Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204821.roa
File:                     AS204821.roa (raw, json)
Hash identifier:          619aZGDXsMeDx7Bcjey1LL8dQG8FV/x9IdX8UJbWa4A=
Subject key identifier:   8E:5B:D6:33:73:92:CF:1F:75:9B:61:A5:6C:75:67:25:B8:4B:FA:F1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0E81656C4F5475CC7C4260A527E1BBAAA0A61317
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204821.roa
Signing time:             Fri 30 Jan 2026 15:34:29 +0000
ROA not before:           Fri 30 Jan 2026 15:29:29 +0000
ROA not after:            Fri 29 Jan 2027 15:34:29 +0000
asID:                     204821
IP address blocks:        82.38.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:81:65:6c:4f:54:75:cc:7c:42:60:a5:27:e1:bb:aa:a0:a6:13:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 30 15:29:29 2026 GMT
            Not After : Jan 29 15:34:29 2027 GMT
        Subject: CN=8E5BD6337392CF1F759B61A56C756725B84BFAF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d1:a1:df:be:1a:af:e9:a9:59:77:34:a1:ea:
                    27:9d:a3:0d:94:af:30:26:cb:4b:2d:23:d7:ac:c5:
                    03:56:90:f8:51:77:ee:85:f5:f4:90:cd:7e:d6:ec:
                    56:a4:55:b9:4e:3f:46:b1:d8:ff:d3:4f:6c:af:aa:
                    13:76:2f:e6:f2:7d:4d:df:19:a6:24:ae:55:75:c2:
                    0a:d6:e5:36:3a:d8:45:8f:c5:91:3c:df:63:92:ae:
                    3d:0b:b9:80:05:49:05:26:6c:81:04:cd:9a:91:72:
                    23:ed:d4:1a:d9:4a:f9:ed:03:f3:af:47:ec:1d:12:
                    a2:af:e0:ff:aa:5a:57:79:0e:34:8d:ef:54:26:a1:
                    d5:33:2c:14:59:41:a2:d7:f7:87:a4:ca:1e:f0:e8:
                    19:2f:59:e3:a9:b4:a0:72:5e:6a:db:37:06:7d:79:
                    72:6c:ab:fe:3f:1d:95:42:64:5b:ac:86:ea:16:bf:
                    ef:48:e7:fd:b4:c2:a8:dc:c3:d4:2f:89:40:9f:bd:
                    e8:c4:29:2b:9a:9f:30:ec:53:2c:7e:6d:86:e7:f0:
                    38:76:d8:0e:34:ca:01:fd:fc:ba:37:75:08:f4:91:
                    d9:b5:d8:fd:46:55:40:b8:ba:de:ce:25:2c:c4:3a:
                    aa:32:b2:69:7c:08:d6:26:a9:56:80:83:e3:3b:59:
                    32:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:5B:D6:33:73:92:CF:1F:75:9B:61:A5:6C:75:67:25:B8:4B:FA:F1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204821.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:03:65:f7:53:be:35:83:34:5e:ab:b7:2d:3b:76:a4:17:87:
         0b:e7:3f:2f:7a:2e:4e:8c:86:8e:4c:0b:52:a3:88:ac:f5:7f:
         d8:8e:48:52:3e:47:f5:85:bc:65:7b:20:b4:46:e7:10:f4:ed:
         f8:d9:26:47:95:8d:f2:0f:31:f4:98:35:1c:fc:fe:dc:c5:dd:
         9a:f0:7d:4f:82:46:01:4a:97:c4:51:b3:17:ad:48:ac:64:b5:
         da:08:00:86:d3:10:75:f2:a2:bb:36:49:bb:91:74:6f:a9:8b:
         cb:7f:fc:da:08:67:18:73:66:fc:22:86:48:f0:8b:13:24:05:
         cf:af:5c:55:28:94:f7:89:86:62:dd:b9:8d:2f:5a:49:c0:c9:
         cd:dd:a4:60:6d:93:2c:2e:d1:6a:57:aa:31:64:ca:d0:18:4b:
         06:ac:9a:59:6a:99:af:10:15:b8:20:c6:ce:b5:f5:eb:a5:8f:
         e0:94:5a:65:32:14:14:06:64:f9:58:e4:f7:56:88:28:1f:3c:
         fa:50:be:20:fa:a4:3e:18:ec:a4:fb:61:ee:39:d8:b7:ff:ed:
         43:14:0c:5b:f1:b0:b9:c7:9e:81:92:31:94:7b:83:6d:85:9f:
         f5:b9:9b:bb:0a:9f:39:a5:47:ca:80:de:5e:8e:06:6a:27:20:
         e1:1f:1e:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDoFlbE9Udcx8QmClJ+G7qqCmExcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMzAxNTI5MjlaFw0yNzAxMjkxNTM0MjlaMDMxMTAvBgNV
BAMTKDhFNUJENjMzNzM5MkNGMUY3NTlCNjFBNTZDNzU2NzI1Qjg0QkZBRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj0aHfvhqv6alZdzSh6iedow2U
rzAmy0stI9esxQNWkPhRd+6F9fSQzX7W7FakVblOP0ax2P/TT2yvqhN2L+byfU3f
GaYkrlV1wgrW5TY62EWPxZE832OSrj0LuYAFSQUmbIEEzZqRciPt1BrZSvntA/Ov
R+wdEqKv4P+qWld5DjSN71QmodUzLBRZQaLX94ekyh7w6BkvWeOptKByXmrbNwZ9
eXJsq/4/HZVCZFushuoWv+9I5/20wqjcw9QviUCfvejEKSuanzDsUyx+bYbn8Dh2
2A40ygH9/Lo3dQj0kdm12P1GVUC4ut7OJSzEOqoysml8CNYmqVaAg+M7WTLXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjlvWM3OSzx91m2GlbHVnJbhL+vEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0ODIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUiZ5
MA0GCSqGSIb3DQEBCwUAA4IBAQA9A2X3U741gzReq7ctO3akF4cL5z8vei5OjIaO
TAtSo4is9X/YjkhSPkf1hbxleyC0RucQ9O342SZHlY3yDzH0mDUc/P7cxd2a8H1P
gkYBSpfEUbMXrUisZLXaCACG0xB18qK7Nkm7kXRvqYvLf/zaCGcYc2b8IoZI8IsT
JAXPr1xVKJT3iYZi3bmNL1pJwMnN3aRgbZMsLtFqV6oxZMrQGEsGrJpZapmvEBW4
IMbOtfXrpY/glFplMhQUBmT5WOT3VogoHzz6UL4g+qQ+GOyk+2HuOdi3/+1DFAxb
8bC5x56BkjGUe4NthZ/1uZu7Cp85pUfKgN5ejgZqJyDhHx7s
-----END CERTIFICATE-----