Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142240.roa
File:                     AS142240.roa (raw, json)
Hash identifier:          h0+E1mjo0F3bbnhNdqz/48HVa6h7gZFmZ4UpcHYah+I=
Subject key identifier:   70:87:BE:CB:53:2B:00:2C:38:63:E6:3D:D4:36:1A:10:80:39:E5:5B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       733E2F77299471F91C9AAB848BC9DB9D6800F5AE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142240.roa
Signing time:             Thu 07 May 2026 11:05:52 +0000
ROA not before:           Thu 07 May 2026 11:00:52 +0000
ROA not after:            Thu 06 May 2027 11:05:52 +0000
asID:                     142240
IP address blocks:        82.26.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:3e:2f:77:29:94:71:f9:1c:9a:ab:84:8b:c9:db:9d:68:00:f5:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  7 11:00:52 2026 GMT
            Not After : May  6 11:05:52 2027 GMT
        Subject: CN=7087BECB532B002C3863E63DD4361A108039E55B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:df:19:67:86:7b:76:39:19:7d:f5:6f:db:e2:
                    c1:41:ad:df:2a:da:6d:57:d5:fe:24:36:33:e2:03:
                    e7:35:e9:91:93:33:99:c2:7a:3f:a6:16:86:7d:20:
                    b4:fe:0b:66:de:91:fa:3b:c4:52:b7:46:17:8e:28:
                    b3:96:0f:68:bc:36:5b:e7:a9:02:35:b4:60:02:fa:
                    a9:47:04:4c:09:ab:d9:21:43:ed:a9:4d:c2:b4:92:
                    3b:fc:df:1b:45:68:93:7e:2c:2d:cd:43:45:c4:63:
                    5c:5e:12:f2:33:4d:62:8d:9f:04:e4:b2:22:37:c8:
                    37:d6:e1:da:4f:99:6b:ff:9f:54:15:3d:ec:b0:69:
                    01:3a:41:d2:8d:d8:f5:c9:70:82:ae:a5:94:09:ac:
                    4c:c5:37:42:9e:cf:96:66:08:3b:91:e7:d9:1b:43:
                    b8:66:76:3f:db:a2:02:fc:3e:97:2f:23:3a:e9:80:
                    20:b1:d5:45:23:81:35:ac:51:a1:2f:be:97:2b:1b:
                    62:80:82:5b:5c:bb:42:4d:06:43:48:84:bf:93:54:
                    fe:38:42:a9:2c:66:26:31:23:04:0f:3c:dd:5d:16:
                    1a:ec:84:7a:4e:bd:72:5c:6a:0f:26:3a:a9:4c:c8:
                    8f:76:c3:3a:22:5b:0e:72:de:0b:74:77:45:93:99:
                    c4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:87:BE:CB:53:2B:00:2C:38:63:E6:3D:D4:36:1A:10:80:39:E5:5B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:3d:34:7b:b6:4e:a9:f6:64:65:d3:5a:2c:63:27:32:24:0d:
         2e:fd:8f:82:ed:cf:47:6f:f1:bd:6f:43:3e:f1:8a:f8:8a:47:
         52:ab:d2:99:cc:ab:43:da:8a:7e:f8:43:f1:87:75:ad:17:46:
         21:35:27:58:6d:87:ba:90:6a:3a:e9:1f:90:86:66:2e:39:b2:
         5a:a4:2e:20:ad:4f:1e:48:21:fc:04:09:5a:c2:e3:c8:8a:da:
         21:d5:4d:e6:f0:d5:c2:13:f2:b6:50:33:be:1a:63:b5:fd:52:
         97:3c:86:31:16:e0:90:7a:f0:f7:a4:14:a0:19:9b:8c:1e:3f:
         23:20:ae:92:89:4b:e2:1d:ab:bd:75:5d:aa:e4:87:3f:19:4a:
         87:1c:4b:a1:3b:1e:20:c2:2b:45:8e:9e:1e:70:91:1f:84:e2:
         a8:6d:1d:0d:b2:b4:40:ff:2a:c2:ec:22:5f:c8:08:3b:28:c7:
         1f:07:61:79:31:e8:73:3a:4e:ff:29:eb:15:4f:26:23:d4:26:
         f4:54:8c:39:73:3c:59:32:ce:38:e6:71:e9:24:ab:07:27:95:
         1b:49:8c:6d:bc:71:39:71:c2:c3:94:9e:22:b8:c8:24:b2:49:
         b6:38:1b:65:9e:4e:4b:bc:5f:16:18:9b:65:52:e4:46:b8:b4:
         41:4e:a5:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcz4vdymUcfkcmquEi8nbnWgA9a4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDcxMTAwNTJaFw0yNzA1MDYxMTA1NTJaMDMxMTAvBgNV
BAMTKDcwODdCRUNCNTMyQjAwMkMzODYzRTYzREQ0MzYxQTEwODAzOUU1NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ3xlnhnt2ORl99W/b4sFBrd8q
2m1X1f4kNjPiA+c16ZGTM5nCej+mFoZ9ILT+C2bekfo7xFK3RheOKLOWD2i8Nlvn
qQI1tGAC+qlHBEwJq9khQ+2pTcK0kjv83xtFaJN+LC3NQ0XEY1xeEvIzTWKNnwTk
siI3yDfW4dpPmWv/n1QVPeywaQE6QdKN2PXJcIKupZQJrEzFN0Kez5ZmCDuR59kb
Q7hmdj/bogL8PpcvIzrpgCCx1UUjgTWsUaEvvpcrG2KAgltcu0JNBkNIhL+TVP44
QqksZiYxIwQPPN1dFhrshHpOvXJcag8mOqlMyI92wzoiWw5y3gt0d0WTmcTRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcIe+y1MrACw4Y+Y91DYaEIA55VswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQyMjQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhqb
MA0GCSqGSIb3DQEBCwUAA4IBAQCFPTR7tk6p9mRl01osYycyJA0u/Y+C7c9Hb/G9
b0M+8Yr4ikdSq9KZzKtD2op++EPxh3WtF0YhNSdYbYe6kGo66R+QhmYuObJapC4g
rU8eSCH8BAlawuPIitoh1U3m8NXCE/K2UDO+GmO1/VKXPIYxFuCQevD3pBSgGZuM
Hj8jIK6SiUviHau9dV2q5Ic/GUqHHEuhOx4gwitFjp4ecJEfhOKobR0NsrRA/yrC
7CJfyAg7KMcfB2F5MehzOk7/KesVTyYj1Cb0VIw5czxZMs445nHpJKsHJ5UbSYxt
vHE5ccLDlJ4iuMgkskm2OBtlnk5LvF8WGJtlUuRGuLRBTqV4
-----END CERTIFICATE-----