Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202294.roa
File:                     AS202294.roa (raw, json)
Hash identifier:          r6RwKdcJGBdSMAhh1d2wVeE0A5EZezNyX/L9p/E55j4=
Subject key identifier:   96:85:6A:DC:25:3B:58:5F:B9:00:FD:A6:0D:CF:2D:E6:89:E4:2D:32
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3A8AEB18F18E1CB2579D9DF6B7788C08F0A2FC3B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202294.roa
Signing time:             Sun 01 Mar 2026 23:11:18 +0000
ROA not before:           Sun 01 Mar 2026 23:06:18 +0000
ROA not after:            Sun 28 Feb 2027 23:11:18 +0000
asID:                     202294
IP address blocks:        82.22.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:8a:eb:18:f1:8e:1c:b2:57:9d:9d:f6:b7:78:8c:08:f0:a2:fc:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  1 23:06:18 2026 GMT
            Not After : Feb 28 23:11:18 2027 GMT
        Subject: CN=96856ADC253B585FB900FDA60DCF2DE689E42D32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:41:15:0f:14:fd:48:71:05:67:77:e3:cb:24:
                    ed:46:33:63:a8:b8:60:82:2e:b7:2a:15:f8:4f:24:
                    72:05:3b:bf:69:c2:90:67:59:e5:e3:61:ce:2b:2b:
                    5d:e7:37:9f:9f:95:a5:d2:0a:bc:e0:a6:ca:40:dc:
                    bd:a5:e4:c0:17:4c:ab:33:8b:dd:68:e8:f3:9b:4b:
                    09:34:cd:a0:52:31:b3:ee:ee:36:91:9f:bc:e1:2f:
                    2f:ad:70:cc:82:95:a1:5a:ba:55:43:6d:c1:44:82:
                    70:9f:ae:d3:af:d3:1b:8a:c1:f5:73:76:ee:e7:63:
                    d4:cd:c3:f6:ad:65:d1:97:32:95:38:d3:fd:b1:10:
                    3d:08:ab:fc:ad:96:8d:39:5b:a1:95:42:a9:e5:1b:
                    29:06:fc:18:de:7c:cc:a2:b8:e1:43:79:dd:7c:a1:
                    82:9f:7c:ac:95:da:15:06:55:39:84:f5:d7:c5:2e:
                    da:81:c3:d1:1a:03:32:93:37:c5:82:37:24:55:71:
                    8d:1b:95:f8:04:3b:6d:ed:8b:4e:c9:af:30:90:af:
                    87:46:f8:dc:04:20:ec:dc:b7:c5:10:3c:50:74:02:
                    bf:36:62:b7:5b:3a:5d:af:99:18:38:73:06:d6:b9:
                    e4:d2:55:90:42:7a:0b:f1:f3:0d:f7:47:6c:ca:58:
                    9e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:85:6A:DC:25:3B:58:5F:B9:00:FD:A6:0D:CF:2D:E6:89:E4:2D:32
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS202294.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:06:37:5b:88:4f:c3:a9:62:c1:aa:1e:71:b0:db:06:f9:20:
         6e:64:42:c6:e0:62:69:ad:b4:9b:f0:f5:29:b3:45:f1:67:8d:
         48:08:18:56:48:37:37:a6:2b:99:3d:3b:33:8b:20:d4:0b:30:
         7f:93:a3:e9:99:9e:49:72:09:b9:eb:b1:85:9b:cc:dd:23:aa:
         32:06:c6:f7:e8:a2:b4:f1:fd:07:51:0b:3a:01:43:69:ff:8e:
         0d:1c:4f:e5:7d:4b:4c:73:48:53:85:5b:cc:8b:c5:86:2d:74:
         00:80:80:f1:3c:52:db:46:0b:95:22:57:e1:b0:ef:30:3b:6d:
         61:0f:ac:c5:18:38:25:c6:fd:c8:08:5d:cd:56:cc:3b:c1:d0:
         5d:50:04:92:e1:04:67:fe:77:24:c6:f6:13:d0:67:a0:eb:44:
         8e:08:1f:49:89:9f:3f:24:ad:c5:77:4b:f4:00:2f:a3:d0:4e:
         1e:73:67:92:a8:d2:d7:9d:41:5c:23:b5:8e:2f:f2:94:60:db:
         1f:a1:68:30:f5:8d:67:3a:52:e9:91:de:bf:a5:9d:66:08:2e:
         3c:16:96:46:dc:cd:18:69:b2:e1:a1:ea:c2:a7:e4:e1:9e:3b:
         8b:7e:63:d6:76:0f:bf:27:5e:59:3b:c2:98:a5:d7:26:4f:8c:
         99:48:05:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOorrGPGOHLJXnZ32t3iMCPCi/DswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDEyMzA2MThaFw0yNzAyMjgyMzExMThaMDMxMTAvBgNV
BAMTKDk2ODU2QURDMjUzQjU4NUZCOTAwRkRBNjBEQ0YyREU2ODlFNDJEMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/QRUPFP1IcQVnd+PLJO1GM2Oo
uGCCLrcqFfhPJHIFO79pwpBnWeXjYc4rK13nN5+flaXSCrzgpspA3L2l5MAXTKsz
i91o6PObSwk0zaBSMbPu7jaRn7zhLy+tcMyClaFaulVDbcFEgnCfrtOv0xuKwfVz
du7nY9TNw/atZdGXMpU40/2xED0Iq/ytlo05W6GVQqnlGykG/BjefMyiuOFDed18
oYKffKyV2hUGVTmE9dfFLtqBw9EaAzKTN8WCNyRVcY0blfgEO23ti07JrzCQr4dG
+NwEIOzct8UQPFB0Ar82YrdbOl2vmRg4cwbWueTSVZBCegvx8w33R2zKWJ5JAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUloVq3CU7WF+5AP2mDc8t5onkLTIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAyMjk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhYg
MA0GCSqGSIb3DQEBCwUAA4IBAQCcBjdbiE/DqWLBqh5xsNsG+SBuZELG4GJprbSb
8PUps0XxZ41ICBhWSDc3piuZPTsziyDUCzB/k6PpmZ5Jcgm567GFm8zdI6oyBsb3
6KK08f0HUQs6AUNp/44NHE/lfUtMc0hThVvMi8WGLXQAgIDxPFLbRguVIlfhsO8w
O21hD6zFGDglxv3ICF3NVsw7wdBdUASS4QRn/nckxvYT0Geg60SOCB9JiZ8/JK3F
d0v0AC+j0E4ec2eSqNLXnUFcI7WOL/KUYNsfoWgw9Y1nOlLpkd6/pZ1mCC48FpZG
3M0YabLhoerCp+ThnjuLfmPWdg+/J15ZO8KYpdcmT4yZSAXQ
-----END CERTIFICATE-----