Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201002.roa
File:                     AS201002.roa (raw, json)
Hash identifier:          P6MyDQvyChgCvTaTBNELGtVNb9Ylv7mcJm5MYatqJuo=
Subject key identifier:   AD:C6:9D:9E:5F:3E:BB:C3:3C:85:34:BA:2F:F7:76:9F:9E:A6:14:DB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0CE0A6EBDD09A8C390B795892531ED8391F4AD86
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201002.roa
Signing time:             Sun 12 Apr 2026 13:31:34 +0000
ROA not before:           Sun 12 Apr 2026 13:26:34 +0000
ROA not after:            Sun 11 Apr 2027 13:31:34 +0000
asID:                     201002
IP address blocks:        82.38.128.0/24 maxlen: 24
                          82.39.133.0/24 maxlen: 24
                          2a13:9500:10e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:e0:a6:eb:dd:09:a8:c3:90:b7:95:89:25:31:ed:83:91:f4:ad:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 12 13:26:34 2026 GMT
            Not After : Apr 11 13:31:34 2027 GMT
        Subject: CN=ADC69D9E5F3EBBC33C8534BA2FF7769F9EA614DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:72:a2:dd:c0:86:88:fe:5d:aa:29:83:18:3f:
                    30:b9:b1:ff:00:88:05:28:7f:52:c5:b0:d4:62:2e:
                    10:f7:05:aa:c2:68:b8:f5:0c:51:7e:a8:91:92:06:
                    11:59:45:19:1f:1d:8b:92:63:14:34:f0:16:d5:97:
                    2a:8b:81:88:98:59:6c:36:69:50:ce:58:dd:4a:9b:
                    c2:26:8f:c1:df:94:9b:0c:42:7d:e1:33:46:f0:fc:
                    20:fb:29:84:0b:5d:5d:d8:9b:d8:cc:f0:cd:02:e2:
                    74:39:72:4a:60:25:64:a5:31:7f:d7:26:9b:e5:5c:
                    db:97:96:6c:de:83:1c:8c:fa:87:f3:87:84:cf:0c:
                    26:5c:0c:bc:8b:f8:39:ab:36:5a:d6:5f:b9:aa:8b:
                    68:87:7a:34:0b:5c:84:47:01:de:ff:88:5a:43:d2:
                    a9:0f:c0:ec:6a:70:f1:07:f9:97:82:b0:04:79:77:
                    6e:5f:cb:45:7a:93:e6:01:cd:c8:d2:78:41:49:bf:
                    26:09:33:f0:25:88:3a:09:e6:a7:4a:18:ad:a9:10:
                    85:9a:46:a5:18:b4:00:e5:00:74:37:6f:b0:4c:a3:
                    96:66:ec:98:69:0a:26:51:c5:1b:18:77:1c:e0:45:
                    4c:6d:bf:43:64:61:31:7a:8e:18:2a:9c:b0:c2:81:
                    77:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:C6:9D:9E:5F:3E:BB:C3:3C:85:34:BA:2F:F7:76:9F:9E:A6:14:DB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201002.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.128.0/24
                  82.39.133.0/24
                IPv6:
                  2a13:9500:10e::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:d3:02:e7:4d:50:89:f2:f9:6a:6f:c7:1e:0a:9e:23:e6:9e:
         2e:9a:7e:1d:99:6d:ff:76:b9:98:74:c9:d2:14:c1:a4:0e:ad:
         7a:98:9b:ee:ac:38:7a:fb:c9:31:81:56:1f:2a:df:5f:aa:4b:
         b5:ea:7d:7b:5a:37:57:74:e8:ba:49:09:86:71:a1:0c:48:17:
         1d:64:98:7e:e2:f3:52:f0:df:c0:c0:32:a5:54:4e:e6:24:78:
         8a:1d:4f:68:25:45:31:08:0d:83:be:7d:28:9a:9e:40:f9:f5:
         f3:f0:61:77:ba:a3:ef:2b:fb:45:ca:74:d1:7c:4b:9c:f4:49:
         8c:1c:c2:9c:ec:60:9a:69:63:9a:36:e3:28:e4:f0:66:f1:c2:
         2a:71:05:f7:48:25:2a:82:d1:55:8e:51:b4:20:0e:ad:ed:d1:
         eb:f1:d3:60:fd:ad:12:06:33:2d:ae:73:08:cb:50:77:66:d3:
         0d:36:0f:4c:b3:95:3a:e8:80:e2:a1:7f:94:07:9d:52:a3:77:
         cc:7c:7b:fa:57:b1:29:44:0b:2e:6e:9d:ff:84:b6:d9:e0:a9:
         ac:08:59:e0:84:19:31:b2:ca:cf:ae:1f:82:c2:1b:53:d1:be:
         7a:b8:86:4a:90:21:c9:69:b6:12:34:52:81:4c:f5:43:36:78:
         51:1a:b4:7a
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUDOCm690JqMOQt5WJJTHtg5H0rYYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTIxMzI2MzRaFw0yNzA0MTExMzMxMzRaMDMxMTAvBgNV
BAMTKEFEQzY5RDlFNUYzRUJCQzMzQzg1MzRCQTJGRjc3NjlGOUVBNjE0REIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3cqLdwIaI/l2qKYMYPzC5sf8A
iAUof1LFsNRiLhD3BarCaLj1DFF+qJGSBhFZRRkfHYuSYxQ08BbVlyqLgYiYWWw2
aVDOWN1Km8Imj8HflJsMQn3hM0bw/CD7KYQLXV3Ym9jM8M0C4nQ5ckpgJWSlMX/X
JpvlXNuXlmzegxyM+ofzh4TPDCZcDLyL+DmrNlrWX7mqi2iHejQLXIRHAd7/iFpD
0qkPwOxqcPEH+ZeCsAR5d25fy0V6k+YBzcjSeEFJvyYJM/AliDoJ5qdKGK2pEIWa
RqUYtADlAHQ3b7BMo5Zm7JhpCiZRxRsYdxzgRUxtv0NkYTF6jhgqnLDCgXf3AgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUrcadnl8+u8M8hTS6L/d2n56mFNswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAxMDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAUiaA
AwQAUieFMA8EAgACMAkDBwAqE5UAAQ4wDQYJKoZIhvcNAQELBQADggEBAGrTAudN
UIny+Wpvxx4KniPmni6afh2Zbf92uZh0ydIUwaQOrXqYm+6sOHr7yTGBVh8q31+q
S7XqfXtaN1d06LpJCYZxoQxIFx1kmH7i81Lw38DAMqVUTuYkeIodT2glRTEIDYO+
fSiankD59fPwYXe6o+8r+0XKdNF8S5z0SYwcwpzsYJppY5o24yjk8GbxwipxBfdI
JSqC0VWOUbQgDq3t0evx02D9rRIGMy2ucwjLUHdm0w02D0yzlTrogOKhf5QHnVKj
d8x8e/pXsSlECy5unf+EttngqawIWeCEGTGyys+uH4LCG1PRvnq4hkqQIclpthI0
UoFM9UM2eFEatHo=
-----END CERTIFICATE-----