Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          i1wEQTZ1oMPZtLjdJ6XmmPDnvgHKVy8Uc4Q9paPeXBI=
Subject key identifier:   BA:B0:4C:EA:F2:EF:A3:A4:13:BE:B0:99:3E:B6:1F:50:60:81:ED:26
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2BCD577BE6BA4D0B84F490A1D45D3E7D2235DB98
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa
Signing time:             Mon 03 Nov 2025 08:30:43 +0000
ROA not before:           Mon 03 Nov 2025 08:25:43 +0000
ROA not after:            Mon 02 Nov 2026 08:30:43 +0000
asID:                     20326
IP address blocks:        82.21.43.0/24 maxlen: 24
                          82.25.13.0/24 maxlen: 24
                          82.26.96.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:cd:57:7b:e6:ba:4d:0b:84:f4:90:a1:d4:5d:3e:7d:22:35:db:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov  3 08:25:43 2025 GMT
            Not After : Nov  2 08:30:43 2026 GMT
        Subject: CN=BAB04CEAF2EFA3A413BEB0993EB61F506081ED26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:82:a3:a8:ed:83:5a:53:ae:e7:d2:09:a8:af:
                    67:fe:20:4a:a5:ce:c6:b0:cb:fc:9b:c3:f7:2e:84:
                    49:30:fe:df:71:45:f2:4d:bc:d8:95:96:66:14:2a:
                    e2:0e:f9:6c:b2:c7:93:50:92:64:92:e1:47:0a:ea:
                    d2:b2:bf:e5:9b:a9:0a:7c:eb:15:80:40:54:40:9c:
                    53:a3:88:c2:35:05:b1:ab:c6:2d:05:c4:00:70:73:
                    a1:37:11:6e:65:6d:5b:4a:6e:84:9f:7a:5b:b9:49:
                    f2:ae:6a:a3:84:ff:0f:a2:d1:90:d6:30:5a:c7:36:
                    f7:24:27:89:28:de:7c:71:87:e3:39:80:5e:7f:58:
                    42:89:07:e6:f6:34:71:87:9f:94:bd:11:c7:44:07:
                    40:21:c4:f0:4e:24:c1:57:fd:95:a6:8d:80:5b:3f:
                    a2:02:26:d1:79:63:00:fb:4b:d6:fe:8a:fc:20:52:
                    3f:84:3e:de:b5:0a:2f:b5:65:55:f4:d0:af:42:56:
                    ff:06:f5:21:2f:35:cf:fd:22:88:79:83:f2:64:c7:
                    8e:5b:ce:9a:4c:16:8f:f0:34:91:a4:71:ca:a7:00:
                    39:ca:12:13:bf:27:b0:03:61:88:6d:a7:b2:de:12:
                    bf:e2:39:34:3d:e8:a4:6d:6a:9a:e4:64:b9:7b:95:
                    78:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B0:4C:EA:F2:EF:A3:A4:13:BE:B0:99:3E:B6:1F:50:60:81:ED:26
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.43.0/24
                  82.25.13.0/24
                  82.26.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:d0:b1:fe:45:99:a5:db:e5:71:68:7e:3f:69:e8:27:47:7a:
         f3:33:f2:14:de:22:6a:40:6a:c5:1a:bc:4d:e5:a0:79:a3:65:
         a9:42:58:17:d1:86:77:6c:5d:c0:37:05:bd:2f:2f:f3:9e:49:
         c7:dd:e7:e0:43:a7:c3:88:7d:4d:9e:77:ca:b7:49:d1:2d:a8:
         55:55:db:30:2e:dc:c5:88:a7:bb:50:a3:3d:89:3c:12:f8:14:
         63:7f:e0:5f:ef:8b:b2:43:4b:ca:91:a2:8f:bf:b2:15:e0:a7:
         25:36:a2:bf:9a:e9:28:09:d0:68:75:d2:d0:29:47:f1:5e:eb:
         0c:91:ae:99:2a:cd:29:a5:3b:ec:a1:32:88:85:1f:94:fb:ae:
         c6:a6:52:fc:b3:63:ee:c5:5f:c1:e7:84:6b:7d:d4:e1:68:2c:
         a1:c7:66:6c:a6:0f:e2:b4:9d:65:18:93:8e:dd:98:3c:44:02:
         04:08:e7:07:da:71:14:62:4d:02:c9:be:80:04:41:8b:33:9a:
         f5:2c:1f:78:6e:52:2f:a2:43:c0:8b:e7:3b:23:13:3d:56:ef:
         ee:02:44:88:19:7b:53:64:00:72:68:21:17:09:48:ea:cf:2a:
         22:af:38:9e:33:26:16:23:8f:83:63:f3:42:15:f1:30:62:44:
         c0:4f:8e:c5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUK81Xe+a6TQuE9JCh1F0+fSI125gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMDMwODI1NDNaFw0yNjExMDIwODMwNDNaMDMxMTAvBgNV
BAMTKEJBQjA0Q0VBRjJFRkEzQTQxM0JFQjA5OTNFQjYxRjUwNjA4MUVEMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKgqOo7YNaU67n0gmor2f+IEql
zsawy/ybw/cuhEkw/t9xRfJNvNiVlmYUKuIO+Wyyx5NQkmSS4UcK6tKyv+WbqQp8
6xWAQFRAnFOjiMI1BbGrxi0FxABwc6E3EW5lbVtKboSfelu5SfKuaqOE/w+i0ZDW
MFrHNvckJ4ko3nxxh+M5gF5/WEKJB+b2NHGHn5S9EcdEB0AhxPBOJMFX/ZWmjYBb
P6ICJtF5YwD7S9b+ivwgUj+EPt61Ci+1ZVX00K9CVv8G9SEvNc/9Ioh5g/Jkx45b
zppMFo/wNJGkccqnADnKEhO/J7ADYYhtp7LeEr/iOTQ96KRtaprkZLl7lXjDAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUurBM6vLvo6QTvrCZPrYfUGCB7SYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABSFSsD
BABSGQ0DBAJSGmAwDQYJKoZIhvcNAQELBQADggEBAKjQsf5FmaXb5XFofj9p6CdH
evMz8hTeImpAasUavE3loHmjZalCWBfRhndsXcA3Bb0vL/OeScfd5+BDp8OIfU2e
d8q3SdEtqFVV2zAu3MWIp7tQoz2JPBL4FGN/4F/vi7JDS8qRoo+/shXgpyU2or+a
6SgJ0Gh10tApR/Fe6wyRrpkqzSmlO+yhMoiFH5T7rsamUvyzY+7FX8HnhGt91OFo
LKHHZmymD+K0nWUYk47dmDxEAgQI5wfacRRiTQLJvoAEQYszmvUsH3huUi+iQ8CL
5zsjEz1W7+4CRIgZe1NkAHJoIRcJSOrPKiKvOJ4zJhYjj4Nj80IV8TBiRMBPjsU=
-----END CERTIFICATE-----