Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203728.roa
File:                     AS203728.roa (raw, json)
Hash identifier:          bbugzyH24IwSJn5FLo8ZmMGwPNVRB5kM6bZjTik4I5Q=
Subject key identifier:   3C:97:61:17:BD:5B:93:75:DC:48:38:1E:22:04:FF:F8:D4:52:84:0A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5E311636D1DD84DD7FCBC3161C5870FC5FB953D8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203728.roa
Signing time:             Thu 19 Mar 2026 15:04:49 +0000
ROA not before:           Thu 19 Mar 2026 14:59:49 +0000
ROA not after:            Thu 18 Mar 2027 15:04:49 +0000
asID:                     203728
IP address blocks:        82.21.8.0/24 maxlen: 24
                          82.22.11.0/24 maxlen: 24
                          82.25.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:31:16:36:d1:dd:84:dd:7f:cb:c3:16:1c:58:70:fc:5f:b9:53:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 19 14:59:49 2026 GMT
            Not After : Mar 18 15:04:49 2027 GMT
        Subject: CN=3C976117BD5B9375DC48381E2204FFF8D452840A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9c:0c:a9:02:50:ec:bb:09:56:7c:45:71:cc:
                    84:30:bb:21:43:fb:2f:d8:9e:de:74:3a:c7:36:4f:
                    52:a1:3d:8a:76:c7:d7:64:a8:09:c7:d4:75:13:dd:
                    7e:f7:58:99:7d:d7:1f:e4:7b:a4:7e:c0:cc:4b:e3:
                    cd:4a:ed:73:6b:8e:04:a1:57:f5:7d:4f:51:72:a9:
                    e4:f6:a7:72:60:b7:80:6a:fa:5c:92:0a:51:24:ec:
                    4a:b6:73:4f:e2:45:1b:ac:ad:22:92:bb:c9:8b:5c:
                    54:5c:f2:bb:2e:7b:c5:47:19:63:a0:51:8b:a0:b1:
                    47:1e:6c:05:f8:fd:db:56:74:63:58:07:91:41:42:
                    fc:6f:3f:d0:e7:92:c4:04:51:25:b4:00:46:b3:54:
                    0b:93:91:06:b1:5b:d1:e0:c4:79:4c:29:b3:b9:92:
                    e9:80:97:42:08:4e:32:f9:6b:1c:c0:5a:57:a8:d3:
                    5b:f9:be:ad:87:b3:e1:0c:14:2b:2f:d8:3c:1b:f5:
                    79:93:f3:e0:fe:0d:b5:5f:a9:d8:dd:85:7f:31:5b:
                    cc:52:0b:20:7c:e3:3c:43:db:b0:5e:de:db:bd:f5:
                    7b:87:a6:8a:d7:84:85:d0:89:1e:ec:45:70:ef:34:
                    66:c8:d4:04:43:71:10:cf:61:67:8a:a2:42:2b:15:
                    30:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:97:61:17:BD:5B:93:75:DC:48:38:1E:22:04:FF:F8:D4:52:84:0A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203728.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.8.0/24
                  82.22.11.0/24
                  82.25.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:60:45:38:40:32:dc:a2:ab:39:83:71:21:6e:2b:4a:61:01:
         82:c9:85:28:0c:1e:40:35:1a:ac:fd:b0:b4:ee:9f:d4:42:a5:
         c8:d5:ab:ac:f8:8f:e2:9b:25:c1:99:e5:fe:57:ab:10:d9:11:
         a2:79:9e:c6:4f:88:cc:71:1f:c3:c4:87:19:7d:d9:ea:3e:6b:
         ad:e1:6d:b1:8a:f8:b7:6b:1f:a7:c1:bf:f6:b5:29:6b:49:a4:
         6b:e6:4b:20:15:a2:91:66:4e:d7:43:fe:cf:79:19:ee:e1:8c:
         ae:e3:89:02:0f:b0:66:b2:c0:dd:ae:e6:b0:6d:65:96:1e:50:
         33:74:3a:cb:b1:a3:bd:fe:fa:ca:9a:9a:af:47:b9:41:78:7c:
         ac:52:13:70:c6:96:9a:8e:3b:2f:87:2f:b1:37:e9:24:ac:a7:
         71:8f:b4:e3:77:65:8d:c7:ff:0b:a6:e7:1a:e7:bc:03:1a:bb:
         d5:ac:e7:76:f4:49:8a:3e:9d:4b:d7:c4:cd:aa:42:b9:f4:cc:
         1f:fa:f9:95:06:c2:70:d1:97:44:f0:74:29:8e:cb:1b:b1:cb:
         d1:da:7c:cb:dc:55:ab:68:0f:e9:59:2e:2d:53:20:6e:e2:fe:
         23:ab:61:05:81:3a:e5:0d:1b:fe:4a:9c:85:9e:84:c3:68:a9:
         1f:59:55:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUXjEWNtHdhN1/y8MWHFhw/F+5U9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTkxNDU5NDlaFw0yNzAzMTgxNTA0NDlaMDMxMTAvBgNV
BAMTKDNDOTc2MTE3QkQ1QjkzNzVEQzQ4MzgxRTIyMDRGRkY4RDQ1Mjg0MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8nAypAlDsuwlWfEVxzIQwuyFD
+y/Ynt50Osc2T1KhPYp2x9dkqAnH1HUT3X73WJl91x/ke6R+wMxL481K7XNrjgSh
V/V9T1FyqeT2p3Jgt4Bq+lySClEk7Eq2c0/iRRusrSKSu8mLXFRc8rsue8VHGWOg
UYugsUcebAX4/dtWdGNYB5FBQvxvP9DnksQEUSW0AEazVAuTkQaxW9HgxHlMKbO5
kumAl0IITjL5axzAWleo01v5vq2Hs+EMFCsv2Dwb9XmT8+D+DbVfqdjdhX8xW8xS
CyB84zxD27Be3tu99XuHporXhIXQiR7sRXDvNGbI1ARDcRDPYWeKokIrFTBpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUPJdhF71bk3XcSDgeIgT/+NRShAowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzNzI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUhUI
AwQAUhYLAwQAUhktMA0GCSqGSIb3DQEBCwUAA4IBAQADYEU4QDLcoqs5g3EhbitK
YQGCyYUoDB5ANRqs/bC07p/UQqXI1aus+I/imyXBmeX+V6sQ2RGieZ7GT4jMcR/D
xIcZfdnqPmut4W2xivi3ax+nwb/2tSlrSaRr5ksgFaKRZk7XQ/7PeRnu4Yyu44kC
D7BmssDdruawbWWWHlAzdDrLsaO9/vrKmpqvR7lBeHysUhNwxpaajjsvhy+xN+kk
rKdxj7Tjd2WNx/8Lpuca57wDGrvVrOd29EmKPp1L18TNqkK59Mwf+vmVBsJw0ZdE
8HQpjssbscvR2nzL3FWraA/pWS4tUyBu4v4jq2EFgTrlDRv+SpyFnoTDaKkfWVVB
-----END CERTIFICATE-----