Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213724.roa
File:                     AS213724.roa (raw, json)
Hash identifier:          LpR3KWdg0Bl6DWPCazvIV9hACrRrAe87064b3m67ovI=
Subject key identifier:   CC:6C:FE:92:6B:55:18:33:60:D0:EA:98:34:FE:0A:71:3B:32:69:85
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       10D2CA1BBE9B24A8F77F7370BA58EE0869245FD7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213724.roa
Signing time:             Fri 13 Mar 2026 17:19:35 +0000
ROA not before:           Fri 13 Mar 2026 17:14:35 +0000
ROA not after:            Fri 12 Mar 2027 17:19:35 +0000
asID:                     213724
IP address blocks:        82.24.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:d2:ca:1b:be:9b:24:a8:f7:7f:73:70:ba:58:ee:08:69:24:5f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 13 17:14:35 2026 GMT
            Not After : Mar 12 17:19:35 2027 GMT
        Subject: CN=CC6CFE926B55183360D0EA9834FE0A713B326985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5a:28:e0:a4:ce:4f:0e:61:64:ae:99:bc:a5:
                    f7:a2:0e:5a:33:f7:c0:2a:0b:56:18:c1:c4:f2:35:
                    c1:36:3f:c3:22:70:79:dd:ed:09:73:40:41:52:c2:
                    e6:db:3d:f1:71:55:e4:2d:9d:53:9c:a3:33:b1:14:
                    26:f2:26:98:a6:d6:97:20:81:35:17:e8:b9:49:21:
                    ff:52:eb:ad:4a:ce:94:29:8c:6c:07:d9:8c:9a:87:
                    88:bc:65:36:4c:d2:a9:19:91:e4:0a:55:ba:87:5f:
                    77:ce:dd:1f:00:48:4b:09:43:9d:a8:2f:5a:67:3a:
                    44:87:20:2c:f0:d2:7c:70:45:36:50:f4:50:28:1b:
                    4f:35:da:4a:64:ca:40:b7:85:f5:97:5b:1d:17:1a:
                    c0:f3:a5:4e:6e:a8:f9:e0:46:3b:49:f3:cc:33:1c:
                    7f:c4:54:c2:d2:b1:c8:61:d5:dc:46:fa:6c:fb:ec:
                    bf:66:03:0c:5a:06:4a:9b:9b:31:35:d6:81:13:34:
                    18:1f:5d:4f:53:3b:0c:29:18:0c:c8:47:0a:e6:b5:
                    2c:45:4e:0d:ad:ee:e8:d7:3e:45:1f:de:9d:fc:7d:
                    58:83:4e:5f:9e:bd:0d:ce:87:d6:d5:d5:f8:7a:ed:
                    6c:c1:11:0b:87:e8:62:f4:76:ce:3f:6a:a9:5f:49:
                    d4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:6C:FE:92:6B:55:18:33:60:D0:EA:98:34:FE:0A:71:3B:32:69:85
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213724.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:98:71:e4:bf:18:cb:d3:5f:96:0a:1a:79:3d:35:57:4c:44:
         09:8b:db:e3:5a:dd:3b:9a:8f:58:3b:e9:6f:3a:7c:9b:2c:d5:
         fd:fd:22:6c:33:a7:09:36:f7:83:1b:bc:fd:a7:d6:8e:dc:25:
         90:27:22:1c:2f:ef:33:96:8f:8e:10:92:17:59:02:4b:d4:81:
         bf:e9:d2:76:94:57:38:38:6a:fd:a7:52:76:f0:61:83:c5:c1:
         22:63:29:8b:95:ff:87:2f:a9:04:e3:8b:6f:fc:68:2b:72:ea:
         2b:29:86:b3:cd:5c:3d:c1:b6:b4:fd:f5:15:6c:7a:88:07:5a:
         27:3e:82:03:3b:36:9e:e8:71:49:8f:d4:f4:ba:43:32:8e:54:
         60:1c:1c:70:cb:12:ae:9c:3e:d1:90:d4:d9:68:41:1f:6a:38:
         c3:a5:75:88:f3:11:1c:89:f1:cf:81:ca:0e:a1:dd:b0:3d:d4:
         dd:d8:4c:53:30:e9:0a:34:92:d1:0d:aa:c2:1b:bf:3a:3c:ec:
         da:29:f2:6b:3f:db:bf:70:38:1f:c2:2f:1b:0d:6b:df:84:44:
         32:a1:ba:5b:75:5d:f0:34:12:d9:ed:7d:36:7e:ef:fd:4c:bd:
         5c:c4:82:9e:ad:76:69:8a:7d:5d:9f:d1:da:7d:c7:7d:1e:7d:
         5c:f2:5d:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUENLKG76bJKj3f3NwuljuCGkkX9cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTMxNzE0MzVaFw0yNzAzMTIxNzE5MzVaMDMxMTAvBgNV
BAMTKENDNkNGRTkyNkI1NTE4MzM2MEQwRUE5ODM0RkUwQTcxM0IzMjY5ODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhWijgpM5PDmFkrpm8pfeiDloz
98AqC1YYwcTyNcE2P8MicHnd7QlzQEFSwubbPfFxVeQtnVOcozOxFCbyJpim1pcg
gTUX6LlJIf9S661KzpQpjGwH2Yyah4i8ZTZM0qkZkeQKVbqHX3fO3R8ASEsJQ52o
L1pnOkSHICzw0nxwRTZQ9FAoG0812kpkykC3hfWXWx0XGsDzpU5uqPngRjtJ88wz
HH/EVMLSschh1dxG+mz77L9mAwxaBkqbmzE11oETNBgfXU9TOwwpGAzIRwrmtSxF
Tg2t7ujXPkUf3p38fViDTl+evQ3Oh9bV1fh67WzBEQuH6GL0ds4/aqlfSdT9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUzGz+kmtVGDNg0OqYNP4KcTsyaYUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNzI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhi/
MA0GCSqGSIb3DQEBCwUAA4IBAQCImHHkvxjL01+WChp5PTVXTEQJi9vjWt07mo9Y
O+lvOnybLNX9/SJsM6cJNveDG7z9p9aO3CWQJyIcL+8zlo+OEJIXWQJL1IG/6dJ2
lFc4OGr9p1J28GGDxcEiYymLlf+HL6kE44tv/GgrcuorKYazzVw9wba0/fUVbHqI
B1onPoIDOzae6HFJj9T0ukMyjlRgHBxwyxKunD7RkNTZaEEfajjDpXWI8xEcifHP
gcoOod2wPdTd2ExTMOkKNJLRDarCG786POzaKfJrP9u/cDgfwi8bDWvfhEQyobpb
dV3wNBLZ7X02fu/9TL1cxIKerXZpin1dn9Hafcd9Hn1c8l17
-----END CERTIFICATE-----