Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          oLDLOvSTzvIe7nAgwNT1ihTVpJ/BBe7FUI3WzUKsI8k=
Subject key identifier:   43:56:18:B1:79:40:F0:91:EB:C6:90:C7:A2:7F:F2:62:98:31:E2:BB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       22BD54A6C708186C907A5A71662F791EB1D64B82
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
Signing time:             Wed 29 Apr 2026 08:51:26 +0000
ROA not before:           Wed 29 Apr 2026 08:46:26 +0000
ROA not after:            Wed 28 Apr 2027 08:51:26 +0000
asID:                     21840
IP address blocks:        82.26.160.0/24 maxlen: 24
                          82.47.162.0/24 maxlen: 24
                          178.83.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:bd:54:a6:c7:08:18:6c:90:7a:5a:71:66:2f:79:1e:b1:d6:4b:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 29 08:46:26 2026 GMT
            Not After : Apr 28 08:51:26 2027 GMT
        Subject: CN=435618B17940F091EBC690C7A27FF2629831E2BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ad:e9:28:72:7e:ce:92:7a:e5:f2:b1:a1:e5:
                    12:c9:f7:33:26:6d:f7:01:67:48:a2:86:5a:fd:9a:
                    4f:d6:be:6b:f2:8a:d3:ee:42:b3:d8:64:2f:db:32:
                    73:c0:db:60:0b:ed:68:74:2d:01:71:10:6e:6f:d2:
                    d6:d2:d2:21:87:10:f7:ac:09:7f:3d:18:a4:65:63:
                    b8:a4:5a:99:09:29:aa:40:68:b1:91:5b:de:8b:df:
                    60:6c:16:d3:78:7c:66:dd:fa:3b:92:b9:d9:c8:74:
                    37:a3:c8:82:8e:13:b6:52:29:e4:cb:d0:1d:5e:ae:
                    99:a5:85:f8:57:1e:4b:53:81:38:d0:fa:ca:e4:32:
                    2e:05:08:47:e9:7a:e9:90:5a:63:99:43:95:ad:89:
                    27:f5:c9:c0:20:d1:66:82:1c:5a:7d:d5:17:20:29:
                    0e:1c:b9:6e:bc:33:cc:1f:c8:87:8b:ca:6c:f1:2e:
                    a8:a1:e2:92:39:3f:be:f6:f3:96:92:4c:89:b5:a0:
                    62:27:42:23:b1:44:90:36:c2:8d:9c:76:45:63:c3:
                    a6:30:5b:61:60:b7:26:c4:f1:be:0d:11:f9:7d:8c:
                    40:16:73:0e:26:2a:02:c6:11:5f:cf:df:5c:9d:66:
                    6c:b7:2e:3a:2b:65:e5:67:32:13:07:de:12:b3:80:
                    d8:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:56:18:B1:79:40:F0:91:EB:C6:90:C7:A2:7F:F2:62:98:31:E2:BB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.160.0/24
                  82.47.162.0/24
                  178.83.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:06:7c:07:f4:70:56:09:90:b4:76:60:31:7b:c0:26:69:9c:
         25:fc:2a:78:91:95:b4:12:09:b4:ce:72:b8:45:8c:aa:16:45:
         0a:5e:1b:e7:87:cc:07:65:f7:4f:46:2b:bc:09:9a:03:ad:05:
         80:d0:86:f9:c2:75:b9:82:2c:7e:95:e5:9a:e8:1a:d5:41:64:
         4b:4a:4a:cf:4d:3f:a3:3b:f2:9f:a1:51:d2:92:4f:16:6d:fc:
         50:55:2b:24:4b:8f:6a:69:e7:59:8c:01:fa:04:50:61:f9:b2:
         f3:7e:ba:d6:37:76:41:87:fa:d8:82:43:47:d4:b7:de:d5:ec:
         58:0b:87:b9:71:44:50:f7:55:16:30:6e:31:c6:3c:be:f7:77:
         c2:16:06:18:a4:c4:88:69:1f:b3:ea:67:3b:56:da:9f:d0:74:
         c8:02:96:c2:80:07:74:db:be:ce:2a:f5:c1:c6:8f:0a:79:54:
         76:7e:09:4e:e7:06:e7:7e:2a:8f:f1:a8:09:2b:93:6b:c0:19:
         1c:22:54:dd:5c:74:17:4a:db:61:11:e0:46:1f:e2:75:f8:e5:
         20:49:6f:01:9a:1e:92:6a:d2:18:80:4e:d4:9a:a7:fb:8e:e7:
         22:57:d0:02:b8:d4:11:0e:72:ed:da:5f:44:83:74:8b:43:c7:
         4d:31:26:e1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUIr1UpscIGGyQelpxZi95HrHWS4IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjkwODQ2MjZaFw0yNzA0MjgwODUxMjZaMDMxMTAvBgNV
BAMTKDQzNTYxOEIxNzk0MEYwOTFFQkM2OTBDN0EyN0ZGMjYyOTgzMUUyQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVrekocn7Oknrl8rGh5RLJ9zMm
bfcBZ0iihlr9mk/WvmvyitPuQrPYZC/bMnPA22AL7Wh0LQFxEG5v0tbS0iGHEPes
CX89GKRlY7ikWpkJKapAaLGRW96L32BsFtN4fGbd+juSudnIdDejyIKOE7ZSKeTL
0B1erpmlhfhXHktTgTjQ+srkMi4FCEfpeumQWmOZQ5WtiSf1ycAg0WaCHFp91Rcg
KQ4cuW68M8wfyIeLymzxLqih4pI5P77285aSTIm1oGInQiOxRJA2wo2cdkVjw6Yw
W2FgtybE8b4NEfl9jEAWcw4mKgLGEV/P31ydZmy3LjorZeVnMhMH3hKzgNglAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUQ1YYsXlA8JHrxpDHon/yYpgx4rswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABSGqAD
BABSL6IDBACyU54wDQYJKoZIhvcNAQELBQADggEBACYGfAf0cFYJkLR2YDF7wCZp
nCX8KniRlbQSCbTOcrhFjKoWRQpeG+eHzAdl909GK7wJmgOtBYDQhvnCdbmCLH6V
5ZroGtVBZEtKSs9NP6M78p+hUdKSTxZt/FBVKyRLj2pp51mMAfoEUGH5svN+utY3
dkGH+tiCQ0fUt97V7FgLh7lxRFD3VRYwbjHGPL73d8IWBhikxIhpH7PqZztW2p/Q
dMgClsKAB3Tbvs4q9cHGjwp5VHZ+CU7nBud+Ko/xqAkrk2vAGRwiVN1cdBdK22ER
4EYf4nX45SBJbwGaHpJq0hiATtSap/uO5yJX0AK41BEOcu3aX0SDdItDx00xJuE=
-----END CERTIFICATE-----