Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200506.roa
File:                     AS200506.roa (raw, json)
Hash identifier:          xAYaik2qnKimZlmI2IIPj+qSvgrtBVLiD6siSeQWyqs=
Subject key identifier:   F7:80:72:F4:59:93:55:D7:06:A9:3D:12:F3:D0:DA:12:FD:18:A2:01
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       58FE5A5E578017FC4EC845B3ABFD3394155F9FF9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200506.roa
Signing time:             Wed 08 Apr 2026 09:19:49 +0000
ROA not before:           Wed 08 Apr 2026 09:14:49 +0000
ROA not after:            Wed 07 Apr 2027 09:19:49 +0000
asID:                     200506
IP address blocks:        82.41.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:fe:5a:5e:57:80:17:fc:4e:c8:45:b3:ab:fd:33:94:15:5f:9f:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  8 09:14:49 2026 GMT
            Not After : Apr  7 09:19:49 2027 GMT
        Subject: CN=F78072F4599355D706A93D12F3D0DA12FD18A201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3d:75:3f:7a:94:5d:94:08:dd:bf:02:89:97:
                    36:3c:d5:97:ed:d7:8e:77:a4:4e:28:bb:19:89:05:
                    b4:fb:fe:72:d6:62:ff:f3:6b:04:2f:3e:8c:73:b2:
                    b5:57:43:fb:f5:ce:33:41:ab:af:77:56:a9:46:07:
                    d1:45:2f:41:56:d4:e0:ce:a5:2d:79:0c:da:f1:9a:
                    2b:6c:34:2e:c8:29:7c:cd:dd:31:85:6b:0a:e5:7f:
                    14:ea:d4:17:c6:af:eb:56:56:e6:e5:0c:84:a1:ef:
                    01:17:99:a9:a3:d6:ba:bb:ab:10:1d:ed:ed:5d:2e:
                    87:d4:c3:1d:eb:eb:5a:f3:e2:7a:f2:c6:d1:be:5a:
                    38:f0:06:f8:d4:06:03:03:5f:4f:fd:7a:e5:e4:1c:
                    19:17:c0:75:13:d1:74:52:da:95:f1:38:c5:29:91:
                    5a:a0:1b:f4:7f:94:1b:57:79:ba:15:12:25:7b:39:
                    36:4b:52:26:32:0c:12:50:81:38:de:ad:06:94:ff:
                    29:55:10:84:c6:c0:21:7f:33:1a:98:19:f4:ac:f7:
                    36:4f:e0:f6:4b:a5:84:9d:e7:29:7c:44:94:02:01:
                    eb:6a:1f:da:8a:60:76:a8:f2:ea:a8:5a:99:e4:29:
                    3f:70:f8:4e:62:95:b7:19:0a:a3:d1:d3:f9:e0:6c:
                    c9:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:80:72:F4:59:93:55:D7:06:A9:3D:12:F3:D0:DA:12:FD:18:A2:01
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200506.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:42:15:3b:5c:6a:74:22:9b:df:ca:b5:07:c8:b8:09:72:72:
         77:76:20:2a:57:fa:b9:02:82:d5:59:29:02:81:f3:50:19:70:
         7c:1c:49:ac:65:4a:38:0d:fc:d0:5d:6e:52:17:b6:9f:85:3b:
         76:99:30:02:b7:1f:3e:1f:79:a6:30:41:90:3c:08:61:45:50:
         04:7d:ae:b7:17:fe:2d:58:44:3b:ff:72:59:4c:a0:82:ce:c9:
         0d:87:45:c8:d8:6a:38:2d:63:ff:94:6e:48:bd:1c:50:68:47:
         51:37:43:be:61:0c:9b:e6:c7:57:31:09:5f:01:a1:5d:a6:49:
         08:cb:56:13:a4:b4:a7:64:a8:40:a0:7a:de:a5:5e:d9:8a:02:
         cf:d5:7d:1f:6e:cb:e8:51:f1:32:c5:3e:39:c3:4e:17:90:18:
         5a:a4:7e:5f:a6:04:5b:bb:1c:a4:4b:b4:18:7f:d8:4a:37:34:
         05:1c:7f:55:25:3d:8f:cd:96:eb:0d:c9:e4:75:8d:01:7e:50:
         4d:c6:6c:76:a7:55:59:d1:6f:39:d1:7e:f0:72:07:1b:89:5a:
         34:e3:51:66:95:44:09:94:55:fa:01:56:30:48:70:2d:d0:8b:
         73:34:35:84:05:9e:8e:37:ff:17:6a:d8:c8:fb:e6:4a:4d:5c:
         de:73:9c:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWP5aXleAF/xOyEWzq/0zlBVfn/kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDgwOTE0NDlaFw0yNzA0MDcwOTE5NDlaMDMxMTAvBgNV
BAMTKEY3ODA3MkY0NTk5MzU1RDcwNkE5M0QxMkYzRDBEQTEyRkQxOEEyMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuPXU/epRdlAjdvwKJlzY81Zft
1453pE4ouxmJBbT7/nLWYv/zawQvPoxzsrVXQ/v1zjNBq693VqlGB9FFL0FW1ODO
pS15DNrxmitsNC7IKXzN3TGFawrlfxTq1BfGr+tWVublDISh7wEXmamj1rq7qxAd
7e1dLofUwx3r61rz4nryxtG+WjjwBvjUBgMDX0/9euXkHBkXwHUT0XRS2pXxOMUp
kVqgG/R/lBtXeboVEiV7OTZLUiYyDBJQgTjerQaU/ylVEITGwCF/MxqYGfSs9zZP
4PZLpYSd5yl8RJQCAetqH9qKYHao8uqoWpnkKT9w+E5ilbcZCqPR0/ngbMn1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU94By9FmTVdcGqT0S89DaEv0YogEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAwNTA2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUimM
MA0GCSqGSIb3DQEBCwUAA4IBAQA3QhU7XGp0IpvfyrUHyLgJcnJ3diAqV/q5AoLV
WSkCgfNQGXB8HEmsZUo4DfzQXW5SF7afhTt2mTACtx8+H3mmMEGQPAhhRVAEfa63
F/4tWEQ7/3JZTKCCzskNh0XI2Go4LWP/lG5IvRxQaEdRN0O+YQyb5sdXMQlfAaFd
pkkIy1YTpLSnZKhAoHrepV7ZigLP1X0fbsvoUfEyxT45w04XkBhapH5fpgRbuxyk
S7QYf9hKNzQFHH9VJT2PzZbrDcnkdY0BflBNxmx2p1VZ0W850X7wcgcbiVo041Fm
lUQJlFX6AVYwSHAt0ItzNDWEBZ6ON/8XatjI++ZKTVzec5x+
-----END CERTIFICATE-----