Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402276.roa
File:                     AS402276.roa (raw, json)
Hash identifier:          qYc3jTsFuOo/V2FqrqiMkWOTmMQx+FtZjA1L1elTe4s=
Subject key identifier:   21:72:BA:28:48:28:51:64:22:A0:45:8C:CD:3B:64:B5:20:D5:64:46
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3B560EF33774BD8E6BBE26D3DB1722C31C5F37C4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402276.roa
Signing time:             Mon 11 May 2026 06:43:54 +0000
ROA not before:           Mon 11 May 2026 06:38:54 +0000
ROA not after:            Mon 10 May 2027 06:43:54 +0000
asID:                     402276
IP address blocks:        82.22.160.0/24 maxlen: 24
                          82.47.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:56:0e:f3:37:74:bd:8e:6b:be:26:d3:db:17:22:c3:1c:5f:37:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 11 06:38:54 2026 GMT
            Not After : May 10 06:43:54 2027 GMT
        Subject: CN=2172BA284828516422A0458CCD3B64B520D56446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:4e:69:d4:81:d4:25:42:bc:40:fe:ba:cd:95:
                    13:d0:0e:77:77:c7:00:29:f8:6b:23:2a:52:9b:c3:
                    bb:2c:3c:7f:90:37:87:73:00:88:2a:fa:0d:2d:2f:
                    71:3f:70:d5:b8:42:f5:58:6a:cf:88:a1:7b:56:96:
                    dd:8c:69:7f:9c:c6:fd:fc:30:60:cc:7b:0c:d6:ca:
                    4e:06:3c:3d:f2:fc:2b:0c:b6:2e:4b:a9:0f:35:bb:
                    b8:d4:5d:1d:38:04:94:14:c8:19:4f:a6:5e:21:b2:
                    77:5f:b4:46:64:5a:eb:e3:bd:91:8a:8e:82:cc:1e:
                    46:74:51:2d:eb:25:4e:25:d5:1e:0b:e5:64:86:37:
                    19:71:4f:96:cb:f2:33:80:d4:e5:55:cc:fd:70:a2:
                    8d:aa:87:a6:0a:f7:61:35:d3:e0:0b:f6:11:fc:a8:
                    65:27:ec:fa:b7:af:d5:a7:11:a7:47:c6:c5:2a:11:
                    2b:a6:14:d8:4b:23:3e:c7:cf:d8:a4:6c:89:5b:27:
                    ca:41:df:8f:5c:f7:a7:6c:2f:e5:f9:3c:47:a4:83:
                    59:58:3a:25:4b:4f:16:f4:88:69:00:e9:1c:e5:61:
                    d5:1d:b6:47:56:1c:bc:f1:f6:e5:1d:ea:d6:10:98:
                    50:7f:03:fc:75:37:87:c0:91:7a:93:11:66:7c:b0:
                    19:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:72:BA:28:48:28:51:64:22:A0:45:8C:CD:3B:64:B5:20:D5:64:46
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS402276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.160.0/24
                  82.47.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:08:f1:db:91:ce:ef:36:0f:9b:10:36:7f:a8:17:f2:be:07:
         16:2a:a0:05:6e:f9:12:ed:f0:0c:99:51:34:2e:c6:02:45:d8:
         7d:0c:b6:4d:2b:8d:d5:04:89:0b:cd:50:fb:ce:f2:a8:38:39:
         02:47:67:c8:08:2c:dd:d8:22:4b:09:f4:e0:f3:4f:b4:7c:42:
         e3:f1:17:ee:c3:5e:10:37:3f:86:65:52:2d:1c:45:23:c7:3c:
         a4:c8:99:43:bc:9b:80:f8:f3:a8:67:44:f7:6c:c5:79:de:66:
         46:00:dc:e3:78:42:0d:c4:fe:1a:88:a4:7e:b4:1e:dd:43:ea:
         c3:22:3a:62:8e:8d:c8:88:0b:a8:a4:96:d4:04:df:68:ea:73:
         ac:76:27:44:e0:54:27:44:7c:4c:e6:f6:0f:cc:cc:19:5d:04:
         89:a8:34:68:45:f6:95:dd:eb:c5:a8:3e:bf:94:a7:61:e9:7c:
         52:5a:2d:42:d3:72:35:d8:0f:bf:cd:bd:be:28:55:05:ff:a5:
         00:a4:c0:79:bc:75:d9:17:27:62:c2:a1:9e:d4:1e:5e:b9:5d:
         82:b7:72:b0:cd:0a:cb:0b:db:80:63:e1:64:84:21:5d:f8:77:
         ea:65:b0:02:ca:a7:98:36:2d:c6:c5:79:b6:f2:b9:ac:18:2d:
         11:0a:a0:4a
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUO1YO8zd0vY5rvibT2xciwxxfN8QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTEwNjM4NTRaFw0yNzA1MTAwNjQzNTRaMDMxMTAvBgNV
BAMTKDIxNzJCQTI4NDgyODUxNjQyMkEwNDU4Q0NEM0I2NEI1MjBENTY0NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoTmnUgdQlQrxA/rrNlRPQDnd3
xwAp+GsjKlKbw7ssPH+QN4dzAIgq+g0tL3E/cNW4QvVYas+IoXtWlt2MaX+cxv38
MGDMewzWyk4GPD3y/CsMti5LqQ81u7jUXR04BJQUyBlPpl4hsndftEZkWuvjvZGK
joLMHkZ0US3rJU4l1R4L5WSGNxlxT5bL8jOA1OVVzP1woo2qh6YK92E10+AL9hH8
qGUn7Pq3r9WnEadHxsUqESumFNhLIz7Hz9ikbIlbJ8pB349c96dsL+X5PEekg1lY
OiVLTxb0iGkA6RzlYdUdtkdWHLzx9uUd6tYQmFB/A/x1N4fAkXqTEWZ8sBnTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUIXK6KEgoUWQioEWMzTtktSDVZEYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAyMjc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhag
AwQAUi+nMA0GCSqGSIb3DQEBCwUAA4IBAQAzCPHbkc7vNg+bEDZ/qBfyvgcWKqAF
bvkS7fAMmVE0LsYCRdh9DLZNK43VBIkLzVD7zvKoODkCR2fICCzd2CJLCfTg80+0
fELj8Rfuw14QNz+GZVItHEUjxzykyJlDvJuA+POoZ0T3bMV53mZGANzjeEINxP4a
iKR+tB7dQ+rDIjpijo3IiAuopJbUBN9o6nOsdidE4FQnRHxM5vYPzMwZXQSJqDRo
RfaV3evFqD6/lKdh6XxSWi1C03I12A+/zb2+KFUF/6UApMB5vHXZFydiwqGe1B5e
uV2Ct3KwzQrLC9uAY+FkhCFd+HfqZbACyqeYNi3GxXm28rmsGC0RCqBK
-----END CERTIFICATE-----