Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216388.roa
File:                     AS216388.roa (raw, json)
Hash identifier:          F3xxlLrLY6V0PfGNCpeR+4ahGjAkyj718G1cwh/y9zo=
Subject key identifier:   20:28:A2:28:82:4A:DA:22:82:13:B8:02:7C:78:AF:1C:BD:FB:27:A2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3DDAAB70BF001D260CAEAB13CA4790A855971B1E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216388.roa
Signing time:             Fri 01 May 2026 09:20:12 +0000
ROA not before:           Fri 01 May 2026 09:15:12 +0000
ROA not after:            Fri 30 Apr 2027 09:20:12 +0000
asID:                     216388
IP address blocks:        82.22.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:da:ab:70:bf:00:1d:26:0c:ae:ab:13:ca:47:90:a8:55:97:1b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  1 09:15:12 2026 GMT
            Not After : Apr 30 09:20:12 2027 GMT
        Subject: CN=2028A228824ADA228213B8027C78AF1CBDFB27A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5b:c3:db:92:cb:f5:fc:6c:68:f1:4e:fa:ab:
                    d0:df:42:66:ae:06:77:ee:6c:52:8a:66:ea:c7:ff:
                    1d:d4:74:34:a6:20:ac:81:37:3c:d0:70:28:b7:00:
                    28:6a:ee:49:3e:f2:b4:3c:83:2d:13:ed:01:a8:20:
                    94:83:27:9c:36:c8:f0:16:08:5d:80:23:04:36:5f:
                    93:bc:fa:51:19:64:a2:ef:f8:b1:76:54:25:ad:99:
                    c3:bf:72:24:b0:6f:3c:86:53:0f:a1:af:a5:7d:5f:
                    18:3a:46:25:27:79:ba:6b:0a:ec:f2:17:c2:9d:82:
                    17:d7:81:06:ab:e0:68:11:bc:81:d1:20:0a:26:a2:
                    2b:98:aa:04:3f:99:3c:43:bf:2a:b4:ba:2b:3c:08:
                    19:28:1d:9c:7d:f2:60:f8:6a:2c:a9:a5:8e:75:76:
                    17:9a:20:4f:3e:24:48:e6:56:32:2b:c6:0f:a7:68:
                    8d:1b:40:5e:d2:ef:64:06:99:e9:44:b8:07:41:56:
                    83:ed:17:80:19:6e:37:fc:76:13:fe:c2:ca:d4:76:
                    29:67:16:f0:b2:79:00:56:d9:4c:e6:07:89:47:c3:
                    2e:f8:67:f9:fa:ec:d9:98:da:cb:84:b1:7c:fe:b4:
                    05:a4:2e:d2:67:51:9f:4c:19:d9:01:29:1a:02:33:
                    b3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:28:A2:28:82:4A:DA:22:82:13:B8:02:7C:78:AF:1C:BD:FB:27:A2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216388.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:90:4e:5b:68:7b:2c:be:72:cd:aa:05:da:df:75:5f:dd:40:
         1b:22:ed:cb:47:3f:3a:dd:1d:15:d8:d6:37:69:5e:3b:81:bc:
         2a:2d:81:32:bf:9b:6a:14:07:e9:58:69:99:cd:5a:3e:4a:ec:
         c2:c6:52:2e:d1:35:4b:e5:7d:c7:63:cf:c0:0b:b7:f6:88:21:
         4b:a9:57:54:4e:b5:ca:e4:d7:eb:7b:06:4d:e5:67:d5:68:6c:
         e6:cd:52:48:cd:df:1a:13:e2:6a:25:b2:ef:26:49:aa:08:29:
         19:4c:c5:b0:13:3a:09:36:68:06:bb:28:c6:f9:6c:51:f0:a0:
         9c:14:02:78:2f:9d:32:f9:5d:1a:c9:1d:fb:b2:72:39:b7:01:
         ec:47:c8:7b:4f:55:49:70:89:7d:c0:c7:ad:81:98:3e:7e:dd:
         99:2f:6b:48:f2:cc:b5:20:0b:ba:40:1e:ae:e5:7f:ae:ce:aa:
         0b:28:d9:4c:0e:bf:57:59:28:bf:dc:a2:10:54:09:58:d9:be:
         64:5a:69:7e:8d:f0:c5:fe:9c:4a:02:31:7d:30:d0:bf:f9:6b:
         6a:a1:88:d3:19:da:a1:ce:93:19:a5:87:f5:4e:da:a3:59:e6:
         15:7e:b6:41:f5:ee:a0:f7:df:46:b6:dc:b3:2b:f3:46:3e:ea:
         44:65:49:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPdqrcL8AHSYMrqsTykeQqFWXGx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDEwOTE1MTJaFw0yNzA0MzAwOTIwMTJaMDMxMTAvBgNV
BAMTKDIwMjhBMjI4ODI0QURBMjI4MjEzQjgwMjdDNzhBRjFDQkRGQjI3QTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhW8Pbksv1/Gxo8U76q9DfQmau
BnfubFKKZurH/x3UdDSmIKyBNzzQcCi3AChq7kk+8rQ8gy0T7QGoIJSDJ5w2yPAW
CF2AIwQ2X5O8+lEZZKLv+LF2VCWtmcO/ciSwbzyGUw+hr6V9Xxg6RiUnebprCuzy
F8KdghfXgQar4GgRvIHRIAomoiuYqgQ/mTxDvyq0uis8CBkoHZx98mD4aiyppY51
dheaIE8+JEjmVjIrxg+naI0bQF7S72QGmelEuAdBVoPtF4AZbjf8dhP+wsrUdiln
FvCyeQBW2UzmB4lHwy74Z/n67NmY2suEsXz+tAWkLtJnUZ9MGdkBKRoCM7PhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUICiiKIJK2iKCE7gCfHivHL37J6IwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2Mzg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhY5
MA0GCSqGSIb3DQEBCwUAA4IBAQASkE5baHssvnLNqgXa33Vf3UAbIu3LRz863R0V
2NY3aV47gbwqLYEyv5tqFAfpWGmZzVo+SuzCxlIu0TVL5X3HY8/AC7f2iCFLqVdU
TrXK5NfrewZN5WfVaGzmzVJIzd8aE+JqJbLvJkmqCCkZTMWwEzoJNmgGuyjG+WxR
8KCcFAJ4L50y+V0ayR37snI5twHsR8h7T1VJcIl9wMetgZg+ft2ZL2tI8sy1IAu6
QB6u5X+uzqoLKNlMDr9XWSi/3KIQVAlY2b5kWml+jfDF/pxKAjF9MNC/+WtqoYjT
GdqhzpMZpYf1TtqjWeYVfrZB9e6g999GttyzK/NGPupEZUmt
-----END CERTIFICATE-----