Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201002.roa
File:                     AS201002.roa (raw, json)
Hash identifier:          12/N/yPBLZLuDW2LAWLzcNM1Xw/At7K1Zx7Vz+HDS58=
Subject key identifier:   82:C4:93:27:17:95:7B:E7:18:0C:DD:D3:EE:5B:C7:21:6C:B1:71:6E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       05C15BBDB0EEBC81D4F6108B22BB24AE4D6BD463
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201002.roa
Signing time:             Wed 18 Feb 2026 06:43:51 +0000
ROA not before:           Wed 18 Feb 2026 06:38:51 +0000
ROA not after:            Wed 17 Feb 2027 06:43:51 +0000
asID:                     201002
IP address blocks:        82.39.133.0/24 maxlen: 24
                          2a13:9500:10e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:c1:5b:bd:b0:ee:bc:81:d4:f6:10:8b:22:bb:24:ae:4d:6b:d4:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 18 06:38:51 2026 GMT
            Not After : Feb 17 06:43:51 2027 GMT
        Subject: CN=82C4932717957BE7180CDDD3EE5BC7216CB1716E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:aa:cf:e2:e7:0b:c2:1f:51:f2:36:15:50:ce:
                    24:63:d8:7e:11:8e:a0:71:bd:83:d1:d3:43:e7:3b:
                    7c:9b:9b:aa:ad:7c:df:7c:71:d3:e4:a9:e0:ab:43:
                    32:26:76:ce:55:42:37:57:99:0d:90:f7:44:82:18:
                    1a:44:93:1f:fb:c1:0e:96:29:15:94:03:ad:b1:43:
                    af:4f:fb:64:6b:a6:68:71:f6:6c:5c:2d:68:5d:db:
                    26:ee:c2:89:80:51:da:58:87:76:65:cf:92:7d:b7:
                    91:6b:54:08:5f:8d:0c:5c:00:85:a9:68:7d:ba:e2:
                    19:33:b5:35:2d:10:da:de:47:fd:e0:50:e5:79:6b:
                    54:20:f0:a4:f5:33:e5:dd:19:22:ea:b9:29:4b:c0:
                    f2:55:01:68:5a:d7:1c:18:bd:75:49:13:36:f1:7d:
                    4d:60:46:f9:b7:70:7a:5c:a0:a5:ff:e9:df:4c:8d:
                    42:5f:94:04:4d:a6:f5:cd:06:dd:28:30:d8:3d:e8:
                    b8:75:2e:71:38:57:ff:85:7c:cc:90:d5:4c:ed:e4:
                    68:ef:d2:20:70:7e:fc:bb:5a:5d:cc:3e:3b:93:f1:
                    2b:17:81:28:44:87:11:e0:25:17:3d:52:d0:90:2b:
                    bb:2e:7e:52:4a:68:4a:0f:ce:09:02:66:5e:8a:c3:
                    12:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C4:93:27:17:95:7B:E7:18:0C:DD:D3:EE:5B:C7:21:6C:B1:71:6E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201002.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.133.0/24
                IPv6:
                  2a13:9500:10e::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:fb:d3:17:ce:28:cd:5b:d2:3b:c4:1b:21:42:c8:9d:ae:29:
         c8:96:3b:af:1a:06:fe:d3:d4:5c:38:a6:f2:3f:d8:e5:c5:85:
         d6:eb:53:0a:bf:aa:46:87:fb:75:18:c0:25:16:d7:3d:81:cd:
         7e:fa:9b:c4:92:46:8f:a6:31:fc:42:03:8a:1f:d9:42:84:b2:
         a5:73:60:c4:b4:5e:00:75:ec:ab:53:7a:81:d4:bb:44:9b:dd:
         21:5a:b0:cf:b9:46:d3:e4:a5:12:75:d1:29:b1:b1:93:cc:fe:
         8a:20:06:9c:d5:8a:5e:af:e6:be:f0:b7:f7:9c:ea:a5:ad:e8:
         4e:e2:42:cb:53:a6:6b:ea:84:05:91:4f:b7:ec:c2:e0:5f:0a:
         7e:89:52:07:24:81:97:bb:8f:7d:14:11:4b:00:2f:59:40:e7:
         03:ee:7d:a2:c9:c5:8c:a0:86:ec:d6:db:47:3e:54:2c:a2:c1:
         ae:02:73:7d:df:ba:65:a2:ad:29:59:12:b7:04:de:2b:9c:f0:
         96:17:f5:57:fb:79:08:73:fa:05:c5:5d:76:40:e2:9d:c6:e0:
         95:42:4a:cb:e5:d6:4b:5e:f4:14:86:1e:74:3c:9d:1b:34:8e:
         a7:be:9a:d8:a2:17:15:14:e5:6c:50:f9:14:a3:c7:c2:d2:fe:
         6e:e3:ef:d8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUBcFbvbDuvIHU9hCLIrskrk1r1GMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMTgwNjM4NTFaFw0yNzAyMTcwNjQzNTFaMDMxMTAvBgNV
BAMTKDgyQzQ5MzI3MTc5NTdCRTcxODBDREREM0VFNUJDNzIxNkNCMTcxNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNqs/i5wvCH1HyNhVQziRj2H4R
jqBxvYPR00PnO3ybm6qtfN98cdPkqeCrQzImds5VQjdXmQ2Q90SCGBpEkx/7wQ6W
KRWUA62xQ69P+2Rrpmhx9mxcLWhd2ybuwomAUdpYh3Zlz5J9t5FrVAhfjQxcAIWp
aH264hkztTUtENreR/3gUOV5a1Qg8KT1M+XdGSLquSlLwPJVAWha1xwYvXVJEzbx
fU1gRvm3cHpcoKX/6d9MjUJflARNpvXNBt0oMNg96Lh1LnE4V/+FfMyQ1Uzt5Gjv
0iBwfvy7Wl3MPjuT8SsXgShEhxHgJRc9UtCQK7suflJKaEoPzgkCZl6KwxI/AgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUgsSTJxeVe+cYDN3T7lvHIWyxcW4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAxMDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUieF
MA8EAgACMAkDBwAqE5UAAQ4wDQYJKoZIhvcNAQELBQADggEBABf70xfOKM1b0jvE
GyFCyJ2uKciWO68aBv7T1Fw4pvI/2OXFhdbrUwq/qkaH+3UYwCUW1z2BzX76m8SS
Ro+mMfxCA4of2UKEsqVzYMS0XgB17KtTeoHUu0Sb3SFasM+5RtPkpRJ10SmxsZPM
/oogBpzVil6v5r7wt/ec6qWt6E7iQstTpmvqhAWRT7fswuBfCn6JUgckgZe7j30U
EUsAL1lA5wPufaLJxYyghuzW20c+VCyiwa4Cc33fumWirSlZErcE3iuc8JYX9Vf7
eQhz+gXFXXZA4p3G4JVCSsvl1kte9BSGHnQ8nRs0jqe+mtiiFxUU5WxQ+RSjx8LS
/m7j79g=
-----END CERTIFICATE-----