Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402252.roa
File:                     AS402252.roa (raw, json)
Hash identifier:          pWBQXBhyVL7FkxZDNfwbnHp1vfqPKjwUlD4qDZ02mEQ=
Subject key identifier:   33:33:CE:BA:D1:AB:CE:BE:CF:AC:C5:7A:82:C4:7D:1C:82:D3:D1:60
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3B4E3E8051AE72A0493FCAD1502527DDA7503EE4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402252.roa
Signing time:             Mon 11 May 2026 12:40:46 +0000
ROA not before:           Mon 11 May 2026 12:35:46 +0000
ROA not after:            Mon 10 May 2027 12:40:46 +0000
asID:                     402252
IP address blocks:        82.23.165.0/24 maxlen: 24
                          82.47.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:4e:3e:80:51:ae:72:a0:49:3f:ca:d1:50:25:27:dd:a7:50:3e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 11 12:35:46 2026 GMT
            Not After : May 10 12:40:46 2027 GMT
        Subject: CN=3333CEBAD1ABCEBECFACC57A82C47D1C82D3D160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a0:ee:f1:5e:12:ad:92:56:9a:f5:9c:9a:ed:
                    49:e8:d3:fc:97:32:5b:ce:9e:ac:60:b0:17:fd:eb:
                    08:af:d7:ca:cb:77:8c:a4:00:50:bd:c0:6e:68:48:
                    55:d0:9d:6a:31:17:aa:14:fd:96:7e:9b:98:88:cf:
                    72:df:3b:6a:cd:75:99:4d:42:6b:cc:0e:ac:25:71:
                    9d:29:05:a2:bb:28:82:d7:da:5d:fe:43:7e:a4:13:
                    47:69:4b:e8:4c:6f:ad:8d:9f:33:5a:17:fe:4f:b6:
                    a9:c6:05:6b:e3:2f:50:04:73:57:61:72:89:4c:97:
                    d4:f6:a7:43:52:a0:a5:97:66:5b:4a:cc:a7:96:ec:
                    2a:c7:30:42:8f:a4:f3:44:c8:6b:3d:19:31:6f:9e:
                    3c:ef:75:7a:33:c9:56:21:d1:a6:0b:6e:d4:5a:09:
                    1d:07:b1:3d:66:0f:a7:f3:a6:dc:11:27:c5:50:c8:
                    b8:14:ad:93:62:42:34:3c:2f:13:61:79:24:cf:d8:
                    77:b4:31:f7:74:e3:a6:83:a1:31:58:a8:21:43:03:
                    bf:59:e4:12:70:52:a8:c3:72:a4:9b:45:b6:c0:1c:
                    61:ac:b2:b7:73:df:44:8a:ad:60:70:6f:5f:ff:e3:
                    2b:88:7d:71:63:46:d7:4e:fc:11:15:73:d5:33:58:
                    b8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:33:CE:BA:D1:AB:CE:BE:CF:AC:C5:7A:82:C4:7D:1C:82:D3:D1:60
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402252.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.165.0/24
                  82.47.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:ee:ee:4d:2a:49:7e:ed:64:ce:96:6c:4b:c5:f7:64:49:59:
         80:b3:22:13:27:0a:6f:f1:10:d7:70:ca:70:90:06:43:ca:6c:
         e5:4d:7f:ac:9b:6a:18:13:d9:ce:83:95:2e:86:01:18:4d:96:
         c1:6e:52:66:ef:a8:a2:57:46:da:78:a5:e4:33:ce:1a:8d:76:
         f9:d3:bf:ca:f9:bb:2f:e4:55:fa:25:6a:f2:db:3a:af:a6:6f:
         62:a5:87:b8:29:49:ba:64:10:bf:29:11:60:b1:e9:ea:17:e1:
         58:5d:58:9b:ec:f0:2b:a2:d1:4f:3b:8e:c2:a3:03:34:a6:f2:
         dd:5b:24:f0:29:a1:35:2d:29:10:0a:fb:47:cc:5f:d1:90:28:
         13:50:51:6d:09:b8:33:4a:95:02:7c:83:39:bf:b6:5b:cf:32:
         ef:79:97:f0:be:f6:40:77:d8:7f:79:b8:ea:9a:11:d2:91:5c:
         18:14:25:c9:2d:32:24:6b:5e:d2:15:36:5f:7c:03:91:a9:0a:
         0f:f5:b2:15:cf:43:c0:47:43:72:1c:2c:cf:6b:a2:25:e1:4a:
         49:71:eb:28:d1:43:c1:bf:bc:67:28:04:83:e6:7b:b5:bd:bc:
         7d:f2:7a:2a:91:eb:ef:e0:f8:52:a1:e0:6e:07:4a:04:05:7c:
         34:8d:ef:fc
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUO04+gFGucqBJP8rRUCUn3adQPuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTExMjM1NDZaFw0yNzA1MTAxMjQwNDZaMDMxMTAvBgNV
BAMTKDMzMzNDRUJBRDFBQkNFQkVDRkFDQzU3QTgyQzQ3RDFDODJEM0QxNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3oO7xXhKtklaa9Zya7Uno0/yX
MlvOnqxgsBf96wiv18rLd4ykAFC9wG5oSFXQnWoxF6oU/ZZ+m5iIz3LfO2rNdZlN
QmvMDqwlcZ0pBaK7KILX2l3+Q36kE0dpS+hMb62NnzNaF/5PtqnGBWvjL1AEc1dh
colMl9T2p0NSoKWXZltKzKeW7CrHMEKPpPNEyGs9GTFvnjzvdXozyVYh0aYLbtRa
CR0HsT1mD6fzptwRJ8VQyLgUrZNiQjQ8LxNheSTP2He0Mfd046aDoTFYqCFDA79Z
5BJwUqjDcqSbRbbAHGGssrdz30SKrWBwb1//4yuIfXFjRtdO/BEVc9UzWLgtAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUMzPOutGrzr7PrMV6gsR9HILT0WAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAyMjUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhel
AwQAUi+kMA0GCSqGSIb3DQEBCwUAA4IBAQBf7u5NKkl+7WTOlmxLxfdkSVmAsyIT
Jwpv8RDXcMpwkAZDymzlTX+sm2oYE9nOg5UuhgEYTZbBblJm76iiV0baeKXkM84a
jXb507/K+bsv5FX6JWry2zqvpm9ipYe4KUm6ZBC/KRFgsenqF+FYXVib7PArotFP
O47CowM0pvLdWyTwKaE1LSkQCvtHzF/RkCgTUFFtCbgzSpUCfIM5v7ZbzzLveZfw
vvZAd9h/ebjqmhHSkVwYFCXJLTIka17SFTZffAORqQoP9bIVz0PAR0NyHCzPa6Il
4UpJceso0UPBv7xnKASD5nu1vbx98noqkevv4PhSoeBuB0oEBXw0je/8
-----END CERTIFICATE-----