Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS18978.roa
File:                     AS18978.roa (raw, json)
Hash identifier:          2XYYcb+NQI66t8dou3+CrSbaXJayJDFq2BGACZP0IDc=
Subject key identifier:   DB:D2:D0:50:18:F5:5D:26:BD:17:E0:EF:46:C2:FF:BA:B3:4A:C2:9F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4DAA3F239FB930A4568552D77080EEB100731E75
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS18978.roa
Signing time:             Sat 06 Jun 2026 15:42:57 +0000
ROA not before:           Sat 06 Jun 2026 15:37:57 +0000
ROA not after:            Sat 05 Jun 2027 15:42:57 +0000
asID:                     18978
IP address blocks:        82.47.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:aa:3f:23:9f:b9:30:a4:56:85:52:d7:70:80:ee:b1:00:73:1e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  6 15:37:57 2026 GMT
            Not After : Jun  5 15:42:57 2027 GMT
        Subject: CN=DBD2D05018F55D26BD17E0EF46C2FFBAB34AC29F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b3:e0:7e:74:c4:0b:fc:f9:31:e3:fe:b8:86:
                    38:1d:6e:e7:8d:19:db:93:b9:19:1a:af:1b:35:7e:
                    91:67:bf:5a:e5:82:62:3f:0e:e5:7b:36:f7:25:28:
                    f4:26:75:d4:70:b8:5a:da:ab:ac:5a:fb:7a:89:a9:
                    dd:1a:c6:86:db:37:65:84:86:a0:11:26:d8:b7:8e:
                    90:2f:50:b1:14:b7:15:88:9e:32:c2:e5:95:7b:2a:
                    1b:6d:32:98:14:27:5f:fb:b7:bc:08:94:b2:8c:96:
                    be:8c:06:70:8f:fe:2e:16:26:38:3d:42:c5:84:66:
                    32:51:b3:91:fa:f9:13:b4:59:41:e5:3e:86:c3:e8:
                    33:f4:39:4c:f3:d4:65:96:e7:62:4c:cb:33:ad:fc:
                    76:21:d5:9b:58:7e:93:4b:07:89:12:23:67:db:a0:
                    9a:26:f5:42:a5:91:cc:2a:db:19:5e:af:66:4a:66:
                    21:53:2b:e3:73:7d:08:25:3e:a2:49:25:75:24:68:
                    6d:71:27:54:c5:94:da:67:f7:ce:d8:30:d5:9f:f2:
                    d9:2e:55:19:a5:00:3d:ef:1d:49:04:b9:db:31:b4:
                    ab:fb:80:3b:e3:6b:6f:62:c0:f4:e5:68:bd:f6:6e:
                    0c:91:e5:a3:76:7f:15:a8:6f:ed:b2:9a:77:55:05:
                    e0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D2:D0:50:18:F5:5D:26:BD:17:E0:EF:46:C2:FF:BA:B3:4A:C2:9F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS18978.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:27:95:8f:e6:f4:40:98:64:ab:d1:6d:bd:6e:ad:aa:e4:e5:
         bd:9f:08:dd:29:a5:8a:e1:c5:f8:2c:0f:d9:5d:b7:d0:b4:fa:
         be:89:f1:ac:c0:f8:35:22:ab:b2:73:f2:45:54:6e:6a:47:3a:
         cd:e2:af:e0:70:b7:1a:d4:12:b1:f4:cd:10:00:31:b2:cf:c9:
         d7:d0:cd:0c:03:b0:07:47:e1:41:46:ed:c2:60:93:e7:d8:f0:
         a8:87:5c:dd:1f:11:ae:01:ac:7d:2f:ff:7e:2f:fb:c2:84:12:
         ee:c5:9a:7c:69:75:85:a5:01:f0:ba:47:41:96:22:b3:29:59:
         a7:18:4d:b8:ca:97:91:11:2b:a7:df:ef:11:8b:ef:98:87:77:
         61:a9:36:42:a1:2f:6e:44:cb:17:27:7e:bb:44:6b:b2:1b:83:
         55:3c:5e:85:ce:15:1a:4d:cd:d5:9e:ed:0f:12:4a:54:98:2b:
         92:af:0a:14:ab:21:e9:28:ff:dc:54:c5:27:55:d0:da:aa:6d:
         50:1d:38:d9:ec:26:b1:34:ca:5b:60:30:f2:c7:cd:f8:dd:3d:
         17:b2:98:21:45:68:11:f8:26:d8:ca:5d:e2:26:70:a7:2e:e9:
         c4:8d:dd:01:30:7f:5f:e7:14:e5:3f:fd:91:ff:85:f6:e7:b4:
         9c:83:df:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTao/I5+5MKRWhVLXcIDusQBzHnUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDYxNTM3NTdaFw0yNzA2MDUxNTQyNTdaMDMxMTAvBgNV
BAMTKERCRDJEMDUwMThGNTVEMjZCRDE3RTBFRjQ2QzJGRkJBQjM0QUMyOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDs+B+dMQL/Pkx4/64hjgdbueN
GduTuRkarxs1fpFnv1rlgmI/DuV7NvclKPQmddRwuFraq6xa+3qJqd0axobbN2WE
hqARJti3jpAvULEUtxWInjLC5ZV7KhttMpgUJ1/7t7wIlLKMlr6MBnCP/i4WJjg9
QsWEZjJRs5H6+RO0WUHlPobD6DP0OUzz1GWW52JMyzOt/HYh1ZtYfpNLB4kSI2fb
oJom9UKlkcwq2xler2ZKZiFTK+NzfQglPqJJJXUkaG1xJ1TFlNpn987YMNWf8tku
VRmlAD3vHUkEudsxtKv7gDvja29iwPTlaL32bgyR5aN2fxWob+2ymndVBeA9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU29LQUBj1XSa9F+DvRsL/urNKwp8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTg5Nzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSL5Yw
DQYJKoZIhvcNAQELBQADggEBAE8nlY/m9ECYZKvRbb1urark5b2fCN0ppYrhxfgs
D9ldt9C0+r6J8azA+DUiq7Jz8kVUbmpHOs3ir+BwtxrUErH0zRAAMbLPydfQzQwD
sAdH4UFG7cJgk+fY8KiHXN0fEa4BrH0v/34v+8KEEu7FmnxpdYWlAfC6R0GWIrMp
WacYTbjKl5ERK6ff7xGL75iHd2GpNkKhL25EyxcnfrtEa7Ibg1U8XoXOFRpNzdWe
7Q8SSlSYK5KvChSrIeko/9xUxSdV0NqqbVAdONnsJrE0yltgMPLHzfjdPReymCFF
aBH4JtjKXeImcKcu6cSN3QEwf1/nFOU//ZH/hfbntJyD3wQ=
-----END CERTIFICATE-----