Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          yINuXE3dw/+bXfzgu6dSJYAd0BQNKhrkvYpeHbdzQH8=
Subject key identifier:   B8:38:AB:B4:95:02:16:7F:AD:80:A1:A9:17:97:37:F1:A1:D5:DC:1E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       06A7A14821EF5BF439AFFBC92B77790E01D15FCD
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214432.roa
Signing time:             Mon 16 Jun 2025 17:35:12 +0000
ROA not before:           Mon 16 Jun 2025 17:30:12 +0000
ROA not after:            Mon 15 Jun 2026 17:35:12 +0000
asID:                     214432
IP address blocks:        82.25.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:a7:a1:48:21:ef:5b:f4:39:af:fb:c9:2b:77:79:0e:01:d1:5f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 16 17:30:12 2025 GMT
            Not After : Jun 15 17:35:12 2026 GMT
        Subject: CN=B838ABB49502167FAD80A1A9179737F1A1D5DC1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:0d:ab:1f:71:ee:2f:2d:0b:10:0e:02:f7:02:
                    10:52:68:70:d7:10:a2:48:f8:20:b7:8a:f5:63:16:
                    bd:dd:1d:5b:e1:4d:93:31:52:aa:d8:ac:b0:41:d9:
                    df:2b:59:07:87:d2:52:4e:b3:a7:a0:b7:7c:e3:bb:
                    15:8f:32:f5:75:37:88:9b:56:3b:10:3d:11:48:69:
                    c5:e2:1d:ed:0c:f1:19:db:f9:33:04:f0:7b:64:6f:
                    e8:20:28:ed:fb:ca:23:5f:53:52:04:d3:98:3d:2c:
                    e9:5c:f3:3d:a0:ec:96:24:c8:58:f1:80:e5:ee:e7:
                    ea:3f:7d:3d:bd:20:b6:4d:03:5b:32:b7:b4:de:cf:
                    c3:ae:7f:39:03:aa:de:b4:61:bc:88:02:8b:5b:a3:
                    e0:37:78:c7:e0:dc:92:a8:62:99:86:a2:47:ce:46:
                    a2:73:ac:60:bb:94:e9:e9:5f:0f:a8:21:41:48:80:
                    00:c5:11:5f:d4:ca:38:f5:d0:95:82:21:8b:c7:f8:
                    b9:e3:9c:e7:95:f1:d2:19:c9:a6:f1:15:1c:89:8d:
                    52:b7:b6:cd:8a:b3:3a:a2:53:d8:09:ed:ea:cf:c6:
                    55:a9:64:99:ff:d4:e5:8c:16:04:94:af:55:e2:b5:
                    77:2f:8a:bc:80:b8:ef:b5:d8:e2:c4:6a:df:83:3a:
                    bc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:38:AB:B4:95:02:16:7F:AD:80:A1:A9:17:97:37:F1:A1:D5:DC:1E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:19:68:33:10:0c:9f:18:dc:52:76:7f:77:c0:a2:c5:59:f2:
         76:28:d1:f8:33:bb:13:3e:dd:2f:68:74:74:94:42:0c:a6:31:
         a2:ad:33:d5:43:46:41:0f:6e:d2:d1:20:13:d9:6e:aa:ef:1e:
         ef:29:65:df:95:73:cb:3c:c6:50:4e:df:9d:82:d7:c9:39:79:
         ea:7d:60:aa:9b:ed:e4:71:71:59:1a:66:28:b6:e5:b2:31:4a:
         73:0f:37:b3:41:8f:26:f5:04:b2:66:c5:c6:23:b9:ed:c1:60:
         c6:24:95:3a:aa:cd:4c:62:75:4a:51:31:f4:1d:bf:c4:fe:5e:
         ff:71:32:85:ca:1d:4e:f0:d9:cb:a6:2b:7d:4a:a7:79:f1:c4:
         ef:ad:ec:6b:c1:8e:d7:8a:c2:f6:84:7b:e8:c5:99:b9:1f:b3:
         7e:bd:1c:29:57:96:a7:52:bf:e2:78:f2:ed:9b:73:3b:8c:9f:
         84:6c:43:5c:2d:58:24:a3:e0:18:42:72:bc:30:eb:a2:eb:64:
         34:9b:38:b0:ac:c7:7a:b9:3f:73:08:e1:b2:a1:f8:a1:73:78:
         4e:6e:fd:d5:8b:cb:a7:ff:b5:ac:f9:5b:3a:84:04:b0:ad:fc:
         ef:94:5e:00:8a:3d:4a:cf:18:75:5c:ac:4b:bc:83:e9:55:e3:
         a2:fe:3b:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBqehSCHvW/Q5r/vJK3d5DgHRX80wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTYxNzMwMTJaFw0yNjA2MTUxNzM1MTJaMDMxMTAvBgNV
BAMTKEI4MzhBQkI0OTUwMjE2N0ZBRDgwQTFBOTE3OTczN0YxQTFENURDMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWDasfce4vLQsQDgL3AhBSaHDX
EKJI+CC3ivVjFr3dHVvhTZMxUqrYrLBB2d8rWQeH0lJOs6egt3zjuxWPMvV1N4ib
VjsQPRFIacXiHe0M8Rnb+TME8Htkb+ggKO37yiNfU1IE05g9LOlc8z2g7JYkyFjx
gOXu5+o/fT29ILZNA1syt7Tez8OufzkDqt60YbyIAotbo+A3eMfg3JKoYpmGokfO
RqJzrGC7lOnpXw+oIUFIgADFEV/Uyjj10JWCIYvH+LnjnOeV8dIZyabxFRyJjVK3
ts2KszqiU9gJ7erPxlWpZJn/1OWMFgSUr1XitXcviryAuO+12OLEat+DOry5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuDirtJUCFn+tgKGpF5c38aHV3B4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhkn
MA0GCSqGSIb3DQEBCwUAA4IBAQBrGWgzEAyfGNxSdn93wKLFWfJ2KNH4M7sTPt0v
aHR0lEIMpjGirTPVQ0ZBD27S0SAT2W6q7x7vKWXflXPLPMZQTt+dgtfJOXnqfWCq
m+3kcXFZGmYotuWyMUpzDzezQY8m9QSyZsXGI7ntwWDGJJU6qs1MYnVKUTH0Hb/E
/l7/cTKFyh1O8NnLpit9Sqd58cTvrexrwY7XisL2hHvoxZm5H7N+vRwpV5anUr/i
ePLtm3M7jJ+EbENcLVgko+AYQnK8MOui62Q0mziwrMd6uT9zCOGyofihc3hObv3V
i8un/7Ws+Vs6hASwrfzvlF4Aij1Kzxh1XKxLvIPpVeOi/jtm
-----END CERTIFICATE-----