Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206136.roa
File:                     AS206136.roa (raw, json)
Hash identifier:          jh/gsSKf8r10PgCMt1rMTMPSUCMCz6LUDw0d1+Ow4AQ=
Subject key identifier:   F1:E9:0F:CC:64:2F:EA:0E:03:E7:BE:43:C8:0D:FA:22:90:93:DC:FD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       225040B62F65D7ED7C5B998A8E0DEA51F33832C7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206136.roa
Signing time:             Fri 24 Apr 2026 04:19:01 +0000
ROA not before:           Fri 24 Apr 2026 04:14:01 +0000
ROA not after:            Fri 23 Apr 2027 04:19:01 +0000
asID:                     206136
IP address blocks:        82.39.207.0/24 maxlen: 24
                          82.40.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:50:40:b6:2f:65:d7:ed:7c:5b:99:8a:8e:0d:ea:51:f3:38:32:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 24 04:14:01 2026 GMT
            Not After : Apr 23 04:19:01 2027 GMT
        Subject: CN=F1E90FCC642FEA0E03E7BE43C80DFA229093DCFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:62:ce:df:6f:31:66:63:cf:ad:43:1b:c9:5f:
                    bc:7b:1a:52:02:f0:29:96:05:eb:8e:36:2a:0e:8d:
                    13:7f:ef:35:b1:3d:61:22:35:f7:11:2c:3c:5a:e9:
                    ea:a3:19:e8:dd:64:6c:0c:b4:6c:73:57:7c:09:ee:
                    b8:8b:d1:b7:a8:00:a6:27:64:33:ac:42:5b:01:4c:
                    a2:06:13:4e:ca:78:10:ed:6f:5c:95:e2:cf:bc:29:
                    1e:3d:23:d1:46:00:9e:76:f0:f2:de:90:31:73:71:
                    8a:45:85:61:10:88:25:6e:06:8b:3a:ec:21:a7:9e:
                    88:8a:0c:9b:7e:78:45:0a:73:b5:7f:31:66:e4:9f:
                    58:25:3a:c6:5a:f9:ae:c1:a8:74:88:4b:92:d0:1f:
                    8a:b6:08:94:ee:06:59:ff:33:bc:2b:ff:59:62:45:
                    02:71:5b:cd:22:f5:fb:81:e1:fd:b7:1c:c1:a5:e0:
                    cc:36:df:39:c0:15:26:03:70:1c:4c:c7:bb:a1:b5:
                    c8:68:23:a6:7b:64:96:55:c9:ae:8c:df:ab:74:4b:
                    f4:7c:af:89:60:70:9d:9a:f4:c3:74:ce:66:4c:7c:
                    ce:b9:a1:8f:75:e8:74:e0:c4:de:05:48:b8:20:e0:
                    a3:65:f4:44:18:52:56:6f:5e:82:09:2f:7a:70:d1:
                    7e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E9:0F:CC:64:2F:EA:0E:03:E7:BE:43:C8:0D:FA:22:90:93:DC:FD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.207.0/24
                  82.40.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:54:93:ae:70:26:96:7e:0c:d0:e6:bc:da:25:f3:4e:c0:7c:
         3a:ce:56:ba:64:e4:b9:9c:a6:b5:ea:5e:3f:ba:c9:59:68:a4:
         24:2f:45:cc:cb:c3:fe:c7:f3:64:4f:87:b9:13:1b:f0:43:b1:
         3b:23:11:ab:b5:fe:f4:9c:39:f2:a0:20:ca:88:d8:8d:0d:41:
         5b:9d:62:09:9e:b8:3f:6e:fe:45:2f:3b:6d:45:d3:e5:9c:3e:
         b2:d9:d7:b2:6a:f6:4e:e9:98:67:2d:ef:62:d7:09:d0:84:42:
         3a:04:88:b4:72:4d:2d:3c:ed:b1:e7:da:a8:bc:5a:ac:f7:a1:
         1f:e9:c0:2f:95:7c:c5:db:fd:ee:df:b4:32:99:87:2f:56:e1:
         eb:9c:a0:32:db:6c:62:68:62:44:77:10:5e:a3:5d:62:d8:72:
         ae:af:08:5f:27:38:88:75:19:e1:ae:c1:ce:ac:34:20:85:79:
         c5:31:fc:42:ae:13:1b:2a:76:fc:d2:a4:94:8d:63:95:eb:1c:
         d7:16:b6:16:36:a5:3b:6b:50:3e:8f:b6:02:27:ee:f2:77:36:
         db:1b:58:ed:b0:db:b5:fc:21:cb:82:5c:a4:52:a3:ea:82:b7:
         4e:51:fb:f4:a1:1c:ef:04:37:94:9d:a8:a7:7b:14:08:21:31:
         c3:5b:cf:66
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUIlBAti9l1+18W5mKjg3qUfM4MscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjQwNDE0MDFaFw0yNzA0MjMwNDE5MDFaMDMxMTAvBgNV
BAMTKEYxRTkwRkNDNjQyRkVBMEUwM0U3QkU0M0M4MERGQTIyOTA5M0RDRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChYs7fbzFmY8+tQxvJX7x7GlIC
8CmWBeuONioOjRN/7zWxPWEiNfcRLDxa6eqjGejdZGwMtGxzV3wJ7riL0beoAKYn
ZDOsQlsBTKIGE07KeBDtb1yV4s+8KR49I9FGAJ528PLekDFzcYpFhWEQiCVuBos6
7CGnnoiKDJt+eEUKc7V/MWbkn1glOsZa+a7BqHSIS5LQH4q2CJTuBln/M7wr/1li
RQJxW80i9fuB4f23HMGl4Mw23znAFSYDcBxMx7uhtchoI6Z7ZJZVya6M36t0S/R8
r4lgcJ2a9MN0zmZMfM65oY916HTgxN4FSLgg4KNl9EQYUlZvXoIJL3pw0X4jAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU8ekPzGQv6g4D575DyA36IpCT3P0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA2MTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUifP
AwQAUigkMA0GCSqGSIb3DQEBCwUAA4IBAQBXVJOucCaWfgzQ5rzaJfNOwHw6zla6
ZOS5nKa16l4/uslZaKQkL0XMy8P+x/NkT4e5ExvwQ7E7IxGrtf70nDnyoCDKiNiN
DUFbnWIJnrg/bv5FLzttRdPlnD6y2deyavZO6ZhnLe9i1wnQhEI6BIi0ck0tPO2x
59qovFqs96Ef6cAvlXzF2/3u37QymYcvVuHrnKAy22xiaGJEdxBeo11i2HKurwhf
JziIdRnhrsHOrDQghXnFMfxCrhMbKnb80qSUjWOV6xzXFrYWNqU7a1A+j7YCJ+7y
dzbbG1jtsNu1/CHLglykUqPqgrdOUfv0oRzvBDeUnainexQIITHDW89m
-----END CERTIFICATE-----