Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215124.roa
File:                     AS215124.roa (raw, json)
Hash identifier:          BcHBBxrBbViAXCjbIkAEfOr8YM31udSp/TUsKyAOwlM=
Subject key identifier:   ED:53:4E:D4:71:AC:5B:3E:AD:2C:BB:A3:86:BE:97:02:A3:8B:32:66
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0877053AD239789C590A78E5A2A554E8A4425CF2
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215124.roa
Signing time:             Sun 03 May 2026 22:26:18 +0000
ROA not before:           Sun 03 May 2026 22:21:18 +0000
ROA not after:            Sun 02 May 2027 22:26:18 +0000
asID:                     215124
IP address blocks:        82.21.3.0/24 maxlen: 24
                          2a13:9500:ea::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:77:05:3a:d2:39:78:9c:59:0a:78:e5:a2:a5:54:e8:a4:42:5c:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  3 22:21:18 2026 GMT
            Not After : May  2 22:26:18 2027 GMT
        Subject: CN=ED534ED471AC5B3EAD2CBBA386BE9702A38B3266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:01:7e:d4:8a:06:6d:35:e9:80:70:47:d1:29:
                    1a:fd:9f:b0:a9:9a:fd:fd:9e:c2:8c:0b:c0:d0:87:
                    98:bb:3d:0e:46:b7:68:61:70:71:21:39:52:86:68:
                    7b:47:e1:7b:8c:2d:54:e6:5d:a4:80:75:b8:a3:62:
                    c0:f4:37:1c:0d:ae:43:8f:fa:ef:30:08:a9:84:b9:
                    72:9f:b8:ba:6d:08:15:58:29:db:8c:8d:62:a6:08:
                    ef:40:53:29:c6:64:ba:f0:a5:16:7c:6f:c5:04:95:
                    a7:d4:32:b6:d2:08:de:55:c0:40:cc:f0:34:33:79:
                    f4:06:d6:c4:b3:71:92:cb:6f:e2:13:cd:4e:5f:ec:
                    b6:3d:0b:49:ca:01:5f:4c:8e:7f:b3:40:66:f0:a6:
                    b2:d2:16:e4:48:a5:f5:c5:11:92:97:86:0e:36:0f:
                    d6:22:cd:6e:1f:c6:dd:63:a3:73:a5:2c:94:f5:5d:
                    b3:a5:46:b5:98:b1:0d:de:5e:aa:af:6e:f1:2b:f0:
                    b8:71:22:1b:b3:63:d7:62:d3:5f:4f:07:80:c5:3b:
                    6a:63:7b:77:3a:ac:88:62:2f:d1:ca:4f:83:70:b9:
                    5c:da:3d:4d:dd:c3:5e:56:71:14:1c:4e:f2:51:3a:
                    18:b8:01:11:40:82:71:ed:bc:4b:5c:13:59:cf:81:
                    03:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:53:4E:D4:71:AC:5B:3E:AD:2C:BB:A3:86:BE:97:02:A3:8B:32:66
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215124.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.3.0/24
                IPv6:
                  2a13:9500:ea::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:01:a8:0f:89:bc:60:4e:23:85:e0:cf:a3:1d:3f:4a:29:de:
         21:f8:dd:26:a8:9b:7a:31:94:59:5f:8b:e5:9f:b4:ad:79:89:
         61:50:5e:71:40:01:23:a7:4c:36:06:df:09:a3:b8:a9:12:a1:
         68:2d:02:cf:17:1a:b1:99:fb:cd:c9:cf:46:15:0b:9a:5c:39:
         9e:74:fd:26:e4:28:b7:8c:00:bd:b1:43:14:0c:83:f7:fc:60:
         5e:90:a1:2b:14:51:9e:d7:80:cb:29:46:74:64:a9:7b:5d:b0:
         25:76:f7:a3:95:54:52:42:a2:16:57:d7:39:e1:c8:b5:35:37:
         42:5f:f7:6c:4e:da:26:9e:d3:c2:8a:43:e8:1a:9a:3f:fc:39:
         cf:15:c9:46:18:f1:56:45:d1:ff:29:ca:e4:c3:15:f0:7f:da:
         6c:7c:25:79:0c:9f:41:23:c3:32:5b:b6:29:5e:7b:81:b8:2f:
         df:32:f6:e4:99:a7:09:61:f1:66:c6:2e:3b:18:7d:95:03:1f:
         3c:6d:be:dd:dd:20:b5:66:08:6d:f0:12:b0:88:25:55:17:39:
         ae:c6:66:f2:6b:ff:b0:fd:50:8f:30:d2:b7:51:4b:fe:b6:08:
         b7:6a:bf:79:ae:bc:d3:5a:54:f1:fc:91:84:21:ef:2f:46:25:
         c3:f4:9b:7e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUCHcFOtI5eJxZCnjloqVU6KRCXPIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDMyMjIxMThaFw0yNzA1MDIyMjI2MThaMDMxMTAvBgNV
BAMTKEVENTM0RUQ0NzFBQzVCM0VBRDJDQkJBMzg2QkU5NzAyQTM4QjMyNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSAX7UigZtNemAcEfRKRr9n7Cp
mv39nsKMC8DQh5i7PQ5Gt2hhcHEhOVKGaHtH4XuMLVTmXaSAdbijYsD0NxwNrkOP
+u8wCKmEuXKfuLptCBVYKduMjWKmCO9AUynGZLrwpRZ8b8UElafUMrbSCN5VwEDM
8DQzefQG1sSzcZLLb+ITzU5f7LY9C0nKAV9Mjn+zQGbwprLSFuRIpfXFEZKXhg42
D9YizW4fxt1jo3OlLJT1XbOlRrWYsQ3eXqqvbvEr8LhxIhuzY9di019PB4DFO2pj
e3c6rIhiL9HKT4NwuVzaPU3dw15WcRQcTvJROhi4ARFAgnHtvEtcE1nPgQOzAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQU7VNO1HGsWz6tLLujhr6XAqOLMmYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MTI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhUD
MA8EAgACMAkDBwAqE5UAAOowDQYJKoZIhvcNAQELBQADggEBAFYBqA+JvGBOI4Xg
z6MdP0op3iH43Saom3oxlFlfi+WftK15iWFQXnFAASOnTDYG3wmjuKkSoWgtAs8X
GrGZ+83Jz0YVC5pcOZ50/SbkKLeMAL2xQxQMg/f8YF6QoSsUUZ7XgMspRnRkqXtd
sCV296OVVFJCohZX1znhyLU1N0Jf92xO2iae08KKQ+gamj/8Oc8VyUYY8VZF0f8p
yuTDFfB/2mx8JXkMn0EjwzJbtilee4G4L98y9uSZpwlh8WbGLjsYfZUDHzxtvt3d
ILVmCG3wErCIJVUXOa7GZvJr/7D9UI8w0rdRS/62CLdqv3muvNNaVPH8kYQh7y9G
JcP0m34=
-----END CERTIFICATE-----