Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214654.roa
File:                     AS214654.roa (raw, json)
Hash identifier:          2GgYnJ8JhmjB1F8JFk6O5sevle9a87Pzki3YivFMyIs=
Subject key identifier:   52:45:E6:FE:D5:AA:A5:1E:D1:49:63:F8:6D:85:76:45:1C:EF:66:40
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3D10F9C7CD0156D1D5C07AD681CB758AF8616B65
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214654.roa
Signing time:             Thu 07 Aug 2025 14:43:40 +0000
ROA not before:           Thu 07 Aug 2025 14:38:40 +0000
ROA not after:            Thu 06 Aug 2026 14:43:40 +0000
asID:                     214654
IP address blocks:        82.25.46.0/23 maxlen: 24
                          82.26.91.0/24 maxlen: 24
                          82.26.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:10:f9:c7:cd:01:56:d1:d5:c0:7a:d6:81:cb:75:8a:f8:61:6b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  7 14:38:40 2025 GMT
            Not After : Aug  6 14:43:40 2026 GMT
        Subject: CN=5245E6FED5AAA51ED14963F86D8576451CEF6640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:84:5d:31:58:24:b0:9e:25:68:9c:02:91:3f:
                    d4:ce:b2:67:a8:1e:d3:c1:a8:68:7e:dc:92:12:fc:
                    67:b6:9d:d0:85:f0:71:27:ed:63:70:bf:b6:4b:e8:
                    5e:12:7c:ab:0c:cd:31:19:0d:06:40:d7:e1:80:f1:
                    66:00:a5:db:4b:d8:b6:a9:39:98:40:66:e0:05:b8:
                    d8:ca:d0:f0:9c:6e:cb:89:3f:48:90:96:6f:6b:32:
                    cc:aa:de:c3:c7:19:9e:35:2d:d8:91:a6:53:16:cf:
                    97:d5:98:6c:86:30:4d:12:44:a2:d5:1e:8b:fd:e8:
                    d0:4b:8e:46:f1:75:3f:59:f8:f7:d6:95:d9:bc:8f:
                    73:11:66:7b:64:ae:5f:f3:9a:2b:4d:55:4a:0b:e7:
                    4d:d1:f3:a5:17:5e:97:c9:5f:8e:fb:d8:76:7c:5d:
                    df:f4:1a:5a:b5:5f:4d:1b:51:e8:8d:03:f1:80:99:
                    cc:30:80:9d:04:47:65:f6:f5:77:d4:66:07:5b:aa:
                    a5:ce:63:08:2e:3f:d9:66:d9:dc:03:3c:ef:5d:eb:
                    60:fa:fa:28:f4:8b:78:d2:d3:9f:aa:72:5a:aa:79:
                    67:fd:29:46:df:a7:9b:cb:c3:c0:b0:63:89:c7:d0:
                    5f:79:48:ef:3c:ca:da:d7:e1:b3:94:ed:d9:b0:2e:
                    b1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:45:E6:FE:D5:AA:A5:1E:D1:49:63:F8:6D:85:76:45:1C:EF:66:40
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.25.46.0/23
                  82.26.91.0/24
                  82.26.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:56:15:21:aa:3a:45:0c:53:d1:9e:cd:5a:ee:b1:73:e7:93:
         36:b3:0f:85:07:28:5b:a8:d3:39:79:3f:e8:53:55:d4:9c:56:
         72:a5:29:ce:46:af:7c:74:fd:61:58:8a:81:0c:c5:6f:35:85:
         22:9b:11:5c:6a:81:14:23:53:3b:be:4e:d9:e2:f0:57:7f:c7:
         27:ca:4a:57:fd:a0:ff:3f:71:15:a4:c7:64:fa:7b:28:e4:65:
         25:e1:2a:fb:92:54:7a:d6:dd:e8:cc:d7:2b:31:d8:bc:c4:db:
         68:24:0d:01:67:f6:cb:88:14:cf:3e:7f:db:6c:32:a6:a3:e5:
         0b:34:54:d9:f7:ab:54:47:c9:e5:ff:c0:79:e6:7f:01:93:ad:
         6b:b8:84:b6:cb:02:da:cc:d7:3d:a3:8c:1e:3c:86:a4:0a:41:
         4c:18:b0:83:cb:ee:30:3f:3a:b4:59:79:3c:19:cf:f5:63:2a:
         f5:cc:7e:80:f4:26:56:dd:89:fb:93:2f:db:94:95:27:e4:c8:
         47:91:11:48:f8:5d:33:38:c0:3e:fd:81:b7:a5:4c:71:23:d7:
         24:b2:45:76:e4:cd:a8:19:3f:fe:35:cc:67:61:da:4a:e3:0f:
         c9:0e:88:c6:8f:ff:2d:e6:9d:2b:57:e2:0f:10:ae:3e:0d:f3:
         b7:76:f6:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUPRD5x80BVtHVwHrWgct1ivhha2UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDcxNDM4NDBaFw0yNjA4MDYxNDQzNDBaMDMxMTAvBgNV
BAMTKDUyNDVFNkZFRDVBQUE1MUVEMTQ5NjNGODZEODU3NjQ1MUNFRjY2NDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCohF0xWCSwniVonAKRP9TOsmeo
HtPBqGh+3JIS/Ge2ndCF8HEn7WNwv7ZL6F4SfKsMzTEZDQZA1+GA8WYApdtL2Lap
OZhAZuAFuNjK0PCcbsuJP0iQlm9rMsyq3sPHGZ41LdiRplMWz5fVmGyGME0SRKLV
Hov96NBLjkbxdT9Z+PfWldm8j3MRZntkrl/zmitNVUoL503R86UXXpfJX4772HZ8
Xd/0Glq1X00bUeiNA/GAmcwwgJ0ER2X29XfUZgdbqqXOYwguP9lm2dwDPO9d62D6
+ij0i3jS05+qclqqeWf9KUbfp5vLw8CwY4nH0F95SO88ytrX4bOU7dmwLrFhAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUUkXm/tWqpR7RSWP4bYV2RRzvZkAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUhku
AwQAUhpbAwQAUhpdMA0GCSqGSIb3DQEBCwUAA4IBAQAcVhUhqjpFDFPRns1a7rFz
55M2sw+FByhbqNM5eT/oU1XUnFZypSnORq98dP1hWIqBDMVvNYUimxFcaoEUI1M7
vk7Z4vBXf8cnykpX/aD/P3EVpMdk+nso5GUl4Sr7klR61t3ozNcrMdi8xNtoJA0B
Z/bLiBTPPn/bbDKmo+ULNFTZ96tUR8nl/8B55n8Bk61ruIS2ywLazNc9o4wePIak
CkFMGLCDy+4wPzq0WXk8Gc/1Yyr1zH6A9CZW3Yn7ky/blJUn5MhHkRFI+F0zOMA+
/YG3pUxxI9ckskV25M2oGT/+NcxnYdpK4w/JDojGj/8t5p0rV+IPEK4+DfO3dvbq
-----END CERTIFICATE-----