Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213169.roa
File:                     AS213169.roa (raw, json)
Hash identifier:          QowqNmQ4qHDzsTk6k/eriylTT2UggTWs9clj5/OaLzY=
Subject key identifier:   53:72:9E:F2:21:E4:59:A9:9F:82:F7:67:00:09:83:6F:B1:AA:D4:91
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       09E4B02DB6AC06C53A057CF9EA0265BC3307F95A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213169.roa
Signing time:             Tue 10 Mar 2026 07:37:19 +0000
ROA not before:           Tue 10 Mar 2026 07:32:19 +0000
ROA not after:            Tue 09 Mar 2027 07:37:19 +0000
asID:                     213169
IP address blocks:        82.41.130.0/24 maxlen: 24
                          82.41.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:e4:b0:2d:b6:ac:06:c5:3a:05:7c:f9:ea:02:65:bc:33:07:f9:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 10 07:32:19 2026 GMT
            Not After : Mar  9 07:37:19 2027 GMT
        Subject: CN=53729EF221E459A99F82F7670009836FB1AAD491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:79:5d:e3:93:5d:46:a8:22:c2:de:db:49:9f:
                    e3:be:6e:d1:0f:8f:3b:1a:6f:02:14:b8:6d:42:d3:
                    19:fa:07:d6:e6:b6:72:4b:5b:d0:06:52:cb:6c:3a:
                    b5:2f:41:53:a0:e2:9c:37:36:04:b4:ec:ab:e5:3b:
                    16:c8:4c:66:7e:f3:e7:ea:e3:99:00:b5:04:3f:28:
                    63:aa:78:56:5f:e1:fa:5d:1d:79:f9:21:ee:28:43:
                    81:7e:0f:f2:98:c2:7b:79:15:8b:ab:e0:06:03:cc:
                    0e:15:4e:3f:88:03:ab:c2:9c:27:a3:0a:23:bf:c7:
                    6b:6c:ba:51:c3:fa:38:39:8d:a1:c9:fd:e2:81:9a:
                    7f:b8:25:42:24:d9:ec:e9:aa:83:c2:40:ba:0f:4e:
                    f7:a3:ce:32:c6:8a:0c:6d:f4:3a:93:db:03:c6:c2:
                    f5:8d:e7:02:ac:79:f4:b0:5e:ec:5f:57:52:d8:9c:
                    c4:99:dd:3f:ae:ed:28:7f:16:25:de:ef:ac:c7:f7:
                    d6:ab:14:2e:b8:aa:51:85:91:ba:fc:8d:ef:dd:a4:
                    15:b5:10:f7:26:4b:b1:12:38:2e:f3:0b:51:f9:6c:
                    7c:13:62:e9:35:7b:d7:31:78:c1:40:e3:ee:66:ae:
                    7c:72:85:b2:84:57:4c:ca:bc:a2:45:25:81:34:f5:
                    1e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:72:9E:F2:21:E4:59:A9:9F:82:F7:67:00:09:83:6F:B1:AA:D4:91
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213169.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.130.0/24
                  82.41.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:74:71:a4:bc:d6:0e:8c:20:e4:c0:7b:06:b6:d1:86:c2:13:
         e9:16:d9:53:50:07:70:66:88:8f:c1:45:99:ac:55:f6:a7:b1:
         ed:16:11:24:00:e0:d1:a2:ca:4f:b0:a4:3d:3d:aa:3f:dd:0a:
         90:8a:64:ae:e6:80:cf:9c:2b:8f:69:49:ae:21:2d:f2:36:cc:
         93:7d:97:c6:3c:69:89:48:98:81:b9:3a:e0:ea:d0:a8:37:9e:
         e2:1b:b7:4d:4e:bc:ba:2a:4f:c3:cb:f3:30:cc:e8:56:a5:60:
         94:94:3d:6d:f7:1e:40:48:57:5e:67:6c:99:7e:58:d3:b9:92:
         99:0b:a4:8a:6f:87:40:60:5a:a2:c3:5f:3a:93:3b:86:75:a2:
         f9:f3:a6:7d:24:78:d4:57:73:41:35:ab:74:5b:2a:2a:a5:2b:
         a8:32:93:a0:d9:4d:c7:ff:a3:f6:01:5d:8f:84:2a:f2:85:02:
         34:09:98:66:ae:45:3b:e9:43:fc:bf:cd:6e:2e:d9:ea:99:a1:
         83:9e:79:07:18:e8:7b:20:36:66:65:0c:32:d4:7b:b5:ad:6c:
         a4:e6:a8:26:16:00:12:24:46:b6:d3:97:f7:01:10:f9:2f:80:
         4d:f4:c0:bd:91:83:f3:9a:20:8b:ae:82:43:bb:46:93:2c:2d:
         d4:13:b8:e4
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUCeSwLbasBsU6BXz56gJlvDMH+VowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTAwNzMyMTlaFw0yNzAzMDkwNzM3MTlaMDMxMTAvBgNV
BAMTKDUzNzI5RUYyMjFFNDU5QTk5RjgyRjc2NzAwMDk4MzZGQjFBQUQ0OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8eV3jk11GqCLC3ttJn+O+btEP
jzsabwIUuG1C0xn6B9bmtnJLW9AGUstsOrUvQVOg4pw3NgS07KvlOxbITGZ+8+fq
45kAtQQ/KGOqeFZf4fpdHXn5Ie4oQ4F+D/KYwnt5FYur4AYDzA4VTj+IA6vCnCej
CiO/x2tsulHD+jg5jaHJ/eKBmn+4JUIk2ezpqoPCQLoPTvejzjLGigxt9DqT2wPG
wvWN5wKsefSwXuxfV1LYnMSZ3T+u7Sh/FiXe76zH99arFC64qlGFkbr8je/dpBW1
EPcmS7ESOC7zC1H5bHwTYuk1e9cxeMFA4+5mrnxyhbKEV0zKvKJFJYE09R7lAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUU3Ke8iHkWamfgvdnAAmDb7Gq1JEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzMTY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUimC
AwQAUimFMA0GCSqGSIb3DQEBCwUAA4IBAQCTdHGkvNYOjCDkwHsGttGGwhPpFtlT
UAdwZoiPwUWZrFX2p7HtFhEkAODRospPsKQ9Pao/3QqQimSu5oDPnCuPaUmuIS3y
NsyTfZfGPGmJSJiBuTrg6tCoN57iG7dNTry6Kk/Dy/MwzOhWpWCUlD1t9x5ASFde
Z2yZfljTuZKZC6SKb4dAYFqiw186kzuGdaL586Z9JHjUV3NBNat0WyoqpSuoMpOg
2U3H/6P2AV2PhCryhQI0CZhmrkU76UP8v81uLtnqmaGDnnkHGOh7IDZmZQwy1Hu1
rWyk5qgmFgASJEa205f3ARD5L4BN9MC9kYPzmiCLroJDu0aTLC3UE7jk
-----END CERTIFICATE-----