Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396982.roa
File:                     AS396982.roa (raw, json)
Hash identifier:          k7MRQ5Hb7Aj2qoTWKeMRCLWoF+mNKwYHsZgxkSRUDTM=
Subject key identifier:   74:03:3C:AE:F1:D6:89:B6:5D:40:22:53:24:55:68:A6:EA:F2:D1:93
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       414F26E2DF1EEBAA22BFE26B045F5282DC135724
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396982.roa
Signing time:             Sat 21 Mar 2026 09:48:59 +0000
ROA not before:           Sat 21 Mar 2026 09:43:59 +0000
ROA not after:            Sat 20 Mar 2027 09:48:59 +0000
asID:                     396982
IP address blocks:        82.39.118.0/24 maxlen: 24
                          2a13:9500:13c::/48 maxlen: 48
                          2a13:9500:152::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:4f:26:e2:df:1e:eb:aa:22:bf:e2:6b:04:5f:52:82:dc:13:57:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 21 09:43:59 2026 GMT
            Not After : Mar 20 09:48:59 2027 GMT
        Subject: CN=74033CAEF1D689B65D402253245568A6EAF2D193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:47:2c:23:03:12:8d:e6:70:42:6e:c2:2e:fa:
                    cf:ad:fc:04:ff:fb:df:e4:74:08:7f:26:75:46:74:
                    96:f5:03:5f:6f:69:61:50:a9:7f:7e:e1:af:04:d1:
                    18:30:75:d7:17:33:d4:5a:86:6f:8c:e8:84:f0:11:
                    97:d6:1a:18:dd:ae:16:0a:01:de:0b:49:f5:70:01:
                    51:36:9d:e2:8a:1a:b9:23:11:16:a9:3b:87:46:3e:
                    3d:5f:d9:a4:fe:1d:e0:d0:a7:4c:c9:37:1b:a4:38:
                    17:e1:e5:0a:a2:ae:de:8e:17:ae:35:e2:6f:77:d7:
                    9c:2f:5b:eb:87:07:16:47:1e:a7:98:d2:63:ed:c9:
                    c3:25:9c:2d:6c:6b:27:ad:07:64:59:61:54:09:f7:
                    ee:0d:f8:0f:bc:f3:c3:12:31:9f:5e:2d:21:ab:87:
                    10:33:cd:29:44:f9:89:c4:8c:48:3a:d9:9a:05:5e:
                    16:c9:2e:44:b6:59:22:fa:c7:48:90:ff:f6:cf:f1:
                    51:fa:c7:e2:d1:ab:88:aa:2c:3d:9a:d9:84:2d:55:
                    90:5e:b5:68:1f:63:56:ba:11:a0:68:ec:99:60:84:
                    86:b2:df:8e:08:1f:0c:91:65:8a:c6:0e:21:41:c6:
                    81:0f:70:9a:b1:a9:6f:d2:0c:96:76:65:70:b1:2f:
                    83:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:03:3C:AE:F1:D6:89:B6:5D:40:22:53:24:55:68:A6:EA:F2:D1:93
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396982.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.118.0/24
                IPv6:
                  2a13:9500:13c::/48
                  2a13:9500:152::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:52:30:a4:89:e4:cd:09:26:03:44:5f:fb:b9:ed:b6:e2:52:
         6f:a6:78:75:9d:a5:3e:fb:d0:2b:e8:d5:7c:8d:ad:92:7f:d1:
         c4:5a:7e:10:2f:97:f3:c2:be:17:20:c0:f2:73:23:da:46:bd:
         e7:28:2e:46:d3:2e:fb:63:fc:5b:6e:ce:30:12:e5:b8:39:e6:
         0f:07:57:4d:73:b1:4f:62:20:0b:0d:66:32:45:a0:0b:e7:3e:
         6d:84:e0:72:e3:b8:52:79:c2:11:8a:49:95:f2:65:71:47:1c:
         c5:16:ca:29:56:02:18:86:1c:50:43:d7:fb:a4:57:0f:3e:7e:
         87:02:93:9c:be:98:56:d4:80:b1:01:a8:7b:c4:c7:43:cc:9d:
         fc:39:8d:90:03:40:6e:2a:72:24:10:96:64:98:34:1a:87:19:
         20:27:bc:84:64:45:24:14:89:92:97:6a:3b:6e:b1:54:dc:d9:
         a0:94:1a:de:6b:c7:d0:09:43:64:2a:a9:35:98:47:9f:b9:13:
         28:b1:25:45:87:c0:2c:4f:94:88:41:f0:f0:2e:d1:a2:f8:15:
         2e:71:8a:10:d4:03:62:0a:c8:e6:12:33:de:39:33:13:bc:d6:
         f8:d6:3c:59:bf:20:17:99:d4:7a:4f:8f:95:5c:6a:da:82:4f:
         82:7b:b0:4b
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUQU8m4t8e66oiv+JrBF9SgtwTVyQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjEwOTQzNTlaFw0yNzAzMjAwOTQ4NTlaMDMxMTAvBgNV
BAMTKDc0MDMzQ0FFRjFENjg5QjY1RDQwMjI1MzI0NTU2OEE2RUFGMkQxOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYRywjAxKN5nBCbsIu+s+t/AT/
+9/kdAh/JnVGdJb1A19vaWFQqX9+4a8E0RgwddcXM9Rahm+M6ITwEZfWGhjdrhYK
Ad4LSfVwAVE2neKKGrkjERapO4dGPj1f2aT+HeDQp0zJNxukOBfh5Qqirt6OF641
4m9315wvW+uHBxZHHqeY0mPtycMlnC1sayetB2RZYVQJ9+4N+A+888MSMZ9eLSGr
hxAzzSlE+YnEjEg62ZoFXhbJLkS2WSL6x0iQ//bP8VH6x+LRq4iqLD2a2YQtVZBe
tWgfY1a6EaBo7JlghIay344IHwyRZYrGDiFBxoEPcJqxqW/SDJZ2ZXCxL4MzAgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQUdAM8rvHWibZdQCJTJFVopury0ZMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk2OTgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAUid2
MBgEAgACMBIDBwAqE5UAATwDBwAqE5UAAVIwDQYJKoZIhvcNAQELBQADggEBACtS
MKSJ5M0JJgNEX/u57bbiUm+meHWdpT770Cvo1XyNrZJ/0cRafhAvl/PCvhcgwPJz
I9pGvecoLkbTLvtj/FtuzjAS5bg55g8HV01zsU9iIAsNZjJFoAvnPm2E4HLjuFJ5
whGKSZXyZXFHHMUWyilWAhiGHFBD1/ukVw8+focCk5y+mFbUgLEBqHvEx0PMnfw5
jZADQG4qciQQlmSYNBqHGSAnvIRkRSQUiZKXajtusVTc2aCUGt5rx9AJQ2QqqTWY
R5+5EyixJUWHwCxPlIhB8PAu0aL4FS5xihDUA2IKyOYSM945MxO81vjWPFm/IBeZ
1HpPj5VcatqCT4J7sEs=
-----END CERTIFICATE-----