSIj6Vbe
Td8qEnhXe2St5FPOa8ygkKDWSOH5y6RWNQCTeOQ6OevndEYklDBNwCJHoinxlanq
mDAazfWD5b2k5vH3x7U13mQ4FMCfH0oaeLnHXr7/KthSvJhRHfCzjj0TrqeqnaFR
6sccjt693GHtDtlqXEQpnq8z1N2kqRlpMDsTuHdtcM9yAlfJuyiBcxfJEUmVAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUDrIX9QkJMQGZwUdfnlhcMBqt/xIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhXM
AwQAUhh4MA0GCSqGSIb3DQEBCwUAA4IBAQCjzJsWwock2qGnUOqzqbQ0unSkii6d
F4BiUa0xt6VpMExub5qUxHKRZvAeSDAfAIVMov7Ql8C/okw2nHtCTNMTyCRL7lpT
WOtaUcyGztqAU5DaCuys0ptFOnIO2tX1R5xSo+2te3MRUNdgfAKF6zx/EDMgMox7
R5Gl9IhWd3Ch3dO5JeHF79jrKSEp+B+ZFHjd8DKrWn2zRuHcqmSAx2Z3QjK04wdk
9QPlSA0bohFLl1YE/ZJINY0gdIY3VRLJTAMUdrgU8j+7z23HnkCsTso5QGAapzf5
UQ9fseIftmjPzq4rMm80lgGZyGxt0RONI5lRe/gedeWPjBi7VOsVBNPp
-----END CERTIFICATE-----