Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS10753.roa
File:                     AS10753.roa (raw, json)
Hash identifier:          J++lG4hO4K/6Ewj3zzoZ8w4W5bfMF3gKo2DZ1swcT4o=
Subject key identifier:   D3:8F:A2:83:33:07:F4:DF:5D:9B:59:2A:DE:BE:CC:2B:71:38:7A:63
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0AE52955BD738768589B13892C94CF32927AA098
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS10753.roa
Signing time:             Thu 29 Jan 2026 17:10:21 +0000
ROA not before:           Thu 29 Jan 2026 17:05:21 +0000
ROA not after:            Thu 28 Jan 2027 17:10:21 +0000
asID:                     10753
IP address blocks:        82.22.26.0/24 maxlen: 24
                          82.38.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:e5:29:55:bd:73:87:68:58:9b:13:89:2c:94:cf:32:92:7a:a0:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 29 17:05:21 2026 GMT
            Not After : Jan 28 17:10:21 2027 GMT
        Subject: CN=D38FA2833307F4DF5D9B592ADEBECC2B71387A63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5b:06:da:db:99:9c:96:98:52:95:91:bf:1a:
                    86:4e:7a:5c:d5:31:c6:77:36:e6:60:ab:f8:2b:ad:
                    7e:0f:5a:b4:02:0d:52:cf:30:f8:f7:d0:d2:96:40:
                    8e:42:d3:fa:ae:e6:4d:83:89:64:14:53:45:c9:35:
                    22:be:02:27:ce:48:72:c2:90:dc:71:58:95:2c:ad:
                    76:19:70:8d:db:86:fa:3c:ef:25:a1:85:58:f3:d8:
                    8a:e9:da:13:0c:c5:96:a6:f4:9c:57:21:6f:09:ad:
                    d2:11:f1:d2:2b:d0:ee:43:0d:e1:2e:18:85:82:1b:
                    db:d9:9a:39:c7:45:b1:c0:23:26:56:8d:cf:13:62:
                    d6:3b:1e:6d:82:2e:73:a7:d8:07:28:cc:5c:4e:d4:
                    05:32:bc:5c:41:d4:08:67:9a:a6:ff:ff:48:b0:1a:
                    05:d9:be:a5:3c:99:b5:77:e2:85:ca:ab:a5:8e:d6:
                    34:9e:19:4a:c2:bd:15:d2:04:4d:71:d6:fa:6f:28:
                    29:27:2d:26:44:93:5d:0c:f2:75:1e:0b:c7:e4:fe:
                    40:4b:08:8d:b5:5a:8d:72:00:80:ad:d7:1a:93:53:
                    07:81:20:ff:83:ec:af:5b:dc:3a:7d:f1:97:c7:23:
                    24:8e:1e:f4:93:37:52:b1:67:13:b5:38:56:30:e7:
                    c5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:8F:A2:83:33:07:F4:DF:5D:9B:59:2A:DE:BE:CC:2B:71:38:7A:63
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS10753.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.26.0/24
                  82.38.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:e4:7d:6b:7b:95:f6:ad:1b:5b:a1:71:ca:4e:a4:b1:22:e0:
         8e:e1:70:17:97:6f:45:44:d6:2e:b7:ba:9f:38:58:56:22:3c:
         5d:92:e5:51:e0:d5:b0:9c:55:40:64:9d:b5:63:60:9f:32:4f:
         d8:1d:70:73:67:49:19:c3:a2:7c:9d:07:d6:37:a8:16:ed:d7:
         9b:61:c8:67:f8:e7:fa:e5:b1:b0:48:25:ac:e7:dc:20:46:bc:
         37:db:e9:0e:f1:82:db:e0:28:c7:e3:56:cc:5e:ee:d9:6f:7a:
         4c:94:5a:67:e2:d7:cc:a2:7a:83:6a:81:65:91:7f:65:e4:e3:
         d3:80:df:57:7f:c6:d0:4c:cc:d3:52:f2:36:1a:76:fe:f5:75:
         eb:d6:aa:ef:0c:67:93:91:09:43:73:6b:b5:a2:b0:58:f3:58:
         c9:50:cb:65:13:d5:49:b6:b9:10:92:ad:86:fb:28:bb:5d:ec:
         9b:17:a8:5b:f2:21:fb:ae:88:89:c2:57:5e:76:c2:b5:05:79:
         58:74:d5:c7:e0:c0:89:20:e3:57:9f:bd:d0:9b:30:dd:da:46:
         7f:20:ba:c1:28:91:22:73:75:29:62:c4:68:8a:8b:ec:2e:01:
         20:e1:c7:21:af:70:f9:0f:f8:8b:25:ba:39:20:54:26:4d:fa:
         19:cc:30:e4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUCuUpVb1zh2hYmxOJLJTPMpJ6oJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMjkxNzA1MjFaFw0yNzAxMjgxNzEwMjFaMDMxMTAvBgNV
BAMTKEQzOEZBMjgzMzMwN0Y0REY1RDlCNTkyQURFQkVDQzJCNzEzODdBNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Wwba25mclphSlZG/GoZOelzV
McZ3NuZgq/grrX4PWrQCDVLPMPj30NKWQI5C0/qu5k2DiWQUU0XJNSK+AifOSHLC
kNxxWJUsrXYZcI3bhvo87yWhhVjz2Irp2hMMxZam9JxXIW8JrdIR8dIr0O5DDeEu
GIWCG9vZmjnHRbHAIyZWjc8TYtY7Hm2CLnOn2AcozFxO1AUyvFxB1Ahnmqb//0iw
GgXZvqU8mbV34oXKq6WO1jSeGUrCvRXSBE1x1vpvKCknLSZEk10M8nUeC8fk/kBL
CI21Wo1yAICt1xqTUweBIP+D7K9b3Dp98ZfHIySOHvSTN1KxZxO1OFYw58WhAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU04+igzMH9N9dm1kq3r7MK3E4emMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTA3NTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFhoD
BABSJgwwDQYJKoZIhvcNAQELBQADggEBAF3kfWt7lfatG1uhccpOpLEi4I7hcBeX
b0VE1i63up84WFYiPF2S5VHg1bCcVUBknbVjYJ8yT9gdcHNnSRnDonydB9Y3qBbt
15thyGf45/rlsbBIJazn3CBGvDfb6Q7xgtvgKMfjVsxe7tlvekyUWmfi18yieoNq
gWWRf2Xk49OA31d/xtBMzNNS8jYadv71devWqu8MZ5ORCUNza7WisFjzWMlQy2UT
1Um2uRCSrYb7KLtd7JsXqFvyIfuuiInCV152wrUFeVh01cfgwIkg41efvdCbMN3a
Rn8gusEokSJzdSlixGiKi+wuASDhxyGvcPkP+IslujkgVCZN+hnMMOQ=
-----END CERTIFICATE-----