Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213724.roa
File:                     AS213724.roa (raw, json)
Hash identifier:          89UI1+SkkNQsyqS0qIqooi6qWLnX4wL7LsmaQHd/BOY=
Subject key identifier:   31:93:73:8B:92:9C:08:CB:02:C8:0E:43:90:5F:25:6A:FD:3E:F0:6B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0ADE56FE810D71A6FC6CFF9898EE4470127C22EF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213724.roa
Signing time:             Mon 23 Jun 2025 05:31:10 +0000
ROA not before:           Mon 23 Jun 2025 05:26:10 +0000
ROA not after:            Mon 22 Jun 2026 05:31:10 +0000
asID:                     213724
IP address blocks:        82.24.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:de:56:fe:81:0d:71:a6:fc:6c:ff:98:98:ee:44:70:12:7c:22:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 23 05:26:10 2025 GMT
            Not After : Jun 22 05:31:10 2026 GMT
        Subject: CN=3193738B929C08CB02C80E43905F256AFD3EF06B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3a:cd:77:f5:a5:3e:da:ac:5c:b8:1c:c5:46:
                    cf:e8:8b:fd:af:d4:a3:a8:dc:39:29:4d:0e:fb:b1:
                    d1:b9:b0:71:38:c0:57:e9:4b:44:a3:a7:7c:dd:79:
                    33:00:a7:05:38:07:50:98:35:ad:6b:0c:26:cd:ea:
                    be:e6:b1:cb:7b:4b:88:fd:f6:df:00:eb:fc:94:2b:
                    8d:b3:44:0d:29:39:d9:e2:d1:3e:5f:ab:44:5e:c1:
                    b0:35:ee:e2:49:5b:55:91:71:ec:17:de:99:39:78:
                    f0:c2:e2:68:c2:48:e4:06:15:49:af:0a:a3:be:75:
                    4b:59:b1:85:15:03:58:ec:cc:68:9a:3e:8e:44:95:
                    3d:36:90:80:a7:70:86:48:83:ea:2b:4f:34:1e:fc:
                    b7:f6:80:c2:f7:0d:9b:70:0e:a7:70:1f:a6:5f:20:
                    c9:0c:a1:38:24:e1:60:a5:a5:fd:df:ef:78:e7:1d:
                    21:39:ae:86:a1:72:be:2a:53:9c:62:b7:3b:81:0a:
                    1c:53:4f:22:50:c8:aa:49:eb:a0:06:d6:7f:16:fc:
                    90:cd:14:16:9b:f5:24:01:56:61:78:0d:14:86:99:
                    af:37:0a:4b:45:90:71:bf:4a:f8:0a:f5:4f:e7:0b:
                    a1:40:80:f7:6a:91:79:66:1f:2c:74:37:44:4b:e0:
                    99:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:93:73:8B:92:9C:08:CB:02:C8:0E:43:90:5F:25:6A:FD:3E:F0:6B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213724.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c0:e6:9f:78:f3:ed:67:88:58:ed:a2:7a:83:8a:ee:a1:a1:
         03:7e:b4:bd:44:12:ca:f5:7b:5d:45:1c:02:35:d1:82:ab:8f:
         36:81:ca:6d:88:57:23:64:f6:89:86:3e:03:97:58:d1:1f:8d:
         e3:c2:7e:17:d9:02:16:8b:44:d5:5a:85:68:c9:25:9a:d5:e9:
         59:14:61:e1:5a:ef:e0:5f:99:cd:34:6e:13:1f:2e:cc:21:91:
         42:37:19:0c:b1:ab:a0:71:39:af:42:20:a8:dc:25:34:63:bc:
         ba:5c:c8:dd:fc:34:ad:58:c9:87:2c:7a:7b:4b:23:06:84:09:
         83:df:f5:c0:69:88:96:71:6a:70:a8:9f:29:98:66:6e:b2:97:
         26:ec:ef:0a:6f:de:99:53:09:a9:ed:31:79:84:5f:7d:06:e8:
         d9:67:c9:41:f6:dd:a6:c3:37:4b:3d:72:cf:cd:e6:a6:66:99:
         84:a5:34:d1:7f:a2:ec:19:b6:07:9d:c2:cc:bc:d7:4d:f1:c2:
         d3:ac:00:5b:f8:cb:3a:94:25:79:ba:5c:1b:42:35:ce:e1:fd:
         f8:18:e2:eb:00:4b:80:5b:63:06:c7:01:ad:e2:10:fe:a1:5b:
         01:62:b2:85:79:4a:55:8f:fb:ba:02:06:1b:67:de:64:1b:ae:
         61:c2:4d:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCt5W/oENcab8bP+YmO5EcBJ8Iu8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjMwNTI2MTBaFw0yNjA2MjIwNTMxMTBaMDMxMTAvBgNV
BAMTKDMxOTM3MzhCOTI5QzA4Q0IwMkM4MEU0MzkwNUYyNTZBRkQzRUYwNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrOs139aU+2qxcuBzFRs/oi/2v
1KOo3DkpTQ77sdG5sHE4wFfpS0Sjp3zdeTMApwU4B1CYNa1rDCbN6r7msct7S4j9
9t8A6/yUK42zRA0pOdni0T5fq0RewbA17uJJW1WRcewX3pk5ePDC4mjCSOQGFUmv
CqO+dUtZsYUVA1jszGiaPo5ElT02kICncIZIg+orTzQe/Lf2gML3DZtwDqdwH6Zf
IMkMoTgk4WClpf3f73jnHSE5roahcr4qU5xitzuBChxTTyJQyKpJ66AG1n8W/JDN
FBab9SQBVmF4DRSGma83CktFkHG/SvgK9U/nC6FAgPdqkXlmHyx0N0RL4JlbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMZNzi5KcCMsCyA5DkF8lav0+8GswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNzI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhi/
MA0GCSqGSIb3DQEBCwUAA4IBAQBXwOafePPtZ4hY7aJ6g4ruoaEDfrS9RBLK9Xtd
RRwCNdGCq482gcptiFcjZPaJhj4Dl1jRH43jwn4X2QIWi0TVWoVoySWa1elZFGHh
Wu/gX5nNNG4THy7MIZFCNxkMsaugcTmvQiCo3CU0Y7y6XMjd/DStWMmHLHp7SyMG
hAmD3/XAaYiWcWpwqJ8pmGZuspcm7O8Kb96ZUwmp7TF5hF99BujZZ8lB9t2mwzdL
PXLPzeamZpmEpTTRf6LsGbYHncLMvNdN8cLTrABb+Ms6lCV5ulwbQjXO4f34GOLr
AEuAW2MGxwGt4hD+oVsBYrKFeUpVj/u6AgYbZ95kG65hwk3G
-----END CERTIFICATE-----