Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          FlxUPxStDgn2qPFIs5bwNpkYPiv0Tx6NNuqSs6yiZlU=
Subject key identifier:   15:AE:63:E8:43:AC:73:D5:58:01:C8:07:EC:AC:D6:0F:4E:F4:17:BA
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4C8BF89CB8BC905F3BFD4DFE9CEB280C674FBAF9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS138195.roa
Signing time:             Tue 10 Jun 2025 06:57:45 +0000
ROA not before:           Tue 10 Jun 2025 06:52:45 +0000
ROA not after:            Tue 09 Jun 2026 06:57:45 +0000
asID:                     138195
IP address blocks:        82.21.75.0/24 maxlen: 24
                          82.24.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:8b:f8:9c:b8:bc:90:5f:3b:fd:4d:fe:9c:eb:28:0c:67:4f:ba:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 10 06:52:45 2025 GMT
            Not After : Jun  9 06:57:45 2026 GMT
        Subject: CN=15AE63E843AC73D55801C807ECACD60F4EF417BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:11:df:5e:88:08:56:5a:b0:57:6c:af:45:a1:
                    71:02:90:f4:dc:c3:40:6d:c0:e8:77:18:3e:25:b0:
                    3c:98:91:c8:fe:81:28:bb:44:40:af:e1:9e:93:87:
                    dd:ae:45:20:f8:0c:8c:5e:a5:d5:8d:79:e2:4b:5b:
                    f6:11:f1:b2:10:96:ea:73:b0:2a:ec:0b:a8:ea:ff:
                    77:a7:8c:5b:c0:59:09:5a:29:6b:74:e3:2e:67:dc:
                    eb:e4:da:77:09:65:69:41:19:8c:7d:fd:7c:9b:09:
                    75:76:cd:6f:35:e8:6a:e7:58:92:93:2b:95:47:42:
                    bb:bc:00:d6:c1:b1:61:3c:18:01:2a:21:c3:bb:3b:
                    1c:08:3e:6c:9b:d2:70:22:8d:59:44:1e:f8:b7:ce:
                    4f:0d:fc:8a:00:3c:57:4c:cc:11:c9:06:d5:fa:a0:
                    9f:45:48:36:26:05:57:1b:1a:20:8b:11:64:eb:68:
                    f3:1c:9b:e2:24:d1:65:69:89:66:7e:58:89:ec:4b:
                    d8:d0:d3:2b:f8:d5:ec:25:1e:cb:61:b3:8e:fd:1b:
                    f6:d3:43:f4:61:cf:81:0c:38:c3:fc:2f:e0:e6:cb:
                    6e:b6:9d:0b:93:f4:8e:19:6f:39:7b:91:af:6a:c2:
                    66:ae:62:28:de:78:56:a3:47:15:1b:4e:72:0c:9a:
                    5a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:AE:63:E8:43:AC:73:D5:58:01:C8:07:EC:AC:D6:0F:4E:F4:17:BA
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.75.0/24
                  82.24.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:0e:38:77:50:a1:14:f7:26:61:95:3a:51:bc:4a:cb:af:2e:
         05:37:a0:81:7f:08:22:a4:86:15:61:9c:2f:0a:4e:08:fb:9b:
         e9:4f:fc:7a:94:39:d9:9d:8e:2b:4a:38:72:f9:30:2a:91:63:
         17:c8:77:4e:29:22:a4:ae:af:09:18:94:6c:9d:03:3f:a8:39:
         4c:56:84:d9:f2:c2:86:19:2b:a3:1e:87:bd:2f:ea:c7:22:fe:
         5e:b0:64:7c:a2:42:bb:ed:a7:73:14:0a:0d:3e:82:74:6b:3a:
         d2:04:b0:86:42:40:d6:70:1f:8d:c3:21:85:6a:e1:97:00:b3:
         52:89:11:f5:48:de:32:20:83:20:b5:14:f3:28:7b:61:b4:72:
         4c:20:84:90:24:55:2b:62:6d:08:58:e0:b2:24:06:c4:8b:8a:
         ae:eb:6a:d5:d6:eb:6f:16:34:73:0d:8a:bc:ff:86:b7:6d:da:
         22:f5:d9:7a:a7:6b:81:6b:1c:e2:cb:b3:47:a5:81:cb:d5:b3:
         68:6a:eb:6a:3a:8e:41:4b:62:6a:68:8b:4f:76:41:ef:50:e6:
         04:ce:0a:c4:5e:3b:14:b2:a8:46:dd:9b:1f:2c:af:f4:ba:aa:
         08:ff:b1:05:fa:ad:2c:7a:07:f5:69:0d:b6:f5:99:e7:78:71:
         41:eb:08:b2
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUTIv4nLi8kF87/U3+nOsoDGdPuvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTAwNjUyNDVaFw0yNjA2MDkwNjU3NDVaMDMxMTAvBgNV
BAMTKDE1QUU2M0U4NDNBQzczRDU1ODAxQzgwN0VDQUNENjBGNEVGNDE3QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Ed9eiAhWWrBXbK9FoXECkPTc
w0BtwOh3GD4lsDyYkcj+gSi7RECv4Z6Th92uRSD4DIxepdWNeeJLW/YR8bIQlupz
sCrsC6jq/3enjFvAWQlaKWt04y5n3Ovk2ncJZWlBGYx9/XybCXV2zW816GrnWJKT
K5VHQru8ANbBsWE8GAEqIcO7OxwIPmyb0nAijVlEHvi3zk8N/IoAPFdMzBHJBtX6
oJ9FSDYmBVcbGiCLEWTraPMcm+Ik0WVpiWZ+WInsS9jQ0yv41ewlHsths479G/bT
Q/Rhz4EMOMP8L+Dmy262nQuT9I4Zbzl7ka9qwmauYijeeFajRxUbTnIMmlqJAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUFa5j6EOsc9VYAcgH7KzWD070F7owHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhVL
AwQAUhhMMA0GCSqGSIb3DQEBCwUAA4IBAQCTDjh3UKEU9yZhlTpRvErLry4FN6CB
fwgipIYVYZwvCk4I+5vpT/x6lDnZnY4rSjhy+TAqkWMXyHdOKSKkrq8JGJRsnQM/
qDlMVoTZ8sKGGSujHoe9L+rHIv5esGR8okK77adzFAoNPoJ0azrSBLCGQkDWcB+N
wyGFauGXALNSiRH1SN4yIIMgtRTzKHthtHJMIISQJFUrYm0IWOCyJAbEi4qu62rV
1utvFjRzDYq8/4a3bdoi9dl6p2uBaxziy7NHpYHL1bNoautqOo5BS2JqaItPdkHv
UOYEzgrEXjsUsqhG3ZsfLK/0uqoI/7EF+q0segf1aQ229ZnneHFB6wiy
-----END CERTIFICATE-----