Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS24940.roa
File:                     AS24940.roa (raw, json)
Hash identifier:          gP+nH5cf3YJ0RKCj/lLTc8vwDHnqKdFHprc/hOzD/ME=
Subject key identifier:   95:F8:DF:E3:78:42:8A:E3:2C:05:A1:8D:53:4B:AE:CE:5B:EC:F2:3F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       55950306FB299312D789C3595E02FFC669F842DD
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS24940.roa
Signing time:             Sun 08 Jun 2025 14:47:04 +0000
ROA not before:           Sun 08 Jun 2025 14:42:04 +0000
ROA not after:            Sun 07 Jun 2026 14:47:04 +0000
asID:                     24940
IP address blocks:        82.24.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:95:03:06:fb:29:93:12:d7:89:c3:59:5e:02:ff:c6:69:f8:42:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  8 14:42:04 2025 GMT
            Not After : Jun  7 14:47:04 2026 GMT
        Subject: CN=95F8DFE378428AE32C05A18D534BAECE5BECF23F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:5c:67:d0:0b:15:0f:fe:17:76:e6:23:fd:d8:
                    59:c8:9b:c2:c0:8a:6e:cb:73:d1:ec:8d:9d:de:9c:
                    b9:27:91:29:b7:0b:a6:04:1c:74:b2:58:d4:38:23:
                    c4:02:79:50:41:42:f6:a0:18:f8:03:f9:65:93:98:
                    97:b1:3c:ff:ba:80:93:4d:05:70:5b:3e:4c:9e:ee:
                    df:94:17:6b:1c:b5:05:b6:7a:c7:e5:66:b8:ad:4a:
                    5a:23:65:ea:be:04:33:5a:00:1f:bb:2d:c0:31:09:
                    4d:96:22:35:cb:a2:f2:af:e4:c6:0e:71:29:fd:d6:
                    20:c2:4f:a4:b7:f3:11:8d:22:00:85:43:dc:42:e1:
                    01:b6:10:b2:ba:14:8d:72:cc:f9:10:e8:a5:e8:92:
                    c6:5b:4f:57:42:1d:10:85:41:12:0d:53:60:e1:89:
                    e1:bf:ac:d8:04:54:74:1d:f1:68:01:d0:10:fa:03:
                    33:9f:07:bb:38:0b:fd:35:49:6e:db:73:c9:1e:c9:
                    b9:a4:1d:bf:86:a9:e5:cf:fe:55:1c:de:f9:63:e5:
                    10:32:eb:06:8d:cc:e9:2d:0e:ff:89:cd:68:6b:2a:
                    fc:a3:60:0c:1b:15:ba:8d:7d:48:a8:16:e9:f4:ef:
                    86:43:05:b5:2d:36:5d:74:00:11:9c:08:9c:03:79:
                    e1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F8:DF:E3:78:42:8A:E3:2C:05:A1:8D:53:4B:AE:CE:5B:EC:F2:3F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS24940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:20:f0:14:98:7d:b5:0a:59:3e:b8:ae:26:39:de:86:1f:ed:
         aa:64:65:2e:d7:4f:c7:ef:bd:54:fc:05:d0:fd:7c:88:d5:a0:
         ba:d5:48:34:5d:35:81:9d:0d:6b:e4:f5:90:a6:e7:63:80:3b:
         30:b1:97:33:12:3f:e9:61:a5:f3:4d:44:13:33:95:f1:7c:5b:
         e1:58:d7:56:b6:51:a4:9d:60:a3:95:72:f4:ee:b2:ee:a9:4a:
         a0:b9:e2:14:d0:28:77:bc:2d:42:f9:c7:97:5e:81:10:10:ce:
         ee:31:d2:27:a6:55:69:4f:1b:a1:6e:1f:72:b9:13:b7:cf:cd:
         b6:81:20:8e:14:16:48:01:7b:9d:09:67:69:a4:19:96:34:42:
         26:b9:ed:c3:8c:37:30:8f:47:90:06:7d:af:89:16:73:57:4d:
         9f:05:ce:e6:64:34:81:3a:cb:f8:bc:62:e9:2a:86:ff:4a:56:
         1b:17:e9:cf:af:f8:d2:f7:75:e8:e0:f1:27:c7:6d:08:34:44:
         3d:b7:30:9d:5b:22:c2:14:f6:7d:33:8b:d1:7a:82:83:aa:cd:
         8b:c9:20:ed:4c:dd:3d:cf:a0:8c:25:51:23:29:15:d4:71:ba:
         22:8b:a5:e4:62:d8:9d:1d:75:0b:a8:06:bf:fe:07:be:d0:71:
         98:f8:46:64
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVZUDBvspkxLXicNZXgL/xmn4Qt0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDgxNDQyMDRaFw0yNjA2MDcxNDQ3MDRaMDMxMTAvBgNV
BAMTKDk1RjhERkUzNzg0MjhBRTMyQzA1QTE4RDUzNEJBRUNFNUJFQ0YyM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuXGfQCxUP/hd25iP92FnIm8LA
im7Lc9HsjZ3enLknkSm3C6YEHHSyWNQ4I8QCeVBBQvagGPgD+WWTmJexPP+6gJNN
BXBbPkye7t+UF2sctQW2esflZritSlojZeq+BDNaAB+7LcAxCU2WIjXLovKv5MYO
cSn91iDCT6S38xGNIgCFQ9xC4QG2ELK6FI1yzPkQ6KXoksZbT1dCHRCFQRINU2Dh
ieG/rNgEVHQd8WgB0BD6AzOfB7s4C/01SW7bc8keybmkHb+GqeXP/lUc3vlj5RAy
6waNzOktDv+JzWhrKvyjYAwbFbqNfUioFun074ZDBbUtNl10ABGcCJwDeeElAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUlfjf43hCiuMsBaGNU0uuzlvs8j8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjQ5NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGE8w
DQYJKoZIhvcNAQELBQADggEBAIUg8BSYfbUKWT64riY53oYf7apkZS7XT8fvvVT8
BdD9fIjVoLrVSDRdNYGdDWvk9ZCm52OAOzCxlzMSP+lhpfNNRBMzlfF8W+FY11a2
UaSdYKOVcvTusu6pSqC54hTQKHe8LUL5x5degRAQzu4x0iemVWlPG6FuH3K5E7fP
zbaBII4UFkgBe50JZ2mkGZY0Qia57cOMNzCPR5AGfa+JFnNXTZ8FzuZkNIE6y/i8
Yukqhv9KVhsX6c+v+NL3dejg8SfHbQg0RD23MJ1bIsIU9n0zi9F6goOqzYvJIO1M
3T3PoIwlUSMpFdRxuiKLpeRi2J0ddQuoBr/+B77QcZj4RmQ=
-----END CERTIFICATE-----