Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402268.roa
File:                     AS402268.roa (raw, json)
Hash identifier:          yOTuR7CfLvHvAL/an7BWXeVjHYVyhAgLdUiK9bvPlv0=
Subject key identifier:   8A:F8:06:B8:1D:AB:68:D5:E3:80:49:16:F7:13:5F:73:29:48:97:FA
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4351FC225C5E1B452AE29982A8DAFDCAFE248F4B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402268.roa
Signing time:             Thu 07 May 2026 06:02:50 +0000
ROA not before:           Thu 07 May 2026 05:57:50 +0000
ROA not after:            Thu 06 May 2027 06:02:50 +0000
asID:                     402268
IP address blocks:        82.47.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:51:fc:22:5c:5e:1b:45:2a:e2:99:82:a8:da:fd:ca:fe:24:8f:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  7 05:57:50 2026 GMT
            Not After : May  6 06:02:50 2027 GMT
        Subject: CN=8AF806B81DAB68D5E3804916F7135F73294897FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:56:b8:f6:af:85:78:de:6f:ce:65:75:6f:f7:
                    63:1c:f8:48:5b:99:9b:cc:f4:2a:ee:f4:b6:d6:2c:
                    3b:86:87:3d:6f:11:53:63:d1:d5:15:d1:21:fb:db:
                    8d:54:c2:1c:ee:bc:8f:5e:f8:5f:17:9a:eb:33:7d:
                    3f:5f:d6:99:aa:95:ae:8f:7c:67:75:0c:ed:af:e8:
                    4a:f2:b4:19:f1:d2:ba:36:e7:f2:cf:cd:9c:36:4a:
                    d6:a6:7d:64:d1:4a:26:67:6f:b0:ed:dd:d6:6c:bc:
                    1b:f1:44:11:4b:10:96:3a:14:71:44:42:90:c2:ba:
                    e4:89:c8:39:05:b9:e1:ea:ee:0a:fa:e0:45:d8:aa:
                    58:1b:ea:f9:1a:10:a2:05:81:e4:8e:8d:ce:5d:85:
                    96:b6:f1:3d:17:fb:dd:e4:0d:53:b1:38:d0:c5:70:
                    32:f0:68:76:03:e3:2d:f9:e7:27:be:50:3d:dd:e3:
                    10:f2:8a:2c:39:93:93:a3:7f:ca:24:56:ca:55:17:
                    77:9a:d0:37:c5:da:23:7f:ba:9d:77:62:7c:be:e5:
                    56:62:7b:5b:13:06:de:a9:5d:97:d6:4c:5f:ad:93:
                    4b:b1:56:2a:c2:31:44:af:13:0d:c7:1d:9c:52:9a:
                    83:d3:a5:86:0a:f6:dd:ec:f4:70:f1:58:df:8b:51:
                    fb:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F8:06:B8:1D:AB:68:D5:E3:80:49:16:F7:13:5F:73:29:48:97:FA
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402268.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:78:f5:3c:25:a6:6b:cd:b0:6c:f9:ac:d7:b5:3e:87:03:18:
         7a:84:07:fb:01:70:f8:fe:3d:d2:69:54:5e:f1:1c:b7:30:07:
         22:15:9b:0b:60:0c:97:9d:06:29:3e:eb:41:5d:e5:e8:f4:9c:
         b5:3f:53:c3:f6:19:8d:fe:02:ff:5e:c6:2c:21:0c:87:21:ca:
         15:b8:2d:08:ce:81:9e:13:17:e9:aa:c5:ac:83:c4:43:5f:3e:
         ef:d0:ed:3d:cd:de:d7:b3:51:0f:b5:bf:52:1f:d0:46:04:82:
         2a:d7:c7:06:89:f6:98:be:d5:a1:12:92:c8:99:9a:38:2c:cb:
         4c:ab:ca:42:56:a7:d5:e4:9a:b1:09:13:7a:51:21:7b:d1:80:
         a7:2d:f7:64:b0:35:ef:90:86:12:33:35:9b:99:fe:ce:03:0a:
         a3:9d:f9:31:fb:f7:3c:53:df:19:55:c0:3c:67:3e:e7:3c:b1:
         be:6d:56:56:88:21:d8:57:bd:06:0e:f5:bd:19:b6:e3:47:d9:
         c4:87:2c:f5:97:3d:11:85:84:ec:91:af:03:a9:e7:ab:92:da:
         2f:7b:07:0a:95:ca:87:b3:aa:b6:dd:a0:00:4c:51:e3:17:4b:
         38:0e:3c:e5:23:9c:63:90:5f:24:fc:74:bc:05:09:38:6f:bc:
         98:bf:4c:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQ1H8IlxeG0Uq4pmCqNr9yv4kj0swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDcwNTU3NTBaFw0yNzA1MDYwNjAyNTBaMDMxMTAvBgNV
BAMTKDhBRjgwNkI4MURBQjY4RDVFMzgwNDkxNkY3MTM1RjczMjk0ODk3RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Vrj2r4V43m/OZXVv92Mc+Ehb
mZvM9Cru9LbWLDuGhz1vEVNj0dUV0SH7241UwhzuvI9e+F8XmuszfT9f1pmqla6P
fGd1DO2v6ErytBnx0ro25/LPzZw2StamfWTRSiZnb7Dt3dZsvBvxRBFLEJY6FHFE
QpDCuuSJyDkFueHq7gr64EXYqlgb6vkaEKIFgeSOjc5dhZa28T0X+93kDVOxONDF
cDLwaHYD4y355ye+UD3d4xDyiiw5k5Ojf8okVspVF3ea0DfF2iN/up13Yny+5VZi
e1sTBt6pXZfWTF+tk0uxVirCMUSvEw3HHZxSmoPTpYYK9t3s9HDxWN+LUftPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUivgGuB2raNXjgEkW9xNfcylIl/owHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAyMjY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUi8q
MA0GCSqGSIb3DQEBCwUAA4IBAQCCePU8JaZrzbBs+azXtT6HAxh6hAf7AXD4/j3S
aVRe8Ry3MAciFZsLYAyXnQYpPutBXeXo9Jy1P1PD9hmN/gL/XsYsIQyHIcoVuC0I
zoGeExfpqsWsg8RDXz7v0O09zd7Xs1EPtb9SH9BGBIIq18cGifaYvtWhEpLImZo4
LMtMq8pCVqfV5JqxCRN6USF70YCnLfdksDXvkIYSMzWbmf7OAwqjnfkx+/c8U98Z
VcA8Zz7nPLG+bVZWiCHYV70GDvW9GbbjR9nEhyz1lz0RhYTska8DqeerktovewcK
lcqHs6q23aAATFHjF0s4DjzlI5xjkF8k/HS8BQk4b7yYv0wI
-----END CERTIFICATE-----