Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          0+r9fz8ri5qHeXXixyyWnbwN4IQuXXUN75YrR3qGvhE=
Subject key identifier:   E5:D5:1C:86:30:ED:D6:71:D1:41:DD:AE:05:58:9C:98:5E:F1:21:FD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3F41B6369477EE71833050BE7E322B5732A4C561
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
Signing time:             Mon 11 Aug 2025 09:31:28 +0000
ROA not before:           Mon 11 Aug 2025 09:26:28 +0000
ROA not after:            Mon 10 Aug 2026 09:31:28 +0000
asID:                     21840
IP address blocks:        82.22.124.0/24 maxlen: 24
                          82.24.33.0/24 maxlen: 24
                          82.26.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:41:b6:36:94:77:ee:71:83:30:50:be:7e:32:2b:57:32:a4:c5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 11 09:26:28 2025 GMT
            Not After : Aug 10 09:31:28 2026 GMT
        Subject: CN=E5D51C8630EDD671D141DDAE05589C985EF121FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a1:63:b4:5e:9e:d1:bf:df:9a:5c:1e:3a:b0:
                    ae:9a:49:e0:dc:f7:f8:38:8d:89:9c:50:2b:e9:13:
                    b9:e5:bd:f8:db:bd:96:d2:ca:6b:3a:41:2d:d6:e7:
                    0e:88:73:91:5e:f8:f0:4e:23:c6:12:9f:16:d9:a3:
                    89:f6:3c:cb:79:ad:8b:88:8f:b6:70:12:f9:b0:07:
                    68:9b:85:02:d2:af:4f:fe:b4:0b:f1:93:c5:81:4f:
                    1c:bb:9d:d8:60:e2:39:00:04:37:ad:7a:17:b9:88:
                    cc:51:bf:f8:81:cd:4b:e7:54:49:08:f5:52:4f:32:
                    d5:26:3a:cf:53:00:a7:2f:a8:27:9b:9d:20:d2:48:
                    ef:45:fe:fd:8e:51:5c:91:24:f0:c8:bb:4c:9e:4e:
                    7d:1d:76:41:6d:74:63:c8:01:87:db:64:28:30:8d:
                    36:e4:21:00:2b:11:72:8a:1d:da:57:72:61:38:83:
                    9a:a0:9f:65:d8:35:0d:34:5a:0f:e1:7e:cc:c4:a3:
                    21:51:ed:d0:c2:8b:23:da:21:00:38:4a:3a:42:f6:
                    50:4d:0d:d6:0b:08:86:19:38:ce:97:89:55:1b:44:
                    d0:41:5a:68:fa:3b:b4:30:ed:c0:9a:f1:d0:fb:50:
                    a0:11:88:17:18:8f:fd:f3:75:7f:47:fd:04:39:bc:
                    34:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D5:1C:86:30:ED:D6:71:D1:41:DD:AE:05:58:9C:98:5E:F1:21:FD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.124.0/24
                  82.24.33.0/24
                  82.26.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:35:11:c3:42:2d:8a:06:a6:f0:6e:8a:ff:8d:f2:13:e3:b8:
         6e:a7:b7:7e:0b:71:67:fd:ce:97:c9:a4:26:24:30:52:4d:bb:
         91:7a:29:e1:9b:07:ac:55:43:d2:34:32:ac:1c:b6:51:fe:fe:
         f6:3a:36:e1:2f:bf:77:28:9c:41:82:27:d1:ad:9f:cd:2f:73:
         e1:9a:de:f8:76:8e:98:87:60:6c:c4:11:c7:1b:bc:69:25:4a:
         66:15:c3:49:20:95:02:ec:d9:89:a2:87:f0:00:42:48:84:ac:
         17:05:75:b6:bd:ee:15:5d:06:00:2b:24:38:17:a8:de:15:19:
         c5:b7:a1:1d:e1:e0:0e:79:2a:28:af:92:31:f5:4c:ec:63:da:
         9b:ec:cc:d0:98:4f:57:1f:bd:e6:a4:9e:0f:04:a6:e8:2a:c1:
         64:5f:90:6c:16:7d:63:ad:d2:82:ff:12:5d:d6:98:67:60:93:
         79:28:b9:44:32:39:4e:93:bf:17:e2:c4:18:d5:f6:f3:1a:14:
         9b:15:9d:6d:89:29:b6:16:7d:14:9d:62:ea:71:71:e9:f8:b1:
         f9:9c:a5:3d:4d:d1:5c:d5:fe:32:15:d5:e6:f8:39:33:86:93:
         22:ae:b5:18:7a:98:7d:08:6f:40:11:1b:83:0b:54:09:80:0f:
         2f:3b:b0:11
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUP0G2NpR37nGDMFC+fjIrVzKkxWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MTEwOTI2MjhaFw0yNjA4MTAwOTMxMjhaMDMxMTAvBgNV
BAMTKEU1RDUxQzg2MzBFREQ2NzFEMTQxRERBRTA1NTg5Qzk4NUVGMTIxRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCroWO0Xp7Rv9+aXB46sK6aSeDc
9/g4jYmcUCvpE7nlvfjbvZbSyms6QS3W5w6Ic5Fe+PBOI8YSnxbZo4n2PMt5rYuI
j7ZwEvmwB2ibhQLSr0/+tAvxk8WBTxy7ndhg4jkABDetehe5iMxRv/iBzUvnVEkI
9VJPMtUmOs9TAKcvqCebnSDSSO9F/v2OUVyRJPDIu0yeTn0ddkFtdGPIAYfbZCgw
jTbkIQArEXKKHdpXcmE4g5qgn2XYNQ00Wg/hfszEoyFR7dDCiyPaIQA4SjpC9lBN
DdYLCIYZOM6XiVUbRNBBWmj6O7Qw7cCa8dD7UKARiBcYj/3zdX9H/QQ5vDTPAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU5dUchjDt1nHRQd2uBVicmF7xIf0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABSFnwD
BABSGCEDBABSGqAwDQYJKoZIhvcNAQELBQADggEBADA1EcNCLYoGpvBuiv+N8hPj
uG6nt34LcWf9zpfJpCYkMFJNu5F6KeGbB6xVQ9I0MqwctlH+/vY6NuEvv3conEGC
J9Gtn80vc+Ga3vh2jpiHYGzEEccbvGklSmYVw0kglQLs2Ymih/AAQkiErBcFdba9
7hVdBgArJDgXqN4VGcW3oR3h4A55KiivkjH1TOxj2pvszNCYT1cfveakng8Epugq
wWRfkGwWfWOt0oL/El3WmGdgk3kouUQyOU6TvxfixBjV9vMaFJsVnW2JKbYWfRSd
Yupxcen4sfmcpT1N0VzV/jIV1eb4OTOGkyKutRh6mH0Ib0ARG4MLVAmADy87sBE=
-----END CERTIFICATE-----