Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201357.roa
File:                     AS201357.roa (raw, json)
Hash identifier:          ejRSmQkNqZVyApYyQYygiHuSX/m1Ygxq8eK7J3D+AHM=
Subject key identifier:   95:8D:93:C9:93:1A:F8:78:B0:49:E4:D0:55:BB:73:E2:FB:37:61:E3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5FCB49E51C81C81A915C967383ABAE2882593941
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201357.roa
Signing time:             Thu 12 Feb 2026 13:43:46 +0000
ROA not before:           Thu 12 Feb 2026 13:38:46 +0000
ROA not after:            Thu 11 Feb 2027 13:43:46 +0000
asID:                     201357
IP address blocks:        82.22.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:cb:49:e5:1c:81:c8:1a:91:5c:96:73:83:ab:ae:28:82:59:39:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 12 13:38:46 2026 GMT
            Not After : Feb 11 13:43:46 2027 GMT
        Subject: CN=958D93C9931AF878B049E4D055BB73E2FB3761E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:34:6e:ee:8d:3d:2e:e7:3e:03:8d:0d:fa:25:
                    79:3a:26:5c:a6:f1:8a:15:1e:7f:87:53:d6:a0:97:
                    5a:df:d4:a6:cc:d3:72:ab:31:6b:a7:48:a8:5a:7b:
                    46:dd:7b:12:4f:78:60:9e:d6:0b:d5:c6:22:7b:a6:
                    ec:dc:10:e2:47:43:d7:42:3e:b8:d6:97:5a:55:76:
                    83:3f:ee:8f:6e:90:ed:64:07:ce:7f:36:46:e9:b0:
                    f9:ab:6b:bb:62:bf:5d:3b:69:9f:98:9d:e7:9c:08:
                    24:13:f4:1b:78:38:c8:d5:41:95:5c:2a:39:da:41:
                    45:0f:85:11:67:62:52:9b:03:2b:88:e2:51:ec:1a:
                    6f:e6:62:0d:cc:49:0d:cd:e3:1e:3f:fd:cf:eb:33:
                    4e:d3:82:7c:1f:e3:18:c0:27:51:e8:99:72:11:2d:
                    82:64:b2:ee:53:7c:01:9c:bb:6f:cd:a6:38:9f:a3:
                    6a:f5:05:90:e7:ae:60:c0:2a:b7:c4:43:be:da:ad:
                    0a:31:3d:77:b8:d6:44:6b:38:b3:50:36:b4:6b:d7:
                    68:9d:f9:70:39:8d:7b:6b:25:6e:9a:c4:d2:a4:19:
                    ad:d9:e1:2c:dd:4a:2e:a4:e2:01:5f:f4:91:a1:50:
                    cd:f3:c6:b2:17:e4:a9:d6:4d:49:6d:c8:75:d3:12:
                    83:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:8D:93:C9:93:1A:F8:78:B0:49:E4:D0:55:BB:73:E2:FB:37:61:E3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201357.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:ee:0f:bf:5d:b2:53:cf:16:d6:d7:c3:71:81:65:45:5a:5a:
         30:a7:8f:c9:3b:64:6a:40:c5:27:22:ad:2d:23:9a:a5:3b:3d:
         79:56:39:39:2d:a7:f5:a1:ac:3a:5b:52:c8:f8:c5:b3:cd:a6:
         52:65:9a:76:27:45:d2:78:31:13:6c:8f:66:ec:fd:b5:fd:b8:
         be:68:df:a0:8d:90:93:38:72:c7:e3:2b:d9:b8:45:09:9a:ae:
         54:91:d3:7b:b7:49:40:cc:5d:e3:9b:0e:97:b2:18:31:0c:e6:
         6f:09:5b:98:f0:1b:58:ef:6d:eb:97:e3:2e:81:07:3a:4e:49:
         bc:44:45:0b:12:c2:26:2f:11:2b:cc:d4:ad:75:59:e9:ab:11:
         7b:b0:32:8f:41:b9:c9:5d:67:20:8b:2c:4d:b4:95:6b:6e:3f:
         1a:95:fc:e1:f4:f9:84:6c:9c:76:35:b5:43:85:bf:58:32:f6:
         ce:22:39:e8:a2:d8:8b:c1:84:52:0b:7e:d0:b9:b7:fb:b2:e6:
         cc:a7:09:a5:f0:f4:42:8d:4d:91:c3:cd:56:c2:87:44:3b:20:
         4a:47:04:c2:1d:16:bd:9d:05:d9:74:79:ae:59:51:a5:93:01:
         a4:11:71:e3:95:ba:fb:b3:5f:5b:bc:5e:84:86:89:70:d6:4c:
         81:09:cb:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUX8tJ5RyByBqRXJZzg6uuKIJZOUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMTIxMzM4NDZaFw0yNzAyMTExMzQzNDZaMDMxMTAvBgNV
BAMTKDk1OEQ5M0M5OTMxQUY4NzhCMDQ5RTREMDU1QkI3M0UyRkIzNzYxRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbNG7ujT0u5z4DjQ36JXk6Jlym
8YoVHn+HU9agl1rf1KbM03KrMWunSKhae0bdexJPeGCe1gvVxiJ7puzcEOJHQ9dC
PrjWl1pVdoM/7o9ukO1kB85/NkbpsPmra7tiv107aZ+YneecCCQT9Bt4OMjVQZVc
KjnaQUUPhRFnYlKbAyuI4lHsGm/mYg3MSQ3N4x4//c/rM07Tgnwf4xjAJ1HomXIR
LYJksu5TfAGcu2/Npjifo2r1BZDnrmDAKrfEQ77arQoxPXe41kRrOLNQNrRr12id
+XA5jXtrJW6axNKkGa3Z4SzdSi6k4gFf9JGhUM3zxrIX5KnWTUltyHXTEoOZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlY2TyZMa+HiwSeTQVbtz4vs3YeMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAxMzU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhZj
MA0GCSqGSIb3DQEBCwUAA4IBAQBw7g+/XbJTzxbW18NxgWVFWlowp4/JO2RqQMUn
Iq0tI5qlOz15Vjk5Laf1oaw6W1LI+MWzzaZSZZp2J0XSeDETbI9m7P21/bi+aN+g
jZCTOHLH4yvZuEUJmq5UkdN7t0lAzF3jmw6XshgxDOZvCVuY8BtY723rl+MugQc6
Tkm8REULEsImLxErzNStdVnpqxF7sDKPQbnJXWcgiyxNtJVrbj8alfzh9PmEbJx2
NbVDhb9YMvbOIjnootiLwYRSC37Qubf7subMpwml8PRCjU2Rw81WwodEOyBKRwTC
HRa9nQXZdHmuWVGlkwGkEXHjlbr7s19bvF6Eholw1kyBCctQ
-----END CERTIFICATE-----