Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147003.roa
File:                     AS147003.roa (raw, json)
Hash identifier:          3LnAV2CiqkT2CP+nx88anAKplgfpni9ez9vHKFy/X+c=
Subject key identifier:   60:20:E7:0C:7B:86:F5:DC:EE:F3:10:BE:AE:E8:46:4B:E3:CE:A4:6F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7B59A48F55E896AD9569882271C74BB637B6BBA2
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147003.roa
Signing time:             Fri 12 Jun 2026 13:05:31 +0000
ROA not before:           Fri 12 Jun 2026 13:00:31 +0000
ROA not after:            Fri 11 Jun 2027 13:05:31 +0000
asID:                     147003
IP address blocks:        82.41.138.0/23 maxlen: 24
                          84.75.180.0/23 maxlen: 24
                          178.83.220.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:59:a4:8f:55:e8:96:ad:95:69:88:22:71:c7:4b:b6:37:b6:bb:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 12 13:00:31 2026 GMT
            Not After : Jun 11 13:05:31 2027 GMT
        Subject: CN=6020E70C7B86F5DCEEF310BEAEE8464BE3CEA46F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:49:a4:66:bd:d9:88:e8:ea:f3:88:5f:03:46:
                    d0:b7:cb:82:a4:04:38:a8:ed:98:c6:65:bb:3f:32:
                    dd:47:4b:f9:0d:6d:0b:f8:71:fb:71:c6:4b:56:75:
                    00:90:88:3a:7f:ef:95:03:62:cb:e5:a7:6e:38:05:
                    c2:f7:5a:54:35:e8:e5:51:27:92:aa:f4:f6:f2:c3:
                    fa:22:77:c1:df:bb:73:07:b0:53:ee:08:69:c3:53:
                    d6:90:24:9f:97:23:cb:86:44:c5:44:94:4d:12:48:
                    0c:2e:80:0e:6e:21:e3:3f:9c:56:4c:12:20:d5:d9:
                    be:0c:98:20:85:65:10:6d:1b:e2:e3:13:3f:0b:56:
                    24:6c:ca:db:15:a2:b9:2a:02:44:b4:e2:0b:41:b7:
                    41:ea:f0:3c:0d:67:75:cd:89:7d:d1:81:3f:61:a6:
                    b4:d9:28:b8:0e:15:c8:90:f9:f9:4a:49:a9:ad:7e:
                    44:5f:15:ca:e9:f8:09:85:3c:63:4b:11:17:fc:fe:
                    d8:c0:5a:69:3f:8b:eb:57:af:37:2b:7b:5e:8a:5f:
                    a0:05:33:36:d1:68:c1:21:bc:a3:92:f1:9f:f5:bc:
                    65:18:b1:53:80:e8:ba:6f:91:e7:75:9d:ec:5a:4d:
                    20:f6:81:64:2d:ad:f7:7d:2d:01:3c:b7:96:c7:d6:
                    0c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:20:E7:0C:7B:86:F5:DC:EE:F3:10:BE:AE:E8:46:4B:E3:CE:A4:6F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.138.0/23
                  84.75.180.0/23
                  178.83.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:1c:2f:e9:72:a7:6b:6a:8f:36:e3:b9:d6:a5:e5:8a:2b:3e:
         0b:88:20:d3:8d:98:eb:bd:ab:56:01:42:38:44:1b:bb:68:3e:
         0d:20:84:86:a7:00:a8:ae:f9:1f:3d:8a:bd:2c:1e:09:72:b8:
         24:ce:c1:9e:38:38:8b:b5:de:c9:ed:c2:b7:01:8e:7e:86:d3:
         38:04:13:ae:ed:0b:d8:e2:44:67:e5:73:5d:7b:d7:2a:13:52:
         2c:15:b4:20:ae:0d:06:a3:78:97:34:86:73:ec:49:2c:3f:6e:
         b5:73:3e:24:99:bc:7c:ae:b5:c0:71:7c:ed:8b:7a:17:1d:7c:
         91:3f:3e:b1:ec:60:bc:7c:d5:02:1d:95:00:6a:fd:7b:67:b4:
         b3:6f:23:b0:5d:d5:88:27:bc:19:00:1c:b6:55:e8:42:2d:06:
         10:99:89:02:49:b2:70:40:43:cb:e6:07:5b:13:7b:39:f4:f3:
         f4:45:f4:71:f0:2f:a6:26:07:17:d4:8e:18:69:38:b0:2f:d7:
         5f:fa:3b:38:f0:d8:25:b2:ec:fb:e3:3a:6a:71:3c:dc:9f:c0:
         07:60:f0:b9:da:00:3d:b0:33:10:c5:1d:6e:5b:54:aa:3b:82:
         c2:e2:78:59:00:ef:a2:64:30:57:88:7c:22:d3:0e:19:7a:67:
         ea:36:39:89
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUe1mkj1Xolq2VaYgiccdLtje2u6IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MTIxMzAwMzFaFw0yNzA2MTExMzA1MzFaMDMxMTAvBgNV
BAMTKDYwMjBFNzBDN0I4NkY1RENFRUYzMTBCRUFFRTg0NjRCRTNDRUE0NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJSaRmvdmI6OrziF8DRtC3y4Kk
BDio7ZjGZbs/Mt1HS/kNbQv4cftxxktWdQCQiDp/75UDYsvlp244BcL3WlQ16OVR
J5Kq9Pbyw/oid8Hfu3MHsFPuCGnDU9aQJJ+XI8uGRMVElE0SSAwugA5uIeM/nFZM
EiDV2b4MmCCFZRBtG+LjEz8LViRsytsVorkqAkS04gtBt0Hq8DwNZ3XNiX3RgT9h
prTZKLgOFciQ+flKSamtfkRfFcrp+AmFPGNLERf8/tjAWmk/i+tXrzcre16KX6AF
MzbRaMEhvKOS8Z/1vGUYsVOA6Lpvked1nexaTSD2gWQtrfd9LQE8t5bH1gwpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUYCDnDHuG9dzu8xC+ruhGS+POpG8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQ3MDAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUimK
AwQBVEu0AwQBslPcMA0GCSqGSIb3DQEBCwUAA4IBAQBiHC/pcqdrao8247nWpeWK
Kz4LiCDTjZjrvatWAUI4RBu7aD4NIISGpwCorvkfPYq9LB4JcrgkzsGeODiLtd7J
7cK3AY5+htM4BBOu7QvY4kRn5XNde9cqE1IsFbQgrg0Go3iXNIZz7EksP261cz4k
mbx8rrXAcXzti3oXHXyRPz6x7GC8fNUCHZUAav17Z7SzbyOwXdWIJ7wZABy2VehC
LQYQmYkCSbJwQEPL5gdbE3s59PP0RfRx8C+mJgcX1I4YaTiwL9df+js48Nglsuz7
4zpqcTzcn8AHYPC52gA9sDMQxR1uW1SqO4LC4nhZAO+iZDBXiHwi0w4ZemfqNjmJ
-----END CERTIFICATE-----