Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209104.roa
File:                     AS209104.roa (raw, json)
Hash identifier:          FenY7VX5fy4DMEQ60+/rRU/KOyOofrzJL9gRZjIS+as=
Subject key identifier:   77:DC:69:3A:36:DE:85:67:FC:5B:E4:FC:35:31:9D:35:31:AB:94:90
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       191BFC406E4E843847F39C46F65923244E1175E8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209104.roa
Signing time:             Wed 06 May 2026 02:29:46 +0000
ROA not before:           Wed 06 May 2026 02:24:46 +0000
ROA not after:            Wed 05 May 2027 02:29:46 +0000
asID:                     209104
IP address blocks:        82.26.202.0/24 maxlen: 24
                          178.83.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:1b:fc:40:6e:4e:84:38:47:f3:9c:46:f6:59:23:24:4e:11:75:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  6 02:24:46 2026 GMT
            Not After : May  5 02:29:46 2027 GMT
        Subject: CN=77DC693A36DE8567FC5BE4FC35319D3531AB9490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fb:27:ee:83:c8:d1:15:f6:16:72:7b:e1:85:
                    cb:f8:eb:bc:f3:15:40:13:2d:66:da:e7:26:c7:9a:
                    c9:e3:c6:f0:31:be:d9:be:fa:d7:f1:e3:79:93:ec:
                    e6:ea:ba:a7:7c:61:ce:70:83:ca:56:d7:0f:f6:9b:
                    da:a6:dd:3d:d9:88:0c:7e:9e:31:7e:04:2f:8c:82:
                    56:38:ec:ea:9a:03:d1:28:cb:f3:b9:6f:03:36:e3:
                    85:16:b2:a9:28:20:6a:28:5b:c9:bb:40:20:ae:6e:
                    d5:20:1d:21:b0:f7:1b:91:22:4a:13:15:26:d2:cf:
                    3e:0d:7d:7f:50:bb:0a:46:7e:32:ea:65:c1:49:f3:
                    8f:6a:de:9d:54:eb:a9:d1:35:0b:8a:b7:51:ba:7a:
                    cd:48:5a:70:bc:45:7d:e4:0c:ae:f6:9b:93:ef:81:
                    67:74:da:ea:04:54:0c:8d:70:e5:79:2f:37:b6:1a:
                    bb:f9:4e:95:b9:6c:82:18:fe:e4:8b:d2:ae:fe:ba:
                    02:d2:cf:57:3e:31:f7:74:b1:5b:f0:1a:2d:97:ae:
                    28:1d:59:e1:50:fa:05:f0:5b:1f:41:f1:b5:f7:62:
                    d9:17:f6:61:e1:84:63:f4:5c:b3:4f:eb:7a:77:f6:
                    ec:c9:fa:c2:69:7a:e5:51:12:f1:82:ac:9e:f5:a5:
                    c7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:DC:69:3A:36:DE:85:67:FC:5B:E4:FC:35:31:9D:35:31:AB:94:90
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209104.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.202.0/24
                  178.83.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:91:6d:a3:08:3d:53:48:eb:52:16:77:86:34:25:b7:9a:0e:
         3d:5b:72:f4:47:63:78:11:4f:96:69:27:8e:78:42:62:86:5f:
         c0:c0:af:dd:a6:82:fd:eb:5a:b7:0b:6e:b7:68:94:b3:0d:12:
         89:5d:2d:15:1a:eb:09:ba:2c:d4:2a:5e:0b:62:6d:8f:03:5b:
         6b:76:9f:15:8f:ae:f6:a9:39:86:b4:62:3f:3c:7a:89:5c:89:
         08:60:50:ca:66:9a:77:9a:10:f4:b7:5b:b3:f4:19:b8:29:1a:
         be:af:b8:11:0d:b3:34:06:c9:66:83:7f:d4:8a:a2:4e:19:b6:
         26:63:4f:a8:ed:b4:84:14:f5:db:37:9e:32:01:28:09:33:80:
         75:27:45:4e:ec:c9:28:e9:cb:99:8f:a0:1f:e8:6f:5d:59:0e:
         3d:9e:ff:87:f4:d6:48:f2:84:d2:99:b8:0a:3d:a8:99:8c:1d:
         f5:d4:74:f8:1e:ff:94:00:d1:3b:04:4a:84:14:b8:5b:8e:ef:
         d9:e5:0c:15:72:9e:ce:e8:a9:79:c3:58:0b:3e:8b:c8:c5:f2:
         0d:48:fe:30:aa:bb:8f:ea:ce:26:2d:22:8e:89:4f:c7:9c:7d:
         df:35:ce:94:45:b6:3f:38:c1:4e:b4:c4:de:14:7e:64:2b:86:
         e4:37:1a:60
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGRv8QG5OhDhH85xG9lkjJE4RdegwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDYwMjI0NDZaFw0yNzA1MDUwMjI5NDZaMDMxMTAvBgNV
BAMTKDc3REM2OTNBMzZERTg1NjdGQzVCRTRGQzM1MzE5RDM1MzFBQjk0OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI+yfug8jRFfYWcnvhhcv467zz
FUATLWba5ybHmsnjxvAxvtm++tfx43mT7Obquqd8Yc5wg8pW1w/2m9qm3T3ZiAx+
njF+BC+MglY47OqaA9Eoy/O5bwM244UWsqkoIGooW8m7QCCubtUgHSGw9xuRIkoT
FSbSzz4NfX9QuwpGfjLqZcFJ849q3p1U66nRNQuKt1G6es1IWnC8RX3kDK72m5Pv
gWd02uoEVAyNcOV5Lze2Grv5TpW5bIIY/uSL0q7+ugLSz1c+Mfd0sVvwGi2Xrigd
WeFQ+gXwWx9B8bX3YtkX9mHhhGP0XLNP63p39uzJ+sJpeuVREvGCrJ71pccJAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUd9xpOjbehWf8W+T8NTGdNTGrlJAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5MTA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhrK
AwQAslMiMA0GCSqGSIb3DQEBCwUAA4IBAQBPkW2jCD1TSOtSFneGNCW3mg49W3L0
R2N4EU+WaSeOeEJihl/AwK/dpoL961q3C263aJSzDRKJXS0VGusJuizUKl4LYm2P
A1trdp8Vj672qTmGtGI/PHqJXIkIYFDKZpp3mhD0t1uz9Bm4KRq+r7gRDbM0Bslm
g3/UiqJOGbYmY0+o7bSEFPXbN54yASgJM4B1J0VO7Mko6cuZj6Af6G9dWQ49nv+H
9NZI8oTSmbgKPaiZjB311HT4Hv+UANE7BEqEFLhbju/Z5QwVcp7O6Kl5w1gLPovI
xfINSP4wqruP6s4mLSKOiU/HnH3fNc6URbY/OMFOtMTeFH5kK4bkNxpg
-----END CERTIFICATE-----