Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402047.roa
File:                     AS402047.roa (raw, json)
Hash identifier:          rA7ZrcDAY7UWHXVxjHKHifg6yO60E57PghrYPeXPf7w=
Subject key identifier:   45:F9:6D:4A:AC:D1:9B:80:E0:D2:FF:B0:63:2A:F6:96:E6:C0:DE:6E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       35F76C034A5EA998C962D3A00B32B3F4AAE64310
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402047.roa
Signing time:             Wed 06 May 2026 09:40:10 +0000
ROA not before:           Wed 06 May 2026 09:35:10 +0000
ROA not after:            Wed 05 May 2027 09:40:10 +0000
asID:                     402047
IP address blocks:        82.39.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:f7:6c:03:4a:5e:a9:98:c9:62:d3:a0:0b:32:b3:f4:aa:e6:43:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  6 09:35:10 2026 GMT
            Not After : May  5 09:40:10 2027 GMT
        Subject: CN=45F96D4AACD19B80E0D2FFB0632AF696E6C0DE6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:25:df:02:75:ec:5b:64:71:5c:a5:c3:57:44:
                    1f:62:68:b5:ce:48:2e:57:68:45:35:84:d6:92:01:
                    5b:ab:62:09:6f:dc:a9:a9:88:2c:b1:d8:7d:63:ef:
                    d1:57:78:c6:6d:41:34:df:5e:ef:f2:13:b4:ff:ac:
                    94:79:4f:53:30:66:8b:f3:05:3b:c5:8d:75:86:82:
                    31:d1:9a:4d:68:ba:b0:08:4b:ee:53:1f:9c:92:da:
                    62:cb:dc:da:54:d1:56:7a:08:96:b8:d6:0d:90:4e:
                    7f:40:c3:38:25:aa:2a:7f:02:f7:23:3e:a9:86:c6:
                    23:03:7d:ac:df:6b:42:23:63:a4:2e:6c:9c:d0:ba:
                    99:89:ce:ba:7d:49:a7:38:6d:8d:e5:7e:07:81:ea:
                    8d:02:00:51:cd:af:dc:87:9d:2d:f3:1a:b4:68:93:
                    1f:31:33:11:fb:e7:29:98:5b:95:26:f8:2a:22:92:
                    18:17:64:b0:e2:3e:9e:d8:16:88:0c:8c:5e:b0:16:
                    d2:19:13:97:b4:d3:e3:e9:f7:b5:99:39:67:59:45:
                    9d:eb:a7:3d:15:63:e4:4c:70:93:2d:a9:40:a9:3e:
                    3e:e5:b2:38:c3:89:25:a2:d8:96:a5:0d:60:30:24:
                    09:eb:5f:0d:1a:12:56:8a:a3:de:5c:07:23:e3:34:
                    a4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F9:6D:4A:AC:D1:9B:80:E0:D2:FF:B0:63:2A:F6:96:E6:C0:DE:6E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402047.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:8f:f2:e9:c0:8c:27:2e:ba:76:27:79:c0:14:9d:24:c8:03:
         5e:97:f3:0c:b4:2d:65:d9:0e:03:8d:4f:1c:db:47:15:03:cd:
         3d:7f:46:df:bd:ba:7e:52:43:13:0b:15:76:11:3f:a0:98:2f:
         65:e8:2a:3b:5d:cb:a7:d8:09:2b:84:a7:9e:44:4d:49:c8:58:
         cd:36:f5:70:56:76:3b:6a:42:7c:ed:e8:fb:8f:2f:7e:b4:b2:
         b0:b1:a9:da:72:03:10:f3:ca:b5:2f:70:55:c2:dd:60:3e:16:
         ca:7a:65:8f:8b:b7:e9:09:af:12:e0:fe:58:eb:b9:7a:6e:a1:
         b4:8d:17:a6:b1:0f:2f:92:ad:ac:00:c3:4c:ca:86:a6:c6:00:
         a8:d6:ef:00:9f:9c:62:13:96:f6:7c:b0:3b:18:63:97:66:52:
         be:aa:90:ae:5c:98:26:dc:2d:b1:4d:62:d7:6c:16:16:5c:f0:
         bf:0c:f2:89:08:6a:5e:e5:96:77:e9:63:ca:b1:fb:36:6c:e4:
         7e:dd:78:66:06:5a:15:b8:18:c1:f1:be:e0:b7:0a:ad:53:a6:
         2a:91:3b:01:f0:aa:cd:97:69:7c:0c:75:4d:e4:4e:c7:1e:f9:
         0e:61:5d:de:80:3d:90:cd:ff:9b:21:7b:92:b1:0f:19:67:06:
         fa:df:49:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNfdsA0peqZjJYtOgCzKz9KrmQxAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDYwOTM1MTBaFw0yNzA1MDUwOTQwMTBaMDMxMTAvBgNV
BAMTKDQ1Rjk2RDRBQUNEMTlCODBFMEQyRkZCMDYzMkFGNjk2RTZDMERFNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuJd8CdexbZHFcpcNXRB9iaLXO
SC5XaEU1hNaSAVurYglv3KmpiCyx2H1j79FXeMZtQTTfXu/yE7T/rJR5T1MwZovz
BTvFjXWGgjHRmk1ourAIS+5TH5yS2mLL3NpU0VZ6CJa41g2QTn9Awzglqip/Avcj
PqmGxiMDfazfa0IjY6QubJzQupmJzrp9Sac4bY3lfgeB6o0CAFHNr9yHnS3zGrRo
kx8xMxH75ymYW5Um+CoikhgXZLDiPp7YFogMjF6wFtIZE5e00+Pp97WZOWdZRZ3r
pz0VY+RMcJMtqUCpPj7lsjjDiSWi2JalDWAwJAnrXw0aElaKo95cByPjNKSjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQURfltSqzRm4Dg0v+wYyr2lubA3m4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAyMDQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUidu
MA0GCSqGSIb3DQEBCwUAA4IBAQCdj/LpwIwnLrp2J3nAFJ0kyANel/MMtC1l2Q4D
jU8c20cVA809f0bfvbp+UkMTCxV2ET+gmC9l6Co7Xcun2AkrhKeeRE1JyFjNNvVw
VnY7akJ87ej7jy9+tLKwsanacgMQ88q1L3BVwt1gPhbKemWPi7fpCa8S4P5Y67l6
bqG0jRemsQ8vkq2sAMNMyoamxgCo1u8An5xiE5b2fLA7GGOXZlK+qpCuXJgm3C2x
TWLXbBYWXPC/DPKJCGpe5ZZ36WPKsfs2bOR+3XhmBloVuBjB8b7gtwqtU6YqkTsB
8KrNl2l8DHVN5E7HHvkOYV3egD2Qzf+bIXuSsQ8ZZwb630kN
-----END CERTIFICATE-----