Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS137897.roa
File:                     AS137897.roa (raw, json)
Hash identifier:          4eCBE9pWpw+ASP13pGoShZY1WN9jibQYe6eehjhqWQo=
Subject key identifier:   B1:12:D4:46:C3:D8:70:D8:88:D9:3F:F8:AF:F9:7D:81:19:8A:77:58
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       32975D3D9116335C563D6D0B85BC9B0BDCFBE6DA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS137897.roa
Signing time:             Thu 29 Jan 2026 17:10:21 +0000
ROA not before:           Thu 29 Jan 2026 17:05:21 +0000
ROA not after:            Thu 28 Jan 2027 17:10:21 +0000
asID:                     137897
IP address blocks:        82.22.26.0/24 maxlen: 24
                          82.38.12.0/24 maxlen: 24
                          2a13:9500:7c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:97:5d:3d:91:16:33:5c:56:3d:6d:0b:85:bc:9b:0b:dc:fb:e6:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 29 17:05:21 2026 GMT
            Not After : Jan 28 17:10:21 2027 GMT
        Subject: CN=B112D446C3D870D888D93FF8AFF97D81198A7758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:04:17:b3:e8:e6:0b:c0:37:d4:c6:f9:ad:9c:
                    1a:2e:6d:13:39:7c:c2:68:81:2a:60:9e:e0:77:6f:
                    64:c4:0d:f2:92:db:dd:5b:1f:47:59:a7:7c:dd:da:
                    5e:b9:bb:54:11:a2:76:4b:6a:d1:14:b4:f8:a4:61:
                    06:05:52:21:92:67:5a:2d:c9:44:70:19:40:ca:3a:
                    d0:b5:e4:13:58:e6:e3:c5:c4:19:e1:58:c6:77:d5:
                    15:12:2e:58:2e:20:e9:0c:f7:19:85:c0:44:42:dc:
                    12:4c:39:a3:b2:4f:bb:b1:6c:b3:5a:b1:03:1d:00:
                    73:43:e6:6e:3b:db:9c:20:60:f7:c1:21:ba:53:4c:
                    63:29:66:e0:ca:86:84:5c:d7:50:5b:d6:79:a0:1c:
                    49:f0:8c:e3:95:3d:fc:8f:30:d0:71:6c:14:11:aa:
                    8e:14:de:96:ac:86:c4:b3:a4:fa:54:9d:84:ce:3e:
                    9a:ca:e5:1c:6c:a8:be:34:cf:f4:7c:4d:93:0a:0c:
                    95:e0:7b:b7:b1:49:74:f8:31:a4:58:2c:79:aa:54:
                    29:72:ad:0e:12:3a:83:d1:37:11:83:33:c4:d8:b3:
                    ab:7f:73:98:22:70:f7:8d:da:4d:45:b4:17:26:c5:
                    58:05:e9:05:78:36:2a:6c:cf:a0:e3:2d:7a:95:69:
                    7f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:12:D4:46:C3:D8:70:D8:88:D9:3F:F8:AF:F9:7D:81:19:8A:77:58
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS137897.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.26.0/24
                  82.38.12.0/24
                IPv6:
                  2a13:9500:7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:4d:32:df:d3:36:7d:1e:ef:4d:68:b0:2b:68:bb:e7:9b:2a:
         3a:d9:c3:65:11:6a:10:94:67:2f:b2:aa:17:27:e4:5f:c8:e2:
         c0:f0:a9:4c:2e:70:5f:83:a2:5d:41:63:2c:0f:a1:a4:46:3c:
         a2:f9:74:a4:c4:54:f7:d2:eb:30:ec:30:d9:d5:44:f8:4e:32:
         af:64:bb:03:54:c4:3c:7c:ec:34:68:d3:28:df:fd:ff:1a:4c:
         66:de:82:67:dd:02:e3:d6:30:75:8e:80:f0:cb:d3:ae:48:a1:
         a9:1a:36:3e:c7:ff:0c:17:8c:25:a0:10:22:f8:3d:ee:65:83:
         99:60:79:19:06:47:96:58:cc:b7:df:51:4c:40:bb:f0:5c:1b:
         34:65:52:22:76:48:19:19:1c:6f:82:f1:1b:da:e5:13:aa:95:
         99:b9:c2:7e:d6:04:c6:20:e5:f4:45:51:b0:59:10:35:8a:ea:
         e4:bd:ea:e8:52:a2:8a:9e:21:90:db:35:0f:48:bd:80:e6:eb:
         d4:a7:cc:1e:9e:24:db:da:f9:c8:8b:d1:00:93:e9:c3:32:7f:
         ff:ab:dd:5d:06:6d:b6:58:b8:32:c9:11:f3:ae:cd:e7:a1:ac:
         db:28:d9:0f:54:36:27:82:2a:86:90:a0:07:52:cf:ff:8c:43:
         e8:b7:fe:0c
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUMpddPZEWM1xWPW0LhbybC9z75towDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMjkxNzA1MjFaFw0yNzAxMjgxNzEwMjFaMDMxMTAvBgNV
BAMTKEIxMTJENDQ2QzNEODcwRDg4OEQ5M0ZGOEFGRjk3RDgxMTk4QTc3NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjBBez6OYLwDfUxvmtnBoubRM5
fMJogSpgnuB3b2TEDfKS291bH0dZp3zd2l65u1QRonZLatEUtPikYQYFUiGSZ1ot
yURwGUDKOtC15BNY5uPFxBnhWMZ31RUSLlguIOkM9xmFwERC3BJMOaOyT7uxbLNa
sQMdAHND5m4725wgYPfBIbpTTGMpZuDKhoRc11Bb1nmgHEnwjOOVPfyPMNBxbBQR
qo4U3pashsSzpPpUnYTOPprK5RxsqL40z/R8TZMKDJXge7exSXT4MaRYLHmqVCly
rQ4SOoPRNxGDM8TYs6t/c5gicPeN2k1FtBcmxVgF6QV4Nipsz6DjLXqVaX9fAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUsRLURsPYcNiI2T/4r/l9gRmKd1gwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM3ODk3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAUhYa
AwQAUiYMMA8EAgACMAkDBwAqE5UAAHwwDQYJKoZIhvcNAQELBQADggEBAJtNMt/T
Nn0e701osCtou+ebKjrZw2URahCUZy+yqhcn5F/I4sDwqUwucF+Dol1BYywPoaRG
PKL5dKTEVPfS6zDsMNnVRPhOMq9kuwNUxDx87DRo0yjf/f8aTGbegmfdAuPWMHWO
gPDL065IoakaNj7H/wwXjCWgECL4Pe5lg5lgeRkGR5ZYzLffUUxAu/BcGzRlUiJ2
SBkZHG+C8Rva5ROqlZm5wn7WBMYg5fRFUbBZEDWK6uS96uhSooqeIZDbNQ9IvYDm
69SnzB6eJNva+ciL0QCT6cMyf/+r3V0GbbZYuDLJEfOuzeehrNso2Q9UNieCKoaQ
oAdSz/+MQ+i3/gw=
-----END CERTIFICATE-----