Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51847.roa
File:                     AS51847.roa (raw, json)
Hash identifier:          mGfZCgGIpAlylja+H0jleFb6HsLBsvUp7ocplVTFpUw=
Subject key identifier:   77:30:03:83:CE:CC:EA:38:E3:E2:34:24:55:0C:91:AC:E7:3F:C1:23
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1A7ECA3238E98C9E479F7FC2668B79BB97A04A6B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51847.roa
Signing time:             Thu 16 Oct 2025 13:14:00 +0000
ROA not before:           Thu 16 Oct 2025 13:09:00 +0000
ROA not after:            Thu 15 Oct 2026 13:14:00 +0000
asID:                     51847
IP address blocks:        82.21.206.0/24 maxlen: 24
                          2a13:9500:f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:35:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:7e:ca:32:38:e9:8c:9e:47:9f:7f:c2:66:8b:79:bb:97:a0:4a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 16 13:09:00 2025 GMT
            Not After : Oct 15 13:14:00 2026 GMT
        Subject: CN=77300383CECCEA38E3E23424550C91ACE73FC123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5f:04:d3:f1:9b:d2:a8:c3:f3:f6:c5:61:16:
                    34:a5:b5:5d:64:e0:36:ee:c0:d7:7f:1b:90:09:55:
                    0d:d9:ca:0b:d0:28:c0:17:2e:61:a4:9a:5a:f4:40:
                    e7:b1:ed:55:cf:05:af:4e:c6:3e:72:e7:bb:5e:ef:
                    6b:d3:76:26:e2:43:24:ab:63:04:cc:9a:76:c7:66:
                    e5:16:b8:1a:d8:20:c7:52:46:7d:f1:b1:2e:4f:f5:
                    69:ce:e8:4e:ad:bd:26:8b:ad:b1:05:17:18:da:2c:
                    bc:53:05:1a:00:6d:e9:25:d9:6f:f5:e5:69:76:1d:
                    59:e6:18:c7:2b:81:41:0c:60:2a:05:a2:81:1f:5f:
                    80:ef:38:36:21:64:52:c6:e7:59:76:b7:29:c6:d3:
                    2f:ed:f8:8c:02:c3:08:28:43:cc:ca:87:46:4d:de:
                    c9:57:21:f7:84:62:a0:40:31:c0:63:0b:43:ef:b3:
                    de:ff:65:d2:25:cd:c4:6c:4d:6c:4a:e2:9c:fe:10:
                    21:a9:0d:6f:fe:2d:61:e0:6d:31:8e:03:fe:3d:1f:
                    10:fe:16:91:6d:f9:bb:11:29:d4:c3:ce:06:d4:a5:
                    84:c0:e5:87:b9:c3:7e:23:af:b8:32:1c:98:a1:bf:
                    9c:90:67:75:0d:7e:a4:b5:34:95:ee:b5:b0:01:65:
                    f0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:30:03:83:CE:CC:EA:38:E3:E2:34:24:55:0C:91:AC:E7:3F:C1:23
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.206.0/24
                IPv6:
                  2a13:9500:f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:c2:3d:93:bb:f0:9b:91:af:8d:1b:bb:9b:d7:a2:c0:de:dc:
         8e:c2:73:02:19:d4:0a:8b:d8:18:d7:2b:3a:8a:70:ac:c3:15:
         29:37:b8:ea:ff:9a:ae:05:96:ea:91:c6:00:92:71:b5:be:13:
         13:84:b4:01:88:f0:9a:cd:84:50:25:60:65:6d:b5:2e:e8:9a:
         12:ce:7e:6c:a4:d1:1e:e9:9b:a2:f2:6b:a4:ba:20:00:2b:1b:
         c8:e3:71:2a:8b:a4:b0:28:03:0c:6e:e3:20:ef:e5:8e:80:42:
         38:ac:5f:e7:f8:a5:4e:be:36:09:08:92:00:b1:eb:c6:f7:70:
         31:b8:c9:7c:33:d4:b7:01:8c:5a:5d:21:5e:e2:4d:ca:51:80:
         5a:8c:23:e2:d1:85:e7:71:78:13:43:30:3a:c6:6b:4f:ff:77:
         e7:37:cd:1b:da:65:79:14:95:f2:6b:c2:56:ac:77:ae:c1:42:
         07:ad:15:5c:42:35:8a:c2:55:9b:97:10:07:a2:bb:4b:2e:55:
         57:2f:1b:df:70:a3:9a:cc:f7:0d:ac:16:c4:b7:7e:13:cc:a1:
         af:41:08:0c:7f:6f:7a:82:4a:09:1b:65:29:f5:36:cb:59:e7:
         b6:b0:ef:04:57:9e:22:34:0c:ce:dd:f8:57:9d:24:f1:a9:8c:
         a9:ea:dc:42
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIUGn7KMjjpjJ5Hn3/CZot5u5egSmswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTYxMzA5MDBaFw0yNjEwMTUxMzE0MDBaMDMxMTAvBgNV
BAMTKDc3MzAwMzgzQ0VDQ0VBMzhFM0UyMzQyNDU1MEM5MUFDRTczRkMxMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeXwTT8ZvSqMPz9sVhFjSltV1k
4DbuwNd/G5AJVQ3ZygvQKMAXLmGkmlr0QOex7VXPBa9Oxj5y57te72vTdibiQySr
YwTMmnbHZuUWuBrYIMdSRn3xsS5P9WnO6E6tvSaLrbEFFxjaLLxTBRoAbekl2W/1
5Wl2HVnmGMcrgUEMYCoFooEfX4DvODYhZFLG51l2tynG0y/t+IwCwwgoQ8zKh0ZN
3slXIfeEYqBAMcBjC0Pvs97/ZdIlzcRsTWxK4pz+ECGpDW/+LWHgbTGOA/49HxD+
FpFt+bsRKdTDzgbUpYTA5Ye5w34jr7gyHJihv5yQZ3UNfqS1NJXutbABZfCvAgMB
AAGjggIaMIICFjAdBgNVHQ4EFgQUdzADg87M6jjj4jQkVQyRrOc/wSMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTE4NDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBABSFc4w
DwQCAAIwCQMHACoTlQAA8DANBgkqhkiG9w0BAQsFAAOCAQEAAcI9k7vwm5GvjRu7
m9eiwN7cjsJzAhnUCovYGNcrOopwrMMVKTe46v+argWW6pHGAJJxtb4TE4S0AYjw
ms2EUCVgZW21LuiaEs5+bKTRHumbovJrpLogACsbyONxKouksCgDDG7jIO/ljoBC
OKxf5/ilTr42CQiSALHrxvdwMbjJfDPUtwGMWl0hXuJNylGAWowj4tGF53F4E0Mw
OsZrT/935zfNG9pleRSV8mvCVqx3rsFCB60VXEI1isJVm5cQB6K7Sy5VVy8b33Cj
msz3DawWxLd+E8yhr0EIDH9veoJKCRtlKfU2y1nntrDvBFeeIjQMzt34V50k8amM
qercQg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:03:45 2025 by rpki-client