Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204261.roa
File:                     AS204261.roa (raw, json)
Hash identifier:          mXhOhS2tf6A+3neCf71TStsKnYdIdl/6jNbf6Nh0gUo=
Subject key identifier:   1A:D1:9B:4D:F0:36:9C:79:DA:45:C7:D1:ED:6E:33:FA:F6:1D:9E:81
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       57F34756A02CD649A9ED7E64918FD43E291FD3F6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204261.roa
Signing time:             Sun 02 Nov 2025 00:01:55 +0000
ROA not before:           Sat 01 Nov 2025 23:56:55 +0000
ROA not after:            Sun 01 Nov 2026 00:01:55 +0000
asID:                     204261
IP address blocks:        82.22.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:f3:47:56:a0:2c:d6:49:a9:ed:7e:64:91:8f:d4:3e:29:1f:d3:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov  1 23:56:55 2025 GMT
            Not After : Nov  1 00:01:55 2026 GMT
        Subject: CN=1AD19B4DF0369C79DA45C7D1ED6E33FAF61D9E81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:31:21:3e:6f:b9:55:a2:79:51:a0:31:b0:8a:
                    9f:cc:46:a6:81:e7:ba:09:11:00:cb:16:2f:92:c1:
                    71:3f:ef:5d:35:af:b0:cd:86:b7:d6:b2:e0:10:72:
                    35:e4:cd:3d:06:b3:77:cc:0d:9f:1e:b2:f7:46:8e:
                    65:bc:90:d5:68:23:85:38:14:9a:7b:be:6e:59:19:
                    88:8b:85:f2:91:75:e4:fe:dd:02:94:ab:c2:17:0b:
                    41:19:9a:b4:a5:d5:f9:69:5a:e7:f3:84:1e:15:da:
                    d9:72:b1:7b:52:5c:a7:ae:cd:6b:19:f0:0c:d2:ca:
                    7c:b8:73:61:f8:63:6c:2b:f0:8c:79:3f:49:24:f3:
                    55:d6:cd:c8:f1:61:f3:60:66:e4:30:ff:a7:a6:80:
                    6f:5c:e7:0b:32:22:79:9c:17:58:a4:a3:c9:64:7e:
                    ff:c2:54:a2:93:9c:fc:05:20:48:eb:55:07:bb:0a:
                    73:ad:53:d6:da:e7:d8:37:f0:38:b3:aa:61:3c:fc:
                    21:c0:70:d5:93:b1:0f:a4:17:48:02:81:a5:ce:ce:
                    55:10:bb:59:6b:07:b7:46:a9:f6:0b:7e:45:1a:21:
                    31:78:0c:46:85:d9:b3:56:76:46:3a:8b:fd:df:bc:
                    12:69:6a:eb:da:a6:d4:3d:f8:50:e7:d4:46:ca:d6:
                    cc:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D1:9B:4D:F0:36:9C:79:DA:45:C7:D1:ED:6E:33:FA:F6:1D:9E:81
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204261.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c3:d6:5d:09:96:41:eb:a1:4b:2f:e7:62:4a:c4:8c:a7:73:
         d5:5e:37:a2:35:76:02:9f:e7:66:c2:b5:48:b6:73:5a:da:a7:
         23:1c:72:b9:c5:70:c9:a5:d0:c9:43:1b:86:d0:aa:91:6a:c0:
         bd:33:e8:76:55:74:75:f3:6d:eb:5f:43:79:ae:bc:c7:a0:ed:
         0e:9f:5f:e8:7f:8f:a4:45:cc:79:fa:46:8e:7c:9b:28:df:05:
         da:58:20:c7:93:43:1d:f6:03:87:2c:a2:66:56:9d:d5:6e:10:
         f3:fb:78:98:a5:67:3c:b9:6f:2d:1b:c5:3b:64:50:2a:be:3e:
         0b:14:d4:7f:04:13:c0:21:21:4e:3e:73:86:5d:c9:84:9a:a2:
         67:8e:f6:e7:95:47:2b:89:a9:af:ad:08:db:32:1a:ab:17:0e:
         41:b6:d3:2e:1b:28:59:83:09:2b:fa:97:18:db:ae:5c:2a:45:
         94:50:2b:65:3e:06:dc:54:e1:b4:3a:af:af:5a:d6:b0:b1:b2:
         9e:ff:f0:9a:6b:e1:b5:84:d4:e0:5c:da:d0:7e:a7:79:27:f9:
         b1:40:de:fe:c4:23:db:49:d1:69:e4:87:5f:6d:2d:98:88:8a:
         1a:2a:02:61:f2:9b:a9:9a:66:a3:6c:ad:83:e3:20:1a:44:c6:
         d2:25:f1:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUV/NHVqAs1kmp7X5kkY/UPikf0/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMDEyMzU2NTVaFw0yNjExMDEwMDAxNTVaMDMxMTAvBgNV
BAMTKDFBRDE5QjRERjAzNjlDNzlEQTQ1QzdEMUVENkUzM0ZBRjYxRDlFODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1MSE+b7lVonlRoDGwip/MRqaB
57oJEQDLFi+SwXE/7101r7DNhrfWsuAQcjXkzT0Gs3fMDZ8esvdGjmW8kNVoI4U4
FJp7vm5ZGYiLhfKRdeT+3QKUq8IXC0EZmrSl1flpWufzhB4V2tlysXtSXKeuzWsZ
8AzSyny4c2H4Y2wr8Ix5P0kk81XWzcjxYfNgZuQw/6emgG9c5wsyInmcF1iko8lk
fv/CVKKTnPwFIEjrVQe7CnOtU9ba59g38DizqmE8/CHAcNWTsQ+kF0gCgaXOzlUQ
u1lrB7dGqfYLfkUaITF4DEaF2bNWdkY6i/3fvBJpauvaptQ9+FDn1EbK1sy9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGtGbTfA2nHnaRcfR7W4z+vYdnoEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0MjYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhYJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBBw9ZdCZZB66FLL+diSsSMp3PVXjeiNXYCn+dm
wrVItnNa2qcjHHK5xXDJpdDJQxuG0KqRasC9M+h2VXR1823rX0N5rrzHoO0On1/o
f4+kRcx5+kaOfJso3wXaWCDHk0Md9gOHLKJmVp3VbhDz+3iYpWc8uW8tG8U7ZFAq
vj4LFNR/BBPAISFOPnOGXcmEmqJnjvbnlUcriamvrQjbMhqrFw5BttMuGyhZgwkr
+pcY265cKkWUUCtlPgbcVOG0Oq+vWtawsbKe//Caa+G1hNTgXNrQfqd5J/mxQN7+
xCPbSdFp5IdfbS2YiIoaKgJh8pupmmajbK2D4yAaRMbSJfHe
-----END CERTIFICATE-----