Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS812.roa
File:                     AS812.roa (raw, json)
Hash identifier:          MMD0slM8OsFiZsENj2YsZ3Fsb3MHlYIATzUopwrUPls=
Subject key identifier:   6F:8C:71:D7:3B:9F:DE:99:D4:86:9C:72:B4:75:E7:F2:DA:75:E8:6F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1CCD96641A5962AC2411551C8A25F5C172134107
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS812.roa
Signing time:             Fri 26 Sep 2025 00:07:00 +0000
ROA not before:           Fri 26 Sep 2025 00:02:00 +0000
ROA not after:            Fri 25 Sep 2026 00:07:00 +0000
asID:                     812
IP address blocks:        82.21.60.0/24 maxlen: 24
                          82.21.61.0/24 maxlen: 24
                          82.22.158.0/24 maxlen: 24
                          82.23.92.0/24 maxlen: 24
                          82.23.93.0/24 maxlen: 24
                          82.23.94.0/24 maxlen: 24
                          82.23.95.0/24 maxlen: 24
                          82.23.96.0/24 maxlen: 24
                          82.23.97.0/24 maxlen: 24
                          82.23.98.0/24 maxlen: 24
                          82.23.99.0/24 maxlen: 24
                          82.23.100.0/24 maxlen: 24
                          82.23.101.0/24 maxlen: 24
                          82.23.102.0/24 maxlen: 24
                          82.23.103.0/24 maxlen: 24
                          82.23.104.0/24 maxlen: 24
                          82.23.105.0/24 maxlen: 24
                          82.23.106.0/24 maxlen: 24
                          82.23.107.0/24 maxlen: 24
                          82.23.108.0/24 maxlen: 24
                          82.23.109.0/24 maxlen: 24
                          82.23.110.0/24 maxlen: 24
                          82.23.111.0/24 maxlen: 24
                          82.23.112.0/24 maxlen: 24
                          82.23.113.0/24 maxlen: 24
                          82.23.114.0/24 maxlen: 24
                          82.23.115.0/24 maxlen: 24
                          82.23.116.0/24 maxlen: 24
                          82.23.117.0/24 maxlen: 24
                          82.23.118.0/24 maxlen: 24
                          82.23.124.0/24 maxlen: 24
                          82.23.125.0/24 maxlen: 24
                          82.23.127.0/24 maxlen: 24
                          82.23.140.0/23 maxlen: 24
                          82.23.174.0/24 maxlen: 24
                          82.29.115.0/24 maxlen: 24
                          82.29.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:35:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:cd:96:64:1a:59:62:ac:24:11:55:1c:8a:25:f5:c1:72:13:41:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 26 00:02:00 2025 GMT
            Not After : Sep 25 00:07:00 2026 GMT
        Subject: CN=6F8C71D73B9FDE99D4869C72B475E7F2DA75E86F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6f:f7:f8:e5:38:01:98:b8:2f:6c:1d:8e:62:
                    8b:7b:47:e0:35:5e:82:6d:a3:39:87:7c:ec:77:4c:
                    b3:35:ad:f3:a7:94:5c:6c:04:53:f9:e1:b1:b2:9e:
                    88:0b:5e:05:7b:a0:2f:73:0b:76:24:28:be:12:0b:
                    f1:ae:4f:41:ab:39:6c:c0:dd:d1:2a:25:37:c0:f9:
                    34:7e:29:a6:65:c8:72:f5:4a:b1:55:88:22:b5:12:
                    31:40:e9:a1:9b:25:da:c4:30:11:c1:cd:c9:06:17:
                    4d:0d:67:d3:72:56:24:ce:65:57:57:2d:94:b6:9a:
