Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205634.roa
File:                     AS205634.roa (raw, json)
Hash identifier:          GZ68jCaUPftV7LXb0JGB+QVqzxvYvBcexOoFVGKBkZ8=
Subject key identifier:   89:90:24:C9:B2:28:5A:1D:19:6D:FD:B7:BB:8A:14:FC:D2:8D:73:B4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       28D923D9E263457D58294C5E0D541452F2319D2D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205634.roa
Signing time:             Thu 04 Jun 2026 13:29:45 +0000
ROA not before:           Thu 04 Jun 2026 13:24:45 +0000
ROA not after:            Thu 03 Jun 2027 13:29:45 +0000
asID:                     205634
IP address blocks:        82.27.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d9:23:d9:e2:63:45:7d:58:29:4c:5e:0d:54:14:52:f2:31:9d:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  4 13:24:45 2026 GMT
            Not After : Jun  3 13:29:45 2027 GMT
        Subject: CN=899024C9B2285A1D196DFDB7BB8A14FCD28D73B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:57:a6:e9:66:57:ae:9d:1b:be:85:e6:f2:9e:
                    d0:1e:68:2b:cf:0c:74:0d:70:60:d2:8a:d9:ec:8e:
                    26:0d:47:b3:b1:39:f9:b1:f4:93:d9:59:22:15:14:
                    5a:9e:d9:8f:c2:f0:e8:5c:32:31:83:23:a2:40:fc:
                    c5:f6:af:c3:c9:6d:4c:e0:9a:51:41:91:3f:5f:7d:
                    2c:17:b5:41:7e:2c:f2:ce:e1:f6:93:49:8b:a5:6a:
                    f1:c9:f2:f0:f4:65:3c:68:4a:f9:b2:9f:8b:d6:17:
                    5e:e0:c7:6d:e1:9f:7e:be:a7:01:40:b5:a2:f6:ee:
                    e8:b0:58:14:d3:e0:d8:4d:ba:5f:51:ab:e7:92:6f:
                    c4:79:9e:a1:3a:ea:86:5f:fa:be:89:e0:d8:3a:63:
                    c6:c0:ca:68:c8:2c:fe:98:3d:7a:e2:5b:c2:42:e8:
                    cb:02:c9:7c:3c:bd:e9:84:34:ee:be:94:1d:ed:45:
                    fc:fc:94:59:62:d4:9d:be:3b:06:58:4a:e1:85:dd:
                    b8:5e:71:42:39:b3:89:4c:75:86:09:16:b0:bf:d1:
                    7e:1f:f9:d1:8c:eb:30:2a:01:21:6f:cf:34:c1:aa:
                    e7:e3:ed:26:3b:c2:56:5b:25:6d:2c:ed:81:18:4d:
                    70:99:ae:91:fe:d3:55:16:de:7a:be:91:9f:bf:d2:
                    a2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:90:24:C9:B2:28:5A:1D:19:6D:FD:B7:BB:8A:14:FC:D2:8D:73:B4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:25:39:2d:52:2c:0a:91:55:59:fa:4f:f8:4c:27:9a:b2:79:
         54:f9:06:41:0d:29:87:1b:f6:a5:5e:eb:3b:21:ba:20:e1:92:
         f7:21:29:78:32:54:40:cf:b6:77:3d:58:7d:e8:86:11:fe:b4:
         fe:89:d7:00:49:f5:01:20:24:eb:14:a4:ad:94:93:cf:67:b4:
         22:11:03:08:9e:cf:d6:a3:a9:69:d8:ae:dd:75:3b:f8:f9:f5:
         8f:c4:c7:73:20:58:61:38:57:fa:5a:6c:f5:90:dc:ee:c1:65:
         b5:69:71:f4:34:a8:a7:2c:c8:9d:a4:1f:ac:90:51:7b:6e:80:
         fc:68:0d:1e:30:4e:3b:0c:b4:03:64:13:fb:0c:c5:98:35:22:
         a4:38:86:83:24:24:fc:c4:38:ed:af:f1:20:b9:e3:ef:f6:09:
         a6:cc:7f:4e:72:0f:4d:c1:65:e9:02:3e:7c:3f:91:7e:96:f3:
         f0:a6:86:fb:ef:30:6c:b0:26:96:be:47:2f:13:d3:9d:32:3f:
         78:15:42:64:d0:e2:08:7e:0c:2f:24:2c:2d:40:62:7f:5c:51:
         d8:d9:e3:55:c8:c5:5a:22:bd:88:5a:95:0b:b6:dc:8c:1a:20:
         8d:ac:08:4e:04:bb:56:4e:8c:66:65:bb:bd:ce:7b:40:52:a6:
         21:3d:82:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKNkj2eJjRX1YKUxeDVQUUvIxnS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDQxMzI0NDVaFw0yNzA2MDMxMzI5NDVaMDMxMTAvBgNV
BAMTKDg5OTAyNEM5QjIyODVBMUQxOTZERkRCN0JCOEExNEZDRDI4RDczQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaV6bpZleunRu+hebyntAeaCvP
DHQNcGDSitnsjiYNR7OxOfmx9JPZWSIVFFqe2Y/C8OhcMjGDI6JA/MX2r8PJbUzg
mlFBkT9ffSwXtUF+LPLO4faTSYulavHJ8vD0ZTxoSvmyn4vWF17gx23hn36+pwFA
taL27uiwWBTT4NhNul9Rq+eSb8R5nqE66oZf+r6J4Ng6Y8bAymjILP6YPXriW8JC
6MsCyXw8vemENO6+lB3tRfz8lFli1J2+OwZYSuGF3bhecUI5s4lMdYYJFrC/0X4f
+dGM6zAqASFvzzTBqufj7SY7wlZbJW0s7YEYTXCZrpH+01UW3nq+kZ+/0qI9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiZAkybIoWh0Zbf23u4oU/NKNc7QwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA1NjM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhtc
MA0GCSqGSIb3DQEBCwUAA4IBAQCQJTktUiwKkVVZ+k/4TCeasnlU+QZBDSmHG/al
Xus7Ibog4ZL3ISl4MlRAz7Z3PVh96IYR/rT+idcASfUBICTrFKStlJPPZ7QiEQMI
ns/Wo6lp2K7ddTv4+fWPxMdzIFhhOFf6Wmz1kNzuwWW1aXH0NKinLMidpB+skFF7
boD8aA0eME47DLQDZBP7DMWYNSKkOIaDJCT8xDjtr/EguePv9gmmzH9Ocg9NwWXp
Aj58P5F+lvPwpob77zBssCaWvkcvE9OdMj94FUJk0OIIfgwvJCwtQGJ/XFHY2eNV
yMVaIr2IWpULttyMGiCNrAhOBLtWToxmZbu9zntAUqYhPYKQ
-----END CERTIFICATE-----