Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210974.roa
File:                     AS210974.roa (raw, json)
Hash identifier:          JsZXiqoJZdM4SZM1LW59jswNT0FBKHWQuEYMUuorWAc=
Subject key identifier:   19:BC:B5:02:67:DD:AF:FC:80:DC:5F:9C:AB:68:0F:0F:B0:54:F3:13
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       41D1CC8A1F7FE35F5484260EB0E167ABA3B99B26
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210974.roa
Signing time:             Mon 11 May 2026 12:17:29 +0000
ROA not before:           Mon 11 May 2026 12:12:29 +0000
ROA not after:            Mon 10 May 2027 12:17:29 +0000
asID:                     210974
IP address blocks:        82.26.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d1:cc:8a:1f:7f:e3:5f:54:84:26:0e:b0:e1:67:ab:a3:b9:9b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 11 12:12:29 2026 GMT
            Not After : May 10 12:17:29 2027 GMT
        Subject: CN=19BCB50267DDAFFC80DC5F9CAB680F0FB054F313
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e5:3d:de:bd:88:d2:a3:96:e3:62:bd:39:2e:
                    60:55:1e:68:44:56:ab:09:51:55:42:f0:cb:c8:75:
                    70:ea:62:fb:29:b1:b6:60:ed:46:d8:ed:d5:11:02:
                    ca:99:a8:85:31:be:59:79:ac:84:ee:04:45:ac:a9:
                    04:b2:c6:54:c6:ea:01:02:34:bd:cc:79:36:d7:9f:
                    c6:e5:26:7f:72:6f:a3:9a:ec:a7:2a:52:16:d3:b6:
                    8d:c4:ee:dd:e7:aa:b7:0b:8a:52:9d:37:7b:b5:e8:
                    74:f3:d4:44:d9:c0:1a:2d:96:ef:eb:8d:27:e5:f4:
                    b9:6f:17:80:bc:6a:33:85:23:e1:a8:b4:20:93:db:
                    e8:d6:75:40:df:bf:c7:ed:8a:8f:f7:3c:b4:07:1f:
                    c9:85:f1:d0:24:49:60:61:85:6b:d8:14:c3:60:14:
                    93:cc:0d:33:43:ba:65:7d:3b:8f:d4:07:b7:bb:0c:
                    b5:48:22:19:ca:aa:a0:82:76:0b:e2:27:25:53:aa:
                    ef:98:f1:bd:fe:af:5a:20:a4:08:f7:6a:42:88:bb:
                    90:3a:26:2f:8e:57:56:ba:8d:3c:4b:a9:c5:57:41:
                    46:20:1c:f3:45:56:9b:2b:20:18:fd:37:c2:01:06:
                    ad:07:9d:10:ef:ba:2c:b3:76:0b:a8:bd:a6:9b:94:
                    75:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:BC:B5:02:67:DD:AF:FC:80:DC:5F:9C:AB:68:0F:0F:B0:54:F3:13
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210974.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:bf:f0:96:d5:7d:bc:47:fe:51:57:31:af:ac:90:bd:0e:52:
         6a:5a:41:fa:6f:30:f5:88:1b:a1:b6:2b:e1:8a:57:d3:74:cd:
         8d:e2:80:ff:b0:0e:ec:66:a7:46:fa:d2:13:2e:64:d9:ea:4f:
         62:66:24:b0:7f:e2:2c:be:43:f6:61:24:63:ac:9b:f8:ab:0c:
         40:d6:0d:8d:41:ba:46:b5:89:6e:82:e7:1b:58:2a:ae:d6:1b:
         5a:a1:22:5d:4f:87:5d:61:c9:67:d8:66:8b:07:86:12:07:38:
         04:bc:c8:c7:3d:99:90:40:3e:18:86:aa:c0:04:75:fb:27:65:
         1a:46:6a:c5:3d:87:84:4c:e4:33:11:1d:a7:ab:10:a7:5c:07:
         9e:7d:2b:15:01:b4:73:5d:45:99:48:3e:52:75:7c:02:c7:dd:
         42:a5:ad:4b:51:a5:40:39:4e:95:a4:41:c6:14:1c:73:54:b0:
         0e:99:1c:f8:48:ca:14:31:6e:73:7b:60:f8:b7:64:e8:3a:77:
         e7:40:fc:0b:33:9d:43:87:6c:40:1e:4d:9f:14:c9:75:a5:a7:
         f2:76:79:39:6f:0f:12:da:98:97:85:5e:4a:49:b4:64:86:49:
         70:c7:86:59:f8:15:86:27:8b:3d:e8:69:04:81:3c:07:e3:3b:
         d6:08:5d:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQdHMih9/419UhCYOsOFnq6O5myYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTExMjEyMjlaFw0yNzA1MTAxMjE3MjlaMDMxMTAvBgNV
BAMTKDE5QkNCNTAyNjdEREFGRkM4MERDNUY5Q0FCNjgwRjBGQjA1NEYzMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF5T3evYjSo5bjYr05LmBVHmhE
VqsJUVVC8MvIdXDqYvspsbZg7UbY7dURAsqZqIUxvll5rITuBEWsqQSyxlTG6gEC
NL3MeTbXn8blJn9yb6Oa7KcqUhbTto3E7t3nqrcLilKdN3u16HTz1ETZwBotlu/r
jSfl9LlvF4C8ajOFI+GotCCT2+jWdUDfv8ftio/3PLQHH8mF8dAkSWBhhWvYFMNg
FJPMDTNDumV9O4/UB7e7DLVIIhnKqqCCdgviJyVTqu+Y8b3+r1ogpAj3akKIu5A6
Ji+OV1a6jTxLqcVXQUYgHPNFVpsrIBj9N8IBBq0HnRDvuiyzdguovaablHVTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGby1Amfdr/yA3F+cq2gPD7BU8xMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwOTc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhpY
MA0GCSqGSIb3DQEBCwUAA4IBAQCXv/CW1X28R/5RVzGvrJC9DlJqWkH6bzD1iBuh
tivhilfTdM2N4oD/sA7sZqdG+tITLmTZ6k9iZiSwf+IsvkP2YSRjrJv4qwxA1g2N
QbpGtYlugucbWCqu1htaoSJdT4ddYcln2GaLB4YSBzgEvMjHPZmQQD4YhqrABHX7
J2UaRmrFPYeETOQzER2nqxCnXAeefSsVAbRzXUWZSD5SdXwCx91Cpa1LUaVAOU6V
pEHGFBxzVLAOmRz4SMoUMW5ze2D4t2ToOnfnQPwLM51Dh2xAHk2fFMl1pafydnk5
bw8S2piXhV5KSbRkhklwx4ZZ+BWGJ4s96GkEgTwH4zvWCF1+
-----END CERTIFICATE-----