Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214939.roa
File:                     AS214939.roa (raw, json)
Hash identifier:          rJP2ULHhDgC7UVUsza0l+6wwKl3LkXpmvf5BHcnqCMg=
Subject key identifier:   C7:0E:C2:3D:30:8D:F4:50:80:D8:49:A9:A4:E8:B3:45:AA:3F:AF:65
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       791C8AB65DD56CF2403B32E99CE62F22E08D15D1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214939.roa
Signing time:             Fri 20 Jun 2025 14:42:57 +0000
ROA not before:           Fri 20 Jun 2025 14:37:57 +0000
ROA not after:            Fri 19 Jun 2026 14:42:57 +0000
asID:                     214939
IP address blocks:        82.21.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:1c:8a:b6:5d:d5:6c:f2:40:3b:32:e9:9c:e6:2f:22:e0:8d:15:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 20 14:37:57 2025 GMT
            Not After : Jun 19 14:42:57 2026 GMT
        Subject: CN=C70EC23D308DF45080D849A9A4E8B345AA3FAF65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c9:05:1b:42:ed:6a:8f:d0:e9:db:e8:5f:f0:
                    7e:99:4c:a0:61:49:3d:5f:7a:28:f0:87:43:d8:8d:
                    0a:d3:1b:b8:a6:0d:4b:d5:eb:a0:c9:13:2e:f5:8d:
                    49:48:94:d5:5c:12:79:9f:22:9e:99:51:48:12:df:
                    02:03:d8:a7:55:ea:8e:d8:62:17:8e:1c:e2:5a:e2:
                    32:36:bb:96:4b:e6:6a:81:89:4b:67:19:ce:a5:34:
                    b7:b3:7b:3d:ea:6f:c9:40:67:bd:22:ec:c1:4d:bf:
                    46:d1:fa:34:c1:e9:dd:d2:b7:80:c7:62:32:2d:1b:
                    d9:de:31:56:47:8d:e6:91:17:68:49:28:ee:77:17:
                    b6:e3:45:54:26:8e:32:0b:a7:51:0d:f4:2d:4b:e8:
                    7b:c0:9e:24:47:3a:0d:37:87:85:ea:a1:03:5c:7b:
                    ef:03:7f:99:e4:cb:f5:d6:56:56:13:af:03:85:74:
                    9a:e1:10:55:b9:06:31:ef:91:27:aa:f1:8d:75:8d:
                    0f:af:67:5d:2a:cf:c3:91:7f:18:80:93:18:be:08:
                    c4:b8:97:34:7f:e7:ef:f0:cf:e1:b8:bd:21:44:57:
                    ba:bc:f5:2a:1c:d6:92:c9:85:1c:20:cb:31:b1:75:
                    d4:ed:36:f0:75:d1:8d:e5:cb:21:f2:0f:1c:ea:05:
                    46:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:0E:C2:3D:30:8D:F4:50:80:D8:49:A9:A4:E8:B3:45:AA:3F:AF:65
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:8d:4d:52:7d:49:4f:40:60:c5:fb:57:b3:e0:81:25:8b:4d:
         c2:8d:d0:13:b7:b6:39:35:9b:73:75:9e:a5:be:6a:b0:06:52:
         ed:6b:80:72:8f:c4:24:a8:5e:20:47:a2:3f:0e:84:fe:94:43:
         0d:4e:4d:63:54:9b:a4:3d:cb:6a:03:e3:11:4b:dd:8b:67:31:
         34:13:d5:f9:5a:9c:da:e9:cf:79:41:a6:3b:70:ac:58:54:4b:
         63:5f:e8:21:55:00:1e:96:71:18:11:89:ce:f7:09:6b:b1:d4:
         c3:a0:75:e6:f8:6a:99:38:33:f9:c8:15:0b:cf:da:10:1a:b2:
         d9:9b:d3:d8:ad:a3:18:52:37:fa:af:51:99:d6:35:38:e2:ac:
         fc:6a:e7:8b:fa:d9:e5:82:52:79:fb:f7:a4:14:ee:b2:e8:72:
         87:dc:0f:99:56:f7:95:34:83:b3:bc:51:7f:ca:d5:07:36:dc:
         34:a9:cf:95:91:d7:50:c3:81:fc:f9:b5:ce:b8:53:09:90:ab:
         3c:84:09:88:85:17:aa:9a:53:e4:e0:3c:0c:1c:6f:9d:29:10:
         a3:be:c6:cf:7a:85:32:5c:82:a2:43:88:a3:c6:41:7d:62:32:
         c6:cf:3e:53:15:93:b6:40:31:00:54:d0:b6:19:88:50:74:7f:
         b0:e4:12:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeRyKtl3VbPJAOzLpnOYvIuCNFdEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjAxNDM3NTdaFw0yNjA2MTkxNDQyNTdaMDMxMTAvBgNV
BAMTKEM3MEVDMjNEMzA4REY0NTA4MEQ4NDlBOUE0RThCMzQ1QUEzRkFGNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCryQUbQu1qj9Dp2+hf8H6ZTKBh
ST1feijwh0PYjQrTG7imDUvV66DJEy71jUlIlNVcEnmfIp6ZUUgS3wID2KdV6o7Y
YheOHOJa4jI2u5ZL5mqBiUtnGc6lNLezez3qb8lAZ70i7MFNv0bR+jTB6d3St4DH
YjItG9neMVZHjeaRF2hJKO53F7bjRVQmjjILp1EN9C1L6HvAniRHOg03h4XqoQNc
e+8Df5nky/XWVlYTrwOFdJrhEFW5BjHvkSeq8Y11jQ+vZ10qz8ORfxiAkxi+CMS4
lzR/5+/wz+G4vSFEV7q89Soc1pLJhRwgyzGxddTtNvB10Y3lyyHyDxzqBUY5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxw7CPTCN9FCA2EmppOizRao/r2UwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0OTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhUA
MA0GCSqGSIb3DQEBCwUAA4IBAQBojU1SfUlPQGDF+1ez4IEli03CjdATt7Y5NZtz
dZ6lvmqwBlLta4Byj8QkqF4gR6I/DoT+lEMNTk1jVJukPctqA+MRS92LZzE0E9X5
Wpza6c95QaY7cKxYVEtjX+ghVQAelnEYEYnO9wlrsdTDoHXm+GqZODP5yBULz9oQ
GrLZm9PYraMYUjf6r1GZ1jU44qz8aueL+tnlglJ5+/ekFO6y6HKH3A+ZVveVNIOz
vFF/ytUHNtw0qc+VkddQw4H8+bXOuFMJkKs8hAmIhReqmlPk4DwMHG+dKRCjvsbP
eoUyXIKiQ4ijxkF9YjLGzz5TFZO2QDEAVNC2GYhQdH+w5BJB
-----END CERTIFICATE-----