Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401819.roa
File:                     AS401819.roa (raw, json)
Hash identifier:          izrt2gDJhDWoEQoPRUIg7HoqQUy97lqDNhltP62mEbU=
Subject key identifier:   14:26:46:B1:1B:77:BB:8B:AB:52:CC:CB:68:B5:D9:E4:46:55:D0:FE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2F16ADB5627AEBF52AD46CF7ABD39C2689D7DCA1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401819.roa
Signing time:             Mon 16 Mar 2026 03:58:40 +0000
ROA not before:           Mon 16 Mar 2026 03:53:40 +0000
ROA not after:            Mon 15 Mar 2027 03:58:40 +0000
asID:                     401819
IP address blocks:        82.41.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:16:ad:b5:62:7a:eb:f5:2a:d4:6c:f7:ab:d3:9c:26:89:d7:dc:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 16 03:53:40 2026 GMT
            Not After : Mar 15 03:58:40 2027 GMT
        Subject: CN=142646B11B77BB8BAB52CCCB68B5D9E44655D0FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3a:96:0f:ca:43:bc:ff:59:22:65:a9:9b:76:
                    ce:a6:7c:d1:bb:8d:57:3d:e9:f0:7f:d2:a3:10:a2:
                    05:eb:e8:16:7b:2e:93:d9:af:7c:3a:f5:96:4d:b4:
                    70:e4:95:5b:cd:6c:80:78:4a:f9:3b:e4:66:06:8d:
                    8b:0d:1f:ec:a0:ad:06:a8:95:56:78:18:42:ca:68:
                    3a:1c:5a:77:c2:34:7a:f9:64:77:51:e1:b4:74:ee:
                    1f:ec:2a:ee:c1:f9:ca:51:b5:77:a5:d8:df:e6:6e:
                    ff:c0:0a:95:85:8e:e0:1b:88:62:fc:4b:c9:75:9e:
                    f7:ca:40:77:e1:d2:3c:05:d3:fb:13:0b:26:f5:61:
                    a2:f9:c8:93:65:00:64:3c:e4:7e:28:58:56:d3:1a:
                    e1:2c:5c:8d:4b:0c:43:bd:14:c8:83:da:4b:0b:a0:
                    84:9a:41:22:99:f6:43:57:b2:c6:04:d8:32:a7:ce:
                    96:2b:a3:2f:b4:d0:f9:ed:4c:80:7d:6b:52:3a:c1:
                    da:c7:48:d7:44:e8:b5:bb:c5:6f:ba:b5:0a:d8:df:
                    60:c7:8c:4b:83:01:4c:62:3b:a3:af:93:23:a8:7e:
                    de:01:ce:14:44:b6:8a:23:d5:0e:13:7c:72:54:6c:
                    a8:6a:9a:d1:ed:9b:62:6a:16:3c:34:a3:d5:7f:44:
                    3b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:26:46:B1:1B:77:BB:8B:AB:52:CC:CB:68:B5:D9:E4:46:55:D0:FE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401819.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:ee:2b:bd:3c:c1:27:f4:f6:4b:2b:47:3e:14:a2:bb:f8:1a:
         fc:df:e2:f7:fd:b6:30:4c:c6:3b:eb:7e:4e:71:ad:d9:d4:48:
         c4:87:61:11:9f:a9:14:7b:e1:95:7f:cc:84:03:fd:e3:66:6a:
         bc:cd:e0:15:2d:17:91:25:7d:14:f3:8c:4c:80:1e:e0:c0:27:
         7b:9d:34:a9:ee:72:c9:6c:fd:65:3e:58:e4:90:21:cd:88:5a:
         0c:d0:d3:9a:3e:e6:07:cc:67:c0:45:d8:65:e0:73:1a:b0:2f:
         99:c5:57:1d:6e:a9:b8:99:ab:aa:ac:90:01:b9:ca:b0:b0:7b:
         2f:ac:2e:b0:1a:77:6a:6d:a8:3d:74:d5:97:20:17:04:cf:44:
         6c:a6:b8:99:17:81:a2:83:02:3c:6f:7b:95:14:1d:6b:71:88:
         97:4b:ab:44:85:3f:db:c5:48:70:bd:b6:65:ae:2b:8c:31:c9:
         ef:79:b7:cc:51:83:1b:b8:33:20:92:88:aa:c5:2f:ac:4f:fc:
         2c:14:5d:03:6a:53:9a:90:8d:68:de:28:22:4d:ce:24:aa:c1:
         dd:0a:24:f3:78:e5:26:59:94:fd:26:d0:2e:78:7e:0d:04:f2:
         44:14:31:98:3b:6d:57:e7:f0:aa:5d:5f:79:b4:dc:1e:bb:cd:
         32:8c:dc:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULxattWJ66/Uq1Gz3q9OcJonX3KEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTYwMzUzNDBaFw0yNzAzMTUwMzU4NDBaMDMxMTAvBgNV
BAMTKDE0MjY0NkIxMUI3N0JCOEJBQjUyQ0NDQjY4QjVEOUU0NDY1NUQwRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOpYPykO8/1kiZambds6mfNG7
jVc96fB/0qMQogXr6BZ7LpPZr3w69ZZNtHDklVvNbIB4Svk75GYGjYsNH+ygrQao
lVZ4GELKaDocWnfCNHr5ZHdR4bR07h/sKu7B+cpRtXel2N/mbv/ACpWFjuAbiGL8
S8l1nvfKQHfh0jwF0/sTCyb1YaL5yJNlAGQ85H4oWFbTGuEsXI1LDEO9FMiD2ksL
oISaQSKZ9kNXssYE2DKnzpYroy+00PntTIB9a1I6wdrHSNdE6LW7xW+6tQrY32DH
jEuDAUxiO6OvkyOoft4BzhREtooj1Q4TfHJUbKhqmtHtm2JqFjw0o9V/RDtLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUFCZGsRt3u4urUszLaLXZ5EZV0P4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAxODE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUikT
MA0GCSqGSIb3DQEBCwUAA4IBAQAg7iu9PMEn9PZLK0c+FKK7+Br83+L3/bYwTMY7
635Oca3Z1EjEh2ERn6kUe+GVf8yEA/3jZmq8zeAVLReRJX0U84xMgB7gwCd7nTSp
7nLJbP1lPljkkCHNiFoM0NOaPuYHzGfARdhl4HMasC+ZxVcdbqm4mauqrJABucqw
sHsvrC6wGndqbag9dNWXIBcEz0RspriZF4GigwI8b3uVFB1rcYiXS6tEhT/bxUhw
vbZlriuMMcnvebfMUYMbuDMgkoiqxS+sT/wsFF0DalOakI1o3igiTc4kqsHdCiTz
eOUmWZT9JtAueH4NBPJEFDGYO21X5/CqXV95tNweu80yjNwO
-----END CERTIFICATE-----