Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210814.roa
File:                     AS210814.roa (raw, json)
Hash identifier:          5lwWLqmgX5+qdzHycqENW5O3Efs0FjiTTixydh7ECDw=
Subject key identifier:   37:23:B9:8A:9A:9C:12:F5:F8:7E:B1:D7:4B:60:F3:8D:F2:67:AF:EC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       44A68FDBD620C9848C756CE6EF2C01C7623090EB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210814.roa
Signing time:             Tue 21 Apr 2026 14:10:52 +0000
ROA not before:           Tue 21 Apr 2026 14:05:52 +0000
ROA not after:            Tue 20 Apr 2027 14:10:52 +0000
asID:                     210814
IP address blocks:        82.21.41.0/24 maxlen: 24
                          82.21.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:a6:8f:db:d6:20:c9:84:8c:75:6c:e6:ef:2c:01:c7:62:30:90:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 21 14:05:52 2026 GMT
            Not After : Apr 20 14:10:52 2027 GMT
        Subject: CN=3723B98A9A9C12F5F87EB1D74B60F38DF267AFEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:43:00:be:d8:b3:0b:9e:89:3a:87:14:2c:54:
                    ea:cb:5f:73:cd:67:89:7c:20:68:c4:12:dd:80:b4:
                    86:dc:49:1c:6b:64:bc:36:35:e7:3a:63:f6:7f:99:
                    88:b0:0a:b8:46:72:b8:3d:97:bd:6a:25:80:68:ea:
                    0c:c2:f2:9e:ab:4e:fe:e7:05:dc:7e:53:6a:31:ba:
                    eb:58:c2:54:5b:3c:cc:ef:2b:f5:6b:db:ad:85:fc:
                    7f:ba:ad:09:6e:ee:f9:62:5c:67:e5:bc:cd:75:78:
                    e1:1b:90:8e:2f:b0:e8:f1:bf:fc:e4:cd:cc:36:b1:
                    67:46:8d:8b:3a:26:af:ac:cb:26:45:d6:44:bf:47:
                    1b:a6:6c:0c:76:ed:fd:7a:57:89:13:50:5d:46:b5:
                    bb:fc:b6:83:3e:9c:ee:aa:4c:b9:d6:cc:a3:74:8b:
                    17:a3:7d:ed:31:16:e8:3e:93:52:8e:3d:af:f6:95:
                    cf:9d:a4:9c:5a:1b:bf:7a:aa:2f:f5:48:a6:97:64:
                    cd:c3:3c:6c:23:5b:92:70:41:39:62:f2:b7:79:31:
                    2d:0a:46:40:31:f4:b8:01:82:bd:a4:3f:0e:80:b3:
                    92:3c:70:50:90:03:c7:3c:25:7e:ea:7b:e6:6f:6e:
                    2c:c7:c7:16:17:fb:80:39:75:52:fc:21:7d:c5:2d:
                    4e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:23:B9:8A:9A:9C:12:F5:F8:7E:B1:D7:4B:60:F3:8D:F2:67:AF:EC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210814.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.41.0/24
                  82.21.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:2c:84:5a:43:1a:cd:77:19:01:62:88:85:b6:64:05:a1:a5:
         0c:79:ca:bd:d0:7f:38:82:d4:bd:a3:16:06:1d:cd:83:52:08:
         ae:6e:85:4f:83:c5:58:05:51:62:1d:a1:2a:48:41:8e:12:f5:
         e7:9c:66:bb:7e:9b:86:ef:6f:48:2c:13:fb:48:72:b8:db:b7:
         d0:7e:4a:54:d7:a0:0e:59:03:16:fc:74:cb:d5:90:43:0b:cc:
         fc:71:d6:5a:04:0e:f7:3b:f7:41:cb:95:b8:e5:da:71:6a:d4:
         0a:d0:a4:02:c5:c8:2a:a1:b1:9c:b3:f8:46:62:23:b1:3d:3e:
         5e:fe:7e:f2:9e:39:d5:fe:4f:a7:3d:a7:59:ea:3e:b8:df:d7:
         98:34:52:4b:1a:1f:89:d3:7b:e5:ee:d1:46:41:c9:f3:0a:0c:
         ba:dc:43:e3:79:67:df:2c:ca:ab:6b:01:22:f8:51:e7:cb:c6:
         26:bf:06:7a:30:b3:5f:a3:46:2f:3a:41:00:1c:5d:77:a4:98:
         fe:94:6f:3d:4e:67:1f:1a:a6:7f:49:9b:64:2a:96:20:f5:1e:
         8d:e3:38:a3:15:9d:da:2a:38:d9:ac:53:e2:d2:70:4f:5f:dd:
         ad:bb:df:e8:ab:56:48:c3:cd:97:08:49:dd:67:59:7e:e4:ad:
         88:9a:7b:c6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURKaP29YgyYSMdWzm7ywBx2IwkOswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjExNDA1NTJaFw0yNzA0MjAxNDEwNTJaMDMxMTAvBgNV
BAMTKDM3MjNCOThBOUE5QzEyRjVGODdFQjFENzRCNjBGMzhERjI2N0FGRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfQwC+2LMLnok6hxQsVOrLX3PN
Z4l8IGjEEt2AtIbcSRxrZLw2Nec6Y/Z/mYiwCrhGcrg9l71qJYBo6gzC8p6rTv7n
Bdx+U2oxuutYwlRbPMzvK/Vr262F/H+6rQlu7vliXGflvM11eOEbkI4vsOjxv/zk
zcw2sWdGjYs6Jq+syyZF1kS/RxumbAx27f16V4kTUF1Gtbv8toM+nO6qTLnWzKN0
ixejfe0xFug+k1KOPa/2lc+dpJxaG796qi/1SKaXZM3DPGwjW5JwQTli8rd5MS0K
RkAx9LgBgr2kPw6As5I8cFCQA8c8JX7qe+ZvbizHxxYX+4A5dVL8IX3FLU6vAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUNyO5ipqcEvX4frHXS2DzjfJnr+wwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwODE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhUp
AwQAUhWVMA0GCSqGSIb3DQEBCwUAA4IBAQBtLIRaQxrNdxkBYoiFtmQFoaUMecq9
0H84gtS9oxYGHc2DUgiuboVPg8VYBVFiHaEqSEGOEvXnnGa7fpuG729ILBP7SHK4
27fQfkpU16AOWQMW/HTL1ZBDC8z8cdZaBA73O/dBy5W45dpxatQK0KQCxcgqobGc
s/hGYiOxPT5e/n7ynjnV/k+nPadZ6j6439eYNFJLGh+J03vl7tFGQcnzCgy63EPj
eWffLMqrawEi+FHny8YmvwZ6MLNfo0YvOkEAHF13pJj+lG89TmcfGqZ/SZtkKpYg
9R6N4zijFZ3aKjjZrFPi0nBPX92tu9/oq1ZIw82XCEndZ1l+5K2ImnvG
-----END CERTIFICATE-----