Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51847.roa
File:                     AS51847.roa (raw, json)
Hash identifier:          iWxR5PpAJsdkAtrXytgubV96MGfR7gS0QaRUQWwGxSM=
Subject key identifier:   EC:F6:61:FC:21:38:87:EF:B5:5F:B9:F3:7D:38:37:18:07:E0:C2:05
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       27FFFF2BF9411DB03805625BB79DCDDDC5B50115
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51847.roa
Signing time:             Tue 24 Jun 2025 06:07:19 +0000
ROA not before:           Tue 24 Jun 2025 06:02:19 +0000
ROA not after:            Tue 23 Jun 2026 06:07:19 +0000
asID:                     51847
IP address blocks:        82.21.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:ff:ff:2b:f9:41:1d:b0:38:05:62:5b:b7:9d:cd:dd:c5:b5:01:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 24 06:02:19 2025 GMT
            Not After : Jun 23 06:07:19 2026 GMT
        Subject: CN=ECF661FC213887EFB55FB9F37D38371807E0C205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:23:c8:91:33:91:fc:9c:94:0c:d6:90:3f:0b:
                    2a:26:dd:e9:ac:44:ef:9e:1c:a5:54:38:1e:0a:cc:
                    3b:01:80:b6:23:2d:7d:a9:72:3b:0c:fb:47:44:26:
                    a2:3c:43:44:7f:87:ae:d4:c6:f1:01:47:45:ce:d6:
                    df:88:c4:0d:d9:b3:c6:36:b0:82:9f:ea:6c:7d:5c:
                    b1:f2:97:7e:ac:13:fc:42:a6:56:bf:6a:65:ae:ec:
                    9b:62:c6:96:a4:61:af:49:65:54:c8:50:9b:92:3a:
                    34:b4:64:0a:ce:c0:78:12:e4:09:8a:0b:68:d9:ee:
                    59:a6:a2:9e:06:a6:dc:a2:1f:d0:43:db:43:de:42:
                    5a:c4:6c:24:c4:64:8a:29:93:81:2b:0d:46:a0:9b:
                    f4:e9:30:f5:7a:67:74:db:79:2e:ae:79:95:10:fd:
                    e6:69:cb:16:b6:3c:fc:bc:09:57:27:a6:e5:c1:e4:
                    d0:b9:c2:33:32:ab:62:85:a4:46:f2:93:f9:3f:af:
                    c3:3e:53:31:da:46:a6:9b:69:9f:eb:3e:61:c4:4a:
                    a1:b3:a8:c7:2e:47:14:36:66:b8:5b:3e:2a:cc:0a:
                    89:42:47:dc:95:76:fa:61:1f:6c:96:a8:1b:8c:0a:
                    e6:01:bf:30:a3:12:f1:16:db:00:ae:d0:fc:7e:fd:
                    ab:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F6:61:FC:21:38:87:EF:B5:5F:B9:F3:7D:38:37:18:07:E0:C2:05
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS51847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:5c:65:f0:b2:34:4e:08:01:7b:f6:cc:6b:6e:96:69:f4:bb:
         35:19:95:d2:c2:3e:7b:a2:cb:24:04:f3:cf:88:76:29:04:79:
         4f:b5:6e:dd:28:90:5a:38:26:c5:0c:fa:2b:d9:55:1d:55:ab:
         f4:60:e6:31:94:fe:b9:5b:ed:e5:fd:a9:4e:1a:f2:e4:c4:de:
         14:79:6a:97:09:40:88:d8:cb:ef:bc:e1:4c:f2:32:06:97:74:
         56:a5:e0:8d:ad:f6:f5:eb:1b:8b:af:e4:11:a1:50:32:de:07:
         9b:e5:2d:83:c3:f9:06:e1:72:67:96:ef:46:6b:f1:f6:fe:f3:
         f2:e9:e9:11:52:dc:d9:84:3a:bf:12:d2:82:56:96:c4:b0:4a:
         a4:aa:f0:0a:35:5e:73:9a:27:e9:64:e5:4f:ba:b4:08:81:5d:
         ee:70:48:0d:0e:92:b7:c4:f5:89:b1:0c:77:f0:85:e1:0d:ad:
         95:f4:91:57:92:09:9c:ab:2e:75:18:80:8d:9a:1f:0a:ac:af:
         67:67:cf:e7:cb:69:08:75:9d:47:f8:fe:e7:ed:fb:85:87:8a:
         a4:41:c7:1d:c1:c5:55:04:45:05:98:9c:1e:e0:1c:5b:19:ae:
         69:e5:e8:33:fb:f3:11:22:8b:12:bb:4c:59:e3:97:2b:37:85:
         89:c7:71:da
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJ///K/lBHbA4BWJbt53N3cW1ARUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjQwNjAyMTlaFw0yNjA2MjMwNjA3MTlaMDMxMTAvBgNV
BAMTKEVDRjY2MUZDMjEzODg3RUZCNTVGQjlGMzdEMzgzNzE4MDdFMEMyMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8I8iRM5H8nJQM1pA/Cyom3ems
RO+eHKVUOB4KzDsBgLYjLX2pcjsM+0dEJqI8Q0R/h67UxvEBR0XO1t+IxA3Zs8Y2
sIKf6mx9XLHyl36sE/xCpla/amWu7JtixpakYa9JZVTIUJuSOjS0ZArOwHgS5AmK
C2jZ7lmmop4GptyiH9BD20PeQlrEbCTEZIopk4ErDUagm/TpMPV6Z3TbeS6ueZUQ
/eZpyxa2PPy8CVcnpuXB5NC5wjMyq2KFpEbyk/k/r8M+UzHaRqabaZ/rPmHESqGz
qMcuRxQ2ZrhbPirMColCR9yVdvphH2yWqBuMCuYBvzCjEvEW2wCu0Px+/as1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU7PZh/CE4h++1X7nzfTg3GAfgwgUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTE4NDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFc4w
DQYJKoZIhvcNAQELBQADggEBAGpcZfCyNE4IAXv2zGtulmn0uzUZldLCPnuiyyQE
88+IdikEeU+1bt0okFo4JsUM+ivZVR1Vq/Rg5jGU/rlb7eX9qU4a8uTE3hR5apcJ
QIjYy++84UzyMgaXdFal4I2t9vXrG4uv5BGhUDLeB5vlLYPD+QbhcmeW70Zr8fb+
8/Lp6RFS3NmEOr8S0oJWlsSwSqSq8Ao1XnOaJ+lk5U+6tAiBXe5wSA0OkrfE9Ymx
DHfwheENrZX0kVeSCZyrLnUYgI2aHwqsr2dnz+fLaQh1nUf4/uft+4WHiqRBxx3B
xVUERQWYnB7gHFsZrmnl6DP78xEiixK7TFnjlys3hYnHcdo=
-----END CERTIFICATE-----