Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214402.roa
File:                     AS214402.roa (raw, json)
Hash identifier:          R4tZjFerRuVv+JNUvi4BczgUAsWMNy1/8ueBRnm0MKs=
Subject key identifier:   54:01:66:D8:47:50:60:4B:2D:AC:61:FC:CF:18:A2:E6:08:19:81:25
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       205970C77459D391FC8B2DBE854B8F778EBBD301
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214402.roa
Signing time:             Thu 14 Aug 2025 15:45:39 +0000
ROA not before:           Thu 14 Aug 2025 15:40:39 +0000
ROA not after:            Thu 13 Aug 2026 15:45:39 +0000
asID:                     214402
IP address blocks:        82.25.60.0/24 maxlen: 24
                          82.26.113.0/24 maxlen: 24
                          2a13:9500:43::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:59:70:c7:74:59:d3:91:fc:8b:2d:be:85:4b:8f:77:8e:bb:d3:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 14 15:40:39 2025 GMT
            Not After : Aug 13 15:45:39 2026 GMT
        Subject: CN=540166D84750604B2DAC61FCCF18A2E608198125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f3:9d:7d:6c:26:60:f3:3f:14:8f:29:bb:18:
                    fd:e9:39:0c:34:2b:fa:25:af:0a:92:d2:9b:8b:58:
                    ae:8a:4d:ff:2d:0e:69:92:72:9b:d6:f6:95:fb:d0:
                    f2:fe:a5:60:d2:dc:f4:cc:11:34:44:86:41:01:ab:
                    60:83:63:dc:6e:33:1d:b5:f1:dc:c3:c1:a6:73:ed:
                    0f:70:69:5b:b6:18:7f:0e:ef:b6:ce:4e:f7:be:ae:
                    f3:92:78:b0:ad:83:a6:1b:39:7d:55:75:92:a7:5c:
                    43:0d:c3:2b:e1:5d:95:8c:b0:18:61:f5:1e:5a:a6:
                    7c:89:e6:f8:6b:83:24:f3:4d:6e:e0:01:2b:c3:e9:
                    80:37:e8:d7:15:6c:6f:35:b0:da:0a:85:f4:93:bd:
                    5a:46:fd:a7:e0:03:53:88:c5:6e:56:fb:aa:03:23:
                    bd:7f:2c:b4:bb:58:2d:74:ac:a4:6f:64:5b:2f:1f:
                    a0:ae:4a:c6:56:b8:66:7b:38:9b:94:80:8a:95:e8:
                    44:37:6e:5d:72:52:25:69:5e:14:cf:a2:e0:55:65:
                    5d:b0:a1:bb:f4:87:a3:ca:cd:50:11:41:99:e9:d4:
                    a8:b9:2a:af:1b:60:d5:79:99:93:25:cf:77:3b:a4:
                    c6:4a:3f:a3:19:e6:c8:11:d7:14:5c:44:33:ac:5a:
                    be:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:01:66:D8:47:50:60:4B:2D:AC:61:FC:CF:18:A2:E6:08:19:81:25
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.60.0/24
                  82.26.113.0/24
                IPv6:
                  2a13:9500:43::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:87:a3:87:8b:34:3e:0d:2e:d6:e6:b3:55:95:a8:e6:2b:fe:
         88:d0:fd:84:5c:db:93:86:20:11:1a:0f:89:af:5f:c5:24:d0:
         3b:16:f8:d6:5f:22:a3:60:b4:95:c6:fc:b4:40:83:f6:f7:9a:
         3e:59:50:fb:8d:8b:40:10:65:69:7f:0c:c1:a9:7c:f3:fb:45:
         cc:e4:fb:b7:ce:ec:2c:d6:71:92:09:48:83:80:1b:3b:b0:d1:
         67:ef:6e:9a:54:03:57:7f:20:63:42:eb:b6:a1:b8:63:28:21:
         20:92:43:ef:ff:88:36:d9:53:25:b6:93:c6:5d:ca:c8:5c:d1:
         41:9d:e4:cd:ec:7c:17:f5:9f:54:ca:47:ad:05:be:26:98:47:
         05:f0:ac:ee:9c:e5:7e:ac:e5:0b:e0:33:3f:c3:5e:e7:2f:6e:
         0e:45:01:9b:21:10:ff:8f:ea:85:f8:eb:92:3d:6b:a2:5a:a1:
         de:85:2d:17:bc:50:b6:b0:1e:e6:f8:63:bb:f9:d1:3e:e1:49:
         df:14:2b:88:4e:c0:ab:4c:89:73:6b:2e:76:91:f9:86:24:cd:
         08:fd:fd:68:a4:48:c1:14:f7:1b:9f:fd:0e:90:b5:48:3e:aa:
         ad:6a:02:62:75:03:e2:5a:91:70:d7:34:d2:70:1b:b4:4f:a7:
         a6:37:cc:6a
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUIFlwx3RZ05H8iy2+hUuPd4670wEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MTQxNTQwMzlaFw0yNjA4MTMxNTQ1MzlaMDMxMTAvBgNV
BAMTKDU0MDE2NkQ4NDc1MDYwNEIyREFDNjFGQ0NGMThBMkU2MDgxOTgxMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa8519bCZg8z8Ujym7GP3pOQw0
K/olrwqS0puLWK6KTf8tDmmScpvW9pX70PL+pWDS3PTMETREhkEBq2CDY9xuMx21
8dzDwaZz7Q9waVu2GH8O77bOTve+rvOSeLCtg6YbOX1VdZKnXEMNwyvhXZWMsBhh
9R5apnyJ5vhrgyTzTW7gASvD6YA36NcVbG81sNoKhfSTvVpG/afgA1OIxW5W+6oD
I71/LLS7WC10rKRvZFsvH6CuSsZWuGZ7OJuUgIqV6EQ3bl1yUiVpXhTPouBVZV2w
obv0h6PKzVARQZnp1Ki5Kq8bYNV5mZMlz3c7pMZKP6MZ5sgR1xRcRDOsWr7dAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUVAFm2EdQYEstrGH8zxii5ggZgSUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAUhk8
AwQAUhpxMA8EAgACMAkDBwAqE5UAAEMwDQYJKoZIhvcNAQELBQADggEBAHCHo4eL
ND4NLtbms1WVqOYr/ojQ/YRc25OGIBEaD4mvX8Uk0DsW+NZfIqNgtJXG/LRAg/b3
mj5ZUPuNi0AQZWl/DMGpfPP7Rczk+7fO7CzWcZIJSIOAGzuw0WfvbppUA1d/IGNC
67ahuGMoISCSQ+//iDbZUyW2k8Zdyshc0UGd5M3sfBf1n1TKR60FviaYRwXwrO6c
5X6s5QvgMz/DXucvbg5FAZshEP+P6oX465I9a6Jaod6FLRe8ULawHub4Y7v50T7h
Sd8UK4hOwKtMiXNrLnaR+YYkzQj9/WikSMEU9xuf/Q6QtUg+qq1qAmJ1A+JakXDX
NNJwG7RPp6Y3zGo=
-----END CERTIFICATE-----