Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216224.roa
File:                     AS216224.roa (raw, json)
Hash identifier:          6fQJNu1qxXST+64PWSw5pfdpJpbQovCWr5II9u/GXuU=
Subject key identifier:   FA:FE:34:00:19:28:F5:87:F8:82:FC:F0:19:CF:B2:F1:49:1D:61:3F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       14A4C9CC962600D007F9B1F234F2A314AAB2DCC8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216224.roa
Signing time:             Mon 16 Mar 2026 06:50:35 +0000
ROA not before:           Mon 16 Mar 2026 06:45:35 +0000
ROA not after:            Mon 15 Mar 2027 06:50:35 +0000
asID:                     216224
IP address blocks:        82.39.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:a4:c9:cc:96:26:00:d0:07:f9:b1:f2:34:f2:a3:14:aa:b2:dc:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 16 06:45:35 2026 GMT
            Not After : Mar 15 06:50:35 2027 GMT
        Subject: CN=FAFE34001928F587F882FCF019CFB2F1491D613F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9b:f3:e3:2a:77:49:8f:62:94:5a:43:f2:4e:
                    2d:50:3a:71:92:97:ec:00:11:01:85:0f:23:b4:de:
                    7b:6a:78:7a:78:f1:4c:34:56:f9:1e:19:65:e2:64:
                    ae:2e:29:64:34:9f:1f:2f:04:3c:bf:bb:e6:77:44:
                    f7:5c:3d:93:34:80:71:39:a9:cb:89:f3:f5:4c:be:
                    64:58:10:c3:d7:aa:26:1c:af:f2:01:48:d7:51:3d:
                    88:04:f3:4c:af:3f:5d:71:19:34:7a:90:3c:e5:f6:
                    56:f4:b2:7c:48:81:a8:e5:cf:cd:7f:7e:55:7b:65:
                    cf:7c:97:21:28:c7:d8:9a:8c:12:bd:e9:92:1f:a0:
                    32:19:cd:5e:61:bd:24:99:74:cc:69:cd:e5:c7:e9:
                    05:87:07:c6:45:17:8c:51:c1:ad:33:f4:b9:c4:00:
                    c4:cd:5b:7c:5e:43:b1:9b:32:fd:a5:b2:80:5f:31:
                    34:d4:34:4a:00:d5:94:57:d0:6c:06:d1:60:11:52:
                    c5:89:01:88:8a:e0:b7:fa:8c:47:25:ec:55:0a:79:
                    68:e4:61:6a:27:68:77:f7:c5:6d:cf:7e:5a:67:0e:
                    d2:5f:6d:39:20:ee:00:76:3d:33:93:e4:23:9b:26:
                    ba:fb:e1:26:63:a9:b9:f4:c4:f1:d8:1f:aa:ac:a9:
                    64:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:FE:34:00:19:28:F5:87:F8:82:FC:F0:19:CF:B2:F1:49:1D:61:3F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:6d:a4:c5:18:5f:51:c8:ae:48:b7:c6:e2:c5:d5:f9:0a:9f:
         f8:d4:be:9f:4c:70:8a:a9:2e:62:c7:b3:28:a6:9c:04:12:6c:
         18:3a:79:ad:da:66:16:08:83:d5:81:2d:6c:67:d6:5d:1f:a8:
         5c:3a:45:c7:d1:26:44:3f:29:ea:f5:e8:46:c1:af:54:9e:2b:
         cb:ad:07:31:e3:2a:26:0f:f6:0a:37:81:5e:ed:df:f9:68:95:
         49:86:1e:b4:f9:98:89:f7:8d:9b:f2:68:08:6c:fa:48:3f:3f:
         af:ed:ed:69:14:70:86:da:5f:be:ca:65:70:6d:86:7e:5e:e8:
         96:b5:43:a3:5a:d3:2e:0c:2c:dc:16:4f:42:93:aa:0c:f2:c7:
         97:5e:69:42:79:cb:98:20:58:49:8e:79:a6:47:a5:5d:c6:e4:
         f5:06:a1:f9:31:77:99:6d:30:0a:99:e0:1c:16:3a:91:31:b7:
         c3:a2:36:a4:ee:35:8c:ab:9b:6b:f6:22:c4:7e:7e:4f:8c:18:
         44:57:67:2f:ae:87:0a:b9:d6:1e:f2:d4:f7:fe:ec:18:72:76:
         33:8d:82:d7:17:84:4b:2e:50:5e:d8:d1:4d:82:50:6c:75:43:
         da:d7:77:34:f0:37:be:84:2e:60:d5:d3:00:8d:28:7c:76:f5:
         41:75:ee:aa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFKTJzJYmANAH+bHyNPKjFKqy3MgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTYwNjQ1MzVaFw0yNzAzMTUwNjUwMzVaMDMxMTAvBgNV
BAMTKEZBRkUzNDAwMTkyOEY1ODdGODgyRkNGMDE5Q0ZCMkYxNDkxRDYxM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXm/PjKndJj2KUWkPyTi1QOnGS
l+wAEQGFDyO03ntqeHp48Uw0VvkeGWXiZK4uKWQ0nx8vBDy/u+Z3RPdcPZM0gHE5
qcuJ8/VMvmRYEMPXqiYcr/IBSNdRPYgE80yvP11xGTR6kDzl9lb0snxIgajlz81/
flV7Zc98lyEox9iajBK96ZIfoDIZzV5hvSSZdMxpzeXH6QWHB8ZFF4xRwa0z9LnE
AMTNW3xeQ7GbMv2lsoBfMTTUNEoA1ZRX0GwG0WARUsWJAYiK4Lf6jEcl7FUKeWjk
YWonaHf3xW3PflpnDtJfbTkg7gB2PTOT5CObJrr74SZjqbn0xPHYH6qsqWQ3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+v40ABko9Yf4gvzwGc+y8UkdYT8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUies
MA0GCSqGSIb3DQEBCwUAA4IBAQBIbaTFGF9RyK5It8bixdX5Cp/41L6fTHCKqS5i
x7MoppwEEmwYOnmt2mYWCIPVgS1sZ9ZdH6hcOkXH0SZEPynq9ehGwa9UnivLrQcx
4yomD/YKN4Fe7d/5aJVJhh60+ZiJ942b8mgIbPpIPz+v7e1pFHCG2l++ymVwbYZ+
XuiWtUOjWtMuDCzcFk9Ck6oM8seXXmlCecuYIFhJjnmmR6VdxuT1BqH5MXeZbTAK
meAcFjqRMbfDojak7jWMq5tr9iLEfn5PjBhEV2cvrocKudYe8tT3/uwYcnYzjYLX
F4RLLlBe2NFNglBsdUPa13c08De+hC5g1dMAjSh8dvVBde6q
-----END CERTIFICATE-----