Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136744.roa
File:                     AS136744.roa (raw, json)
Hash identifier:          TMHxk9mcsT3/PAOP+jGch+tMcKRcgR5WLCjFsT+pQjk=
Subject key identifier:   29:60:53:27:12:54:37:4D:55:9D:D5:1F:DF:62:07:6B:F7:82:16:68
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       18C2801419CD3B59ABFD31A6AA6AF3CDBB1BD15B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136744.roa
Signing time:             Sat 24 Jan 2026 00:00:09 +0000
ROA not before:           Fri 23 Jan 2026 23:55:09 +0000
ROA not after:            Sat 23 Jan 2027 00:00:09 +0000
asID:                     136744
IP address blocks:        82.22.8.0/24 maxlen: 24
                          82.24.127.0/24 maxlen: 24
                          82.26.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:c2:80:14:19:cd:3b:59:ab:fd:31:a6:aa:6a:f3:cd:bb:1b:d1:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 23 23:55:09 2026 GMT
            Not After : Jan 23 00:00:09 2027 GMT
        Subject: CN=296053271254374D559DD51FDF62076BF7821668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cf:9a:a2:8b:47:a2:df:3c:f5:a2:ea:b8:47:
                    6d:81:a6:09:ca:64:c4:85:f3:da:88:d2:49:c2:73:
                    38:7c:db:3b:39:dc:1d:77:22:8c:79:ab:45:56:af:
                    8e:63:4a:20:2c:ff:7e:cb:48:3e:4e:72:f4:16:97:
                    68:2b:cc:58:a2:bc:86:ab:be:09:b7:57:d7:bb:db:
                    1a:98:fd:a3:91:5a:83:08:e1:80:16:2c:f2:e6:25:
                    2c:8b:63:7d:b0:8f:f4:0d:e6:81:fb:ba:57:e9:6e:
                    4c:78:e5:34:14:ad:82:5d:6b:a7:2b:0c:ff:0b:68:
                    a9:f7:06:9f:cc:18:81:2f:6d:d7:13:30:20:e2:8c:
                    85:50:62:a6:f3:d2:f8:76:89:dd:bf:3d:32:9d:98:
                    93:90:c2:91:65:cf:6d:10:1b:f4:df:b2:50:0f:2c:
                    37:65:42:d9:f2:99:a9:d1:b4:2d:21:2a:a7:e5:14:
                    7d:b9:54:2a:06:c6:b5:ef:3f:c9:33:b9:01:fd:32:
                    5e:08:1f:04:83:10:72:40:ce:19:65:77:12:37:6f:
                    f5:87:95:e1:56:96:72:31:b2:e8:20:fe:18:4d:79:
                    a3:96:4e:d3:15:4e:c1:69:98:bb:ea:e3:8c:5d:9e:
                    66:a5:43:d0:cb:0c:90:24:61:15:b1:4f:31:61:21:
                    6e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:60:53:27:12:54:37:4D:55:9D:D5:1F:DF:62:07:6B:F7:82:16:68
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136744.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.8.0/24
                  82.24.127.0/24
                  82.26.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:0f:60:1c:97:c0:57:6b:a6:a9:b1:98:13:45:14:7d:cb:99:
         0f:bc:26:00:0e:ce:fe:a2:66:44:1b:ce:50:ed:a5:19:dc:ad:
         80:75:88:3f:71:2d:83:aa:1c:19:1e:30:5d:23:d2:94:03:cb:
         f7:a1:f5:94:c6:73:6b:7d:f7:eb:87:69:95:32:d5:f6:31:e2:
         ba:bd:bc:b9:c9:9e:86:ed:d0:bd:e8:39:b2:56:1b:0d:b5:44:
         ba:33:ac:e6:2e:72:b8:66:c7:1c:ed:ce:df:05:56:8c:ff:c5:
         a9:dd:f8:34:a0:69:23:dd:69:b8:34:1b:23:c5:fa:b5:08:b4:
         b2:5e:99:bf:77:bc:09:5f:7d:58:78:f2:fc:6f:c7:aa:79:70:
         0f:ec:f5:93:11:10:64:32:f8:20:8d:cb:61:86:9f:1e:35:73:
         13:a8:d1:ec:b3:aa:83:d7:15:81:f5:24:a0:76:e8:31:f2:c0:
         c0:0c:f1:cd:60:95:6d:03:b1:2f:cb:9f:54:59:86:cb:14:bd:
         c8:26:7c:68:25:fa:e7:b2:fb:91:80:64:d1:69:16:c1:77:fc:
         ed:c4:65:bb:1e:bd:13:7e:28:b4:6a:b0:2f:72:4d:c3:1e:ff:
         6b:af:0b:f9:f1:8f:1d:5c:6c:5e:b0:74:fd:78:52:b1:ea:2d:
         b0:42:d5:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUGMKAFBnNO1mr/TGmqmrzzbsb0VswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMjMyMzU1MDlaFw0yNzAxMjMwMDAwMDlaMDMxMTAvBgNV
BAMTKDI5NjA1MzI3MTI1NDM3NEQ1NTlERDUxRkRGNjIwNzZCRjc4MjE2NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkz5qii0ei3zz1ouq4R22BpgnK
ZMSF89qI0knCczh82zs53B13Iox5q0VWr45jSiAs/37LSD5OcvQWl2grzFiivIar
vgm3V9e72xqY/aORWoMI4YAWLPLmJSyLY32wj/QN5oH7ulfpbkx45TQUrYJda6cr
DP8LaKn3Bp/MGIEvbdcTMCDijIVQYqbz0vh2id2/PTKdmJOQwpFlz20QG/TfslAP
LDdlQtnymanRtC0hKqflFH25VCoGxrXvP8kzuQH9Ml4IHwSDEHJAzhlldxI3b/WH
leFWlnIxsugg/hhNeaOWTtMVTsFpmLvq44xdnmalQ9DLDJAkYRWxTzFhIW5NAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUKWBTJxJUN01VndUf32IHa/eCFmgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM2NzQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUhYI
AwQAUhh/AwQAUhquMA0GCSqGSIb3DQEBCwUAA4IBAQACD2Acl8BXa6apsZgTRRR9
y5kPvCYADs7+omZEG85Q7aUZ3K2AdYg/cS2DqhwZHjBdI9KUA8v3ofWUxnNrfffr
h2mVMtX2MeK6vby5yZ6G7dC96DmyVhsNtUS6M6zmLnK4Zscc7c7fBVaM/8Wp3fg0
oGkj3Wm4NBsjxfq1CLSyXpm/d7wJX31YePL8b8eqeXAP7PWTERBkMvggjcthhp8e
NXMTqNHss6qD1xWB9SSgdugx8sDADPHNYJVtA7Evy59UWYbLFL3IJnxoJfrnsvuR
gGTRaRbBd/ztxGW7Hr0Tfii0arAvck3DHv9rrwv58Y8dXGxesHT9eFKx6i2wQtU9
-----END CERTIFICATE-----