                    6d:bb:90:c8:93:89:ab:45:7b:91:1c:5b:fb:3f:ab:
                    af:d0:0e:ae:3d:89:ce:09:d5:fc:41:db:f5:19:33:
                    df:47:d0:07:90:ad:3c:d0:87:74:e8:fb:9b:47:55:
                    dd:e3:ce:40:3c:02:c5:bb:e9:65:75:b0:56:52:27:
                    c7:a9:22:8a:77:e6:3a:2a:d1:9b:9b:cf:8b:d6:87:
                    c5:b6:93:b1:4d:e3:f9:7e:c4:6e:33:ba:ec:2c:d4:
                    08:a2:19:01:5a:cf:7d:1e:1b:b6:1f:f0:00:00:be:
                    9a:29:76:be:2f:cc:a9:86:d1:8e:0d:d7:90:32:71:
                    dc:f9:6a:14:05:24:5a:5f:5d:07:5b:41:4e:a8:5d:
                    65:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:8C:71:D7:3B:9F:DE:99:D4:86:9C:72:B4:75:E7:F2:DA:75:E8:6F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS812.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.60.0/23
                  82.22.158.0/24
                  82.23.92.0-82.23.118.255
                  82.23.124.0/23
                  82.23.127.0/24
                  82.23.140.0/23
                  82.23.174.0/24
                  82.29.115.0/24
                  82.29.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ac:65:a5:13:be:88:3d:b7:09:3a:83:a3:fd:88:6f:e6:bb:
         04:3d:67:5e:d1:39:e4:d2:53:87:af:35:69:a0:8f:18:ed:57:
         f8:b1:83:ad:97:7b:98:d2:30:3a:63:8a:f4:32:7b:bf:e5:bd:
         06:25:d0:34:21:79:e3:8e:da:19:37:98:18:97:43:a5:85:d0:
         81:a3:5a:97:76:3e:11:08:ca:3f:fd:ad:7f:dc:0c:74:7d:0e:
         bd:63:35:ab:b6:51:73:6d:46:26:4d:4d:cc:b9:eb:96:f0:b1:
         6e:ff:1b:75:bf:d2:52:b1:9a:5f:19:5b:21:91:be:6b:0c:45:
         68:64:e8:7a:20:2a:44:41:d8:f1:31:33:00:d9:b0:cb:be:a5:
         5d:5b:9c:55:70:f4:40:da:ff:d1:9d:de:64:a3:f9:fe:98:bb:
         0a:d7:b3:1e:64:43:62:d2:1a:a2:22:7f:f0:62:98:30:49:6a:
         0d:24:0d:75:a3:36:85:99:b3:bd:78:1a:fb:68:99:ea:b9:6c:
         bf:7e:ee:9e:85:f5:b3:e4:64:a0:65:55:7d:2c:8d:2c:ac:db:
         b1:ba:a3:20:81:77:d9:c5:da:6c:17:33:0a:86:a6:fb:3a:e2:
         18:f1:f0:3f:ee:eb:8f:6b:94:c7:95:5e:cd:ef:c9:5c:10:df:
         21:85:45:ff
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUHM2WZBpZYqwkEVUciiX1wXITQQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MjYwMDAyMDBaFw0yNjA5MjUwMDA3MDBaMDMxMTAvBgNV
BAMTKDZGOEM3MUQ3M0I5RkRFOTlENDg2OUM3MkI0NzVFN0YyREE3NUU4NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCub/f45TgBmLgvbB2OYot7R+A1
XoJtozmHfOx3TLM1rfOnlFxsBFP54bGynogLXgV7oC9zC3YkKL4SC/GuT0GrOWzA
3dEqJTfA+TR+KaZlyHL1SrFViCK1EjFA6aGbJdrEMBHBzckGF00NZ9NyViTOZVdX
LZS2mm27kMiTiatFe5EcW/s/q6/QDq49ic4J1fxB2/UZM99H0AeQrTzQh3To+5tH
Vd3jzkA8AsW76WV1sFZSJ8epIop35joq0Zubz4vWh8W2k7FN4/l+xG4zuuws1Aii
GQFaz30eG7Yf8AAAvpopdr4vzKmG0Y4N15Aycdz5ahQFJFpfXQdbQU6oXWV/AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUb4xx1zuf3pnUhpxytHXn8tp16G8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTODEyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQBUhU8AwQA
UhaeMAwDBAJSF1wDBABSF3YDBAFSF3wDBABSF38DBAFSF4wDBABSF64DBABSHXMD
BABSHXowDQYJKoZIhvcNAQELBQADggEBAEisZaUTvog9twk6g6P9iG/muwQ9Z17R
OeTSU4evNWmgjxjtV/ixg62Xe5jSMDpjivQye7/lvQYl0DQheeOO2hk3mBiXQ6WF
0IGjWpd2PhEIyj/9rX/cDHR9Dr1jNau2UXNtRiZNTcy565bwsW7/G3W/0lKxml8Z
WyGRvmsMRWhk6HogKkRB2PExMwDZsMu+pV1bnFVw9EDa/9Gd3mSj+f6YuwrXsx5k
Q2LSGqIif/BimDBJag0kDXWjNoWZs714Gvtomeq5bL9+7p6F9bPkZKBlVX0sjSys
27G6oyCBd9nF2mwXMwqGpvs64hjx8D/u649rlMeVXs3vyVwQ3yGFRf8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:47:08 2025 by rpki-client