Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS265919.roa
File:                     AS265919.roa (raw, json)
Hash identifier:          k0SQiixrQNa9iqdZx+I6/B1IUzKm3Y86lktTtphaDYg=
Subject key identifier:   9E:2E:4A:C5:49:45:54:E9:C8:F0:8A:DD:FD:5E:DE:C6:8B:57:8A:64
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3BC472B4C7081A75863E76492268F14C18B36503
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS265919.roa
Signing time:             Wed 04 Mar 2026 16:20:02 +0000
ROA not before:           Wed 04 Mar 2026 16:15:02 +0000
ROA not after:            Wed 03 Mar 2027 16:20:02 +0000
asID:                     265919
IP address blocks:        82.24.40.0/24 maxlen: 24
                          82.40.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:c4:72:b4:c7:08:1a:75:86:3e:76:49:22:68:f1:4c:18:b3:65:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  4 16:15:02 2026 GMT
            Not After : Mar  3 16:20:02 2027 GMT
        Subject: CN=9E2E4AC5494554E9C8F08ADDFD5EDEC68B578A64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0f:6a:2e:ce:f4:87:7d:43:9d:16:2b:2b:94:
                    30:07:f0:fa:4b:25:36:ef:e6:bf:dc:8d:54:77:9f:
                    0a:cc:7a:fe:16:2e:ef:b7:20:38:c1:bc:5b:3e:72:
                    94:7f:0d:16:dd:d6:0e:c7:c2:60:ff:80:4f:f6:e0:
                    f5:e2:24:5b:85:1d:a4:a5:38:bf:aa:75:89:3f:82:
                    d7:26:a1:bb:47:3c:71:7e:36:59:5a:de:c6:8d:0e:
                    0f:42:77:47:ce:b3:0f:d2:bb:20:4a:ca:58:de:21:
                    f2:d7:98:3c:a6:ef:db:f4:1c:ff:99:1c:44:db:32:
                    68:11:d3:2d:df:11:a9:bb:b5:74:45:c8:56:06:e7:
                    92:82:40:4b:71:5d:5d:ba:6f:fe:ac:73:4a:b3:87:
                    1b:26:e3:87:f4:90:5f:c7:bd:df:27:72:c4:01:45:
                    8a:00:25:be:b0:03:b1:4e:c7:a0:f6:3c:2a:ef:7c:
                    c9:bb:36:68:64:c1:2a:9b:3c:f5:84:d6:ed:9c:75:
                    81:88:96:3c:e0:fb:1d:4c:3c:f3:5e:0a:b7:4e:1d:
                    e9:5a:b7:36:d6:09:54:4f:d5:32:40:b1:ca:5e:93:
                    7b:66:a9:77:eb:33:17:7f:f1:23:b3:95:54:25:14:
                    26:44:79:e1:02:9b:70:21:38:5b:1b:23:1d:d0:29:
                    1b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:2E:4A:C5:49:45:54:E9:C8:F0:8A:DD:FD:5E:DE:C6:8B:57:8A:64
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS265919.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.40.0/24
                  82.40.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:e7:bb:28:8a:ee:36:24:40:c7:b8:66:ec:c7:6c:5b:6d:f9:
         80:a1:39:e5:c8:e8:de:1a:03:44:37:94:b4:1d:97:41:d8:90:
         26:1d:7b:c3:94:62:4b:65:51:9f:44:92:9f:2b:77:c2:51:2e:
         7b:00:de:16:e1:e0:57:d6:ad:2b:d5:2d:4e:5c:35:53:71:b3:
         f1:6c:ee:2f:18:82:7c:0c:4c:3e:29:ec:69:09:cb:d2:aa:5b:
         11:35:39:9c:74:3a:48:6e:8d:9b:b5:f5:95:88:df:05:6f:8d:
         f0:24:52:23:76:2b:48:f3:15:19:8c:96:28:a1:c0:50:f0:51:
         83:5e:e2:f8:23:15:3b:9a:9d:35:31:b8:7e:b8:e1:5f:f6:72:
         65:83:27:0d:54:f9:c9:47:99:26:33:b1:72:4a:19:58:61:87:
         fb:55:8b:62:e0:73:89:cf:86:b7:87:c2:70:d3:6c:cc:17:43:
         7a:39:f2:bb:5e:03:70:3b:65:4e:da:2d:f4:98:ed:83:00:3d:
         59:b0:8f:c1:4a:e1:52:9c:23:c7:ed:84:92:47:ae:8c:ee:ab:
         dd:92:f1:9c:b2:5f:d3:43:c3:3e:c3:0d:6a:4d:98:dc:c8:0e:
         98:88:8c:b0:10:95:8a:4b:5c:29:1e:c5:6a:dc:62:5b:fb:c4:
         57:f9:c0:6b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUO8RytMcIGnWGPnZJImjxTBizZQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDQxNjE1MDJaFw0yNzAzMDMxNjIwMDJaMDMxMTAvBgNV
BAMTKDlFMkU0QUM1NDk0NTU0RTlDOEYwOEFEREZENUVERUM2OEI1NzhBNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDED2ouzvSHfUOdFisrlDAH8PpL
JTbv5r/cjVR3nwrMev4WLu+3IDjBvFs+cpR/DRbd1g7HwmD/gE/24PXiJFuFHaSl
OL+qdYk/gtcmobtHPHF+Nlla3saNDg9Cd0fOsw/SuyBKyljeIfLXmDym79v0HP+Z
HETbMmgR0y3fEam7tXRFyFYG55KCQEtxXV26b/6sc0qzhxsm44f0kF/Hvd8ncsQB
RYoAJb6wA7FOx6D2PCrvfMm7NmhkwSqbPPWE1u2cdYGIljzg+x1MPPNeCrdOHela
tzbWCVRP1TJAscpek3tmqXfrMxd/8SOzlVQlFCZEeeECm3AhOFsbIx3QKRvnAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUni5KxUlFVOnI8Ird/V7exotXimQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjY1OTE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhgo
AwQAUigWMA0GCSqGSIb3DQEBCwUAA4IBAQAP57soiu42JEDHuGbsx2xbbfmAoTnl
yOjeGgNEN5S0HZdB2JAmHXvDlGJLZVGfRJKfK3fCUS57AN4W4eBX1q0r1S1OXDVT
cbPxbO4vGIJ8DEw+KexpCcvSqlsRNTmcdDpIbo2btfWViN8Fb43wJFIjditI8xUZ
jJYoocBQ8FGDXuL4IxU7mp01Mbh+uOFf9nJlgycNVPnJR5kmM7FyShlYYYf7VYti
4HOJz4a3h8Jw02zMF0N6OfK7XgNwO2VO2i30mO2DAD1ZsI/BSuFSnCPH7YSSR66M
7qvdkvGcsl/TQ8M+ww1qTZjcyA6YiIywEJWKS1wpHsVq3GJb+8RX+cBr
-----END CERTIFICATE-----