Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS398704.roa
File:                     AS398704.roa (raw, json)
Hash identifier:          4DGChb/h+OvQNS5pOHyI2PZbshmPLmIxQ2UuJp7foQE=
Subject key identifier:   94:7E:E6:98:4D:D7:3F:9D:D5:FF:B0:10:14:EA:23:2D:01:E9:0A:DD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6743EC68319A2377803761D010C0279D1A129480
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS398704.roa
Signing time:             Tue 21 Apr 2026 10:45:08 +0000
ROA not before:           Tue 21 Apr 2026 10:40:08 +0000
ROA not after:            Tue 20 Apr 2027 10:45:08 +0000
asID:                     398704
IP address blocks:        82.27.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:43:ec:68:31:9a:23:77:80:37:61:d0:10:c0:27:9d:1a:12:94:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 21 10:40:08 2026 GMT
            Not After : Apr 20 10:45:08 2027 GMT
        Subject: CN=947EE6984DD73F9DD5FFB01014EA232D01E90ADD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:61:1e:e4:5d:eb:7c:0d:c3:64:55:f4:52:3a:
                    0c:f1:86:90:39:c9:50:d5:d5:6a:68:e3:46:4d:cd:
                    76:6e:3a:1c:ac:d9:3e:26:e6:6f:8c:0e:83:06:75:
                    69:25:fd:e9:c2:ef:ec:1b:c7:b0:64:be:df:a7:fd:
                    16:99:86:54:3b:7e:b6:07:a0:66:e7:87:33:60:da:
                    cf:c4:a2:c5:53:b8:b4:1e:31:23:5c:88:25:2f:ef:
                    1e:5a:44:48:1f:dc:ba:b3:20:01:a3:3c:d9:df:ec:
                    37:71:29:ed:12:23:a8:83:94:79:ed:30:cd:a7:95:
                    0b:2b:ad:0e:26:af:fe:f3:40:f2:50:4a:51:fd:e8:
                    17:7e:f6:61:13:71:d1:e2:2d:da:aa:f3:c5:b4:6a:
                    c9:ad:d9:cb:e3:29:e7:74:cf:b7:1c:b0:35:96:1f:
                    de:99:74:62:1a:3a:81:44:16:de:c7:06:24:67:22:
                    69:f8:a7:90:d9:ef:94:7b:b2:a6:14:3b:06:76:bf:
                    22:71:cf:5a:4c:ad:1d:b9:55:bc:df:f6:b3:90:65:
                    2e:09:20:98:4c:5e:25:4b:ad:c5:c7:c5:d7:ec:44:
                    60:37:3a:fe:eb:f7:4d:16:76:09:65:8d:bd:68:eb:
                    7e:ce:f8:df:65:48:a5:ce:05:33:20:ad:ba:5a:bc:
                    3e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:7E:E6:98:4D:D7:3F:9D:D5:FF:B0:10:14:EA:23:2D:01:E9:0A:DD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS398704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ab:32:26:cd:67:8b:94:c9:a2:d4:df:58:30:3f:b8:ad:48:
         d7:28:00:9a:6e:34:11:9d:c9:bb:a5:26:71:bf:dc:f5:de:2c:
         e5:2e:a4:b1:ce:1d:44:33:c8:dc:2f:4a:26:b0:88:0a:36:cb:
         2e:c8:ce:75:b7:70:f3:79:95:53:53:86:9b:50:be:9c:33:1f:
         b2:37:bd:71:da:43:06:7b:9f:c1:c8:d2:79:a6:be:79:11:0f:
         db:60:e1:43:61:87:31:75:6c:24:93:5c:32:48:7a:44:dd:5f:
         6c:66:ae:f1:d0:f4:8c:ab:ed:58:53:53:62:10:80:b0:46:0e:
         67:bc:17:d2:18:df:14:a8:fa:41:8d:76:b9:20:11:4e:3e:64:
         6f:22:01:17:11:91:b0:cc:cd:49:84:ad:5b:f8:23:23:ec:e1:
         f6:10:e4:02:94:dd:3c:f2:fa:26:06:50:c8:bb:c1:45:36:66:
         62:0f:af:db:1e:37:38:e3:83:70:ee:cf:2d:fc:9e:61:a6:b0:
         8e:de:6c:9d:87:d6:2d:3c:96:b8:58:d3:0f:64:c3:9e:d6:e2:
         c1:e0:e5:24:e7:d0:b0:94:29:0d:2f:60:50:ad:a0:eb:fc:73:
         26:a4:7b:e4:6d:7e:0d:7b:3f:11:81:46:d7:05:00:df:97:b3:
         0e:26:17:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZ0PsaDGaI3eAN2HQEMAnnRoSlIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjExMDQwMDhaFw0yNzA0MjAxMDQ1MDhaMDMxMTAvBgNV
BAMTKDk0N0VFNjk4NERENzNGOURENUZGQjAxMDE0RUEyMzJEMDFFOTBBREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvYR7kXet8DcNkVfRSOgzxhpA5
yVDV1Wpo40ZNzXZuOhys2T4m5m+MDoMGdWkl/enC7+wbx7Bkvt+n/RaZhlQ7frYH
oGbnhzNg2s/EosVTuLQeMSNciCUv7x5aREgf3LqzIAGjPNnf7DdxKe0SI6iDlHnt
MM2nlQsrrQ4mr/7zQPJQSlH96Bd+9mETcdHiLdqq88W0asmt2cvjKed0z7ccsDWW
H96ZdGIaOoFEFt7HBiRnImn4p5DZ75R7sqYUOwZ2vyJxz1pMrR25Vbzf9rOQZS4J
IJhMXiVLrcXHxdfsRGA3Ov7r900Wdglljb1o637O+N9lSKXOBTMgrbpavD6HAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlH7mmE3XP53V/7AQFOojLQHpCt0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk4NzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhuD
MA0GCSqGSIb3DQEBCwUAA4IBAQBWqzImzWeLlMmi1N9YMD+4rUjXKACabjQRncm7
pSZxv9z13izlLqSxzh1EM8jcL0omsIgKNssuyM51t3DzeZVTU4abUL6cMx+yN71x
2kMGe5/ByNJ5pr55EQ/bYOFDYYcxdWwkk1wySHpE3V9sZq7x0PSMq+1YU1NiEICw
Rg5nvBfSGN8UqPpBjXa5IBFOPmRvIgEXEZGwzM1JhK1b+CMj7OH2EOQClN088vom
BlDIu8FFNmZiD6/bHjc444Nw7s8t/J5hprCO3mydh9YtPJa4WNMPZMOe1uLB4OUk
59CwlCkNL2BQraDr/HMmpHvkbX4Nez8RgUbXBQDfl7MOJhcE
-----END CERTIFICATE-----