Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205886.roa
File:                     AS205886.roa (raw, json)
Hash identifier:          g0RO+jgVbpaTk1YkgIBNadQk6dtNbFlNhDXf65dYEOY=
Subject key identifier:   FE:4D:D0:A3:6C:88:AC:98:FA:46:4B:B8:22:2B:77:90:BA:E5:A4:B9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6DF0E3A85D9A43F033F54E51083420453C7ABB75
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205886.roa
Signing time:             Fri 27 Mar 2026 07:51:48 +0000
ROA not before:           Fri 27 Mar 2026 07:46:48 +0000
ROA not after:            Fri 26 Mar 2027 07:51:48 +0000
asID:                     205886
IP address blocks:        82.22.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:f0:e3:a8:5d:9a:43:f0:33:f5:4e:51:08:34:20:45:3c:7a:bb:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 27 07:46:48 2026 GMT
            Not After : Mar 26 07:51:48 2027 GMT
        Subject: CN=FE4DD0A36C88AC98FA464BB8222B7790BAE5A4B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:50:dc:7a:fe:8a:b2:8b:f8:6b:73:2d:3f:a8:
                    14:d3:e0:f2:94:2b:eb:0b:2f:24:b1:b6:ae:9a:cd:
                    14:cc:32:84:27:b7:03:af:5a:f7:10:26:fd:00:9e:
                    03:43:33:17:da:8c:d3:f7:21:ce:af:5a:49:d9:a1:
                    26:78:7d:20:79:8b:0a:26:a5:d9:4b:d2:b9:8e:aa:
                    8d:bc:12:1f:b7:05:de:a0:4b:39:1f:3e:b0:87:93:
                    a6:a2:14:d9:2e:76:6b:cb:f3:a5:2c:73:8c:ce:ed:
                    c8:32:8c:36:40:e6:d3:6c:bf:29:d8:e4:c8:d7:77:
                    65:64:ec:99:90:13:40:6f:c0:22:bd:b2:be:ca:a5:
                    fc:36:f2:e2:cb:f7:19:2f:14:b1:f4:ee:c1:2b:0c:
                    55:cd:3d:63:62:d2:64:c7:9b:ca:52:ea:1e:c8:71:
                    81:f2:54:db:eb:b0:24:3a:7c:1d:12:1d:e7:e5:fb:
                    ab:e7:4e:a3:18:90:2d:82:ea:e5:15:38:68:19:f6:
                    3a:b0:ec:71:4b:53:28:b9:e8:dc:2a:7f:bc:3a:89:
                    b5:d5:89:5f:f5:36:3d:41:57:e4:c0:64:20:2d:07:
                    65:5c:aa:75:72:7d:eb:a3:7f:a6:68:09:b3:08:71:
                    2c:e2:7b:da:8c:36:69:7a:b2:89:46:38:c4:a6:5d:
                    c8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:4D:D0:A3:6C:88:AC:98:FA:46:4B:B8:22:2B:77:90:BA:E5:A4:B9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205886.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a5:3a:29:7e:37:06:5c:92:9b:fb:57:85:45:aa:da:18:c4:
         b3:cb:ec:78:14:6b:52:bd:4f:2f:7e:e2:c9:85:c1:1b:c4:1d:
         22:63:9a:22:9b:71:c5:40:91:63:c3:33:af:36:f9:4c:a5:c7:
         38:8e:99:fe:8f:d4:d4:bd:f6:f2:25:25:ef:e0:9f:3d:c7:c0:
         9a:98:83:9e:1a:cc:23:6f:9b:60:65:47:ee:a4:f7:40:4e:35:
         75:e3:23:0a:01:8d:5d:83:ce:66:a1:58:f4:a0:06:f1:6c:d6:
         03:0f:cb:e1:c9:db:84:58:43:3f:b3:6e:be:0d:23:d4:13:e4:
         cb:f5:26:e6:8a:89:97:fd:2a:de:f2:37:47:e3:6a:12:4c:d7:
         6e:d7:44:a8:2a:7f:d5:fd:62:cd:e2:3d:08:77:18:3b:d2:9f:
         ce:c3:bf:1f:a3:42:c6:0d:96:b9:79:cb:d0:53:a6:23:04:92:
         60:95:d6:10:b4:ce:61:4a:f4:cf:8d:8f:c9:fe:d2:e2:2a:89:
         28:ab:1b:ae:48:47:20:50:a0:6f:8f:6a:2a:3d:ca:1f:ee:79:
         c3:f8:5c:e3:b0:b5:45:61:05:1b:a1:03:24:c7:bd:0b:0e:4a:
         61:a1:30:09:d7:82:36:24:2e:0b:d0:cf:53:33:54:25:e5:2f:
         d9:c8:6d:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbfDjqF2aQ/Az9U5RCDQgRTx6u3UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjcwNzQ2NDhaFw0yNzAzMjYwNzUxNDhaMDMxMTAvBgNV
BAMTKEZFNEREMEEzNkM4OEFDOThGQTQ2NEJCODIyMkI3NzkwQkFFNUE0QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnUNx6/oqyi/hrcy0/qBTT4PKU
K+sLLySxtq6azRTMMoQntwOvWvcQJv0AngNDMxfajNP3Ic6vWknZoSZ4fSB5iwom
pdlL0rmOqo28Eh+3Bd6gSzkfPrCHk6aiFNkudmvL86Usc4zO7cgyjDZA5tNsvynY
5MjXd2Vk7JmQE0BvwCK9sr7Kpfw28uLL9xkvFLH07sErDFXNPWNi0mTHm8pS6h7I
cYHyVNvrsCQ6fB0SHefl+6vnTqMYkC2C6uUVOGgZ9jqw7HFLUyi56Nwqf7w6ibXV
iV/1Nj1BV+TAZCAtB2VcqnVyfeujf6ZoCbMIcSzie9qMNml6solGOMSmXcgTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/k3Qo2yIrJj6Rku4Iit3kLrlpLkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA1ODg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhY2
MA0GCSqGSIb3DQEBCwUAA4IBAQAApTopfjcGXJKb+1eFRaraGMSzy+x4FGtSvU8v
fuLJhcEbxB0iY5oim3HFQJFjwzOvNvlMpcc4jpn+j9TUvfbyJSXv4J89x8CamIOe
Gswjb5tgZUfupPdATjV14yMKAY1dg85moVj0oAbxbNYDD8vhyduEWEM/s26+DSPU
E+TL9SbmiomX/Sre8jdH42oSTNdu10SoKn/V/WLN4j0Idxg70p/Ow