Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153656.roa
File:                     AS153656.roa (raw, json)
Hash identifier:          P7XMapU4vbcSgIfcuFChHC3PZGX55m5Ispl8rkppV3k=
Subject key identifier:   94:D4:74:59:35:AC:3D:83:34:F8:36:C9:2F:91:D0:C2:7F:67:B1:4B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7FD3B64C9B9120D6ABCB9E79118A948F6C3BCB7C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153656.roa
Signing time:             Fri 27 Feb 2026 03:30:58 +0000
ROA not before:           Fri 27 Feb 2026 03:25:58 +0000
ROA not after:            Fri 26 Feb 2027 03:30:58 +0000
asID:                     153656
IP address blocks:        82.41.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:d3:b6:4c:9b:91:20:d6:ab:cb:9e:79:11:8a:94:8f:6c:3b:cb:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 27 03:25:58 2026 GMT
            Not After : Feb 26 03:30:58 2027 GMT
        Subject: CN=94D4745935AC3D8334F836C92F91D0C27F67B14B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4f:46:36:e2:8a:82:6f:3e:0f:f0:08:7e:4a:
                    3e:62:a5:a3:9d:e2:aa:51:cd:10:77:2e:ef:13:8f:
                    bd:8b:8d:8c:f8:89:11:f6:51:88:7b:a3:cc:84:95:
                    ce:28:bc:ed:28:48:ee:9a:45:42:4e:d2:61:d2:51:
                    b0:2c:64:31:a3:b1:ab:dd:54:7e:b0:b7:9d:08:b6:
                    56:b2:54:85:cc:72:92:78:63:3a:e4:d9:a5:ca:bc:
                    1d:f5:82:ae:16:0b:ce:eb:76:5e:72:a8:16:d0:b7:
                    0a:ec:e4:6a:c7:5a:89:7b:95:f3:4e:a9:4b:d1:51:
                    a6:0d:ca:26:7d:2d:20:95:b9:b6:32:b7:8d:ec:02:
                    47:c5:e4:16:2d:37:8b:5a:83:c7:e3:21:8f:60:84:
                    2c:04:15:af:64:ae:b0:63:88:87:f1:b1:32:0d:89:
                    41:bf:e6:92:fa:cc:36:33:c6:b5:99:d1:1c:a4:70:
                    cb:3a:52:54:e5:53:f6:70:0f:66:30:8c:e1:dd:f2:
                    57:ed:7b:c7:91:3a:7b:c1:e1:5a:8b:20:48:95:ee:
                    39:5e:73:6f:2e:3c:c5:c1:a5:cf:b4:72:f5:cb:61:
                    ea:2a:67:e2:b4:e5:53:b5:18:c1:10:ba:39:23:6d:
                    a1:c7:60:dd:5a:fb:5d:97:6b:67:7d:e2:f1:00:5c:
                    06:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D4:74:59:35:AC:3D:83:34:F8:36:C9:2F:91:D0:C2:7F:67:B1:4B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153656.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:bf:9c:9a:b0:70:30:d0:59:d5:c0:e4:d3:c2:ef:0a:13:45:
         3d:0b:ec:71:bb:f9:87:d4:1c:2a:25:09:f0:c1:86:23:50:5b:
         f1:b3:ab:f3:3c:d0:f7:56:35:9d:bd:64:6b:60:0b:92:a7:d8:
         31:d7:cf:aa:5c:1c:67:18:f3:34:05:df:0c:95:6c:ad:6e:a4:
         d2:66:7b:a9:c6:4c:9a:a5:01:8d:d8:36:5b:91:8e:42:cb:1e:
         af:1e:a9:53:a6:95:48:79:27:32:96:ab:85:73:d3:27:c3:df:
         f2:f6:78:95:19:ad:ff:55:91:29:25:86:bc:ac:c2:09:95:6e:
         6b:2e:b4:6c:76:cc:d0:b9:63:5f:7b:93:04:b8:d1:c2:87:33:
         2a:7c:1f:df:93:14:d4:c5:ca:38:82:41:27:ed:c0:e1:8f:63:
         4d:b6:d6:45:09:cc:b4:c1:07:c4:d9:84:d2:c5:77:6a:fe:bd:
         2a:f8:76:4c:8b:2c:a4:5f:74:51:5d:be:cb:6a:7e:b5:67:bd:
         ce:8f:62:6e:cb:6b:72:01:97:45:75:37:43:da:a7:83:63:9c:
         ae:a7:2f:dc:3e:3c:ec:f3:2e:c2:50:e5:77:f1:31:cb:88:92:
         76:6d:9f:86:ee:92:54:2d:8e:01:fd:47:ac:9a:49:94:33:02:
         7b:69:7e:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUf9O2TJuRINary555EYqUj2w7y3wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMjcwMzI1NThaFw0yNzAyMjYwMzMwNThaMDMxMTAvBgNV
BAMTKDk0RDQ3NDU5MzVBQzNEODMzNEY4MzZDOTJGOTFEMEMyN0Y2N0IxNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJT0Y24oqCbz4P8Ah+Sj5ipaOd
4qpRzRB3Lu8Tj72LjYz4iRH2UYh7o8yElc4ovO0oSO6aRUJO0mHSUbAsZDGjsavd
VH6wt50ItlayVIXMcpJ4Yzrk2aXKvB31gq4WC87rdl5yqBbQtwrs5GrHWol7lfNO
qUvRUaYNyiZ9LSCVubYyt43sAkfF5BYtN4tag8fjIY9ghCwEFa9krrBjiIfxsTIN
iUG/5pL6zDYzxrWZ0RykcMs6UlTlU/ZwD2YwjOHd8lfte8eROnvB4VqLIEiV7jle
c28uPMXBpc+0cvXLYeoqZ+K05VO1GMEQujkjbaHHYN1a+12Xa2d94vEAXAYhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlNR0WTWsPYM0+DbJL5HQwn9nsUswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUzNjU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUilC
MA0GCSqGSIb3DQEBCwUAA4IBAQCAv5yasHAw0FnVwOTTwu8KE0U9C+xxu/mH1Bwq
JQnwwYYjUFvxs6vzPND3VjWdvWRrYAuSp9gx18+qXBxnGPM0Bd8MlWytbqTSZnup
xkyapQGN2DZbkY5Cyx6vHqlTppVIeScylquFc9Mnw9/y9niVGa3/VZEpJYa8rMIJ
lW5rLrRsdszQuWNfe5MEuNHChzMqfB/fkxTUxco4gkEn7cDhj2NNttZFCcy0wQfE
2YTSxXdq/r0q+HZMiyykX3RRXb7Lan61Z73Oj2Juy2tyAZdFdTdD2qeDY5yupy/c
Pjzs8y7CUOV38THLiJJ2bZ+G7pJULY4B/UesmkmUMwJ7aX4B
-----END CERTIFICATE-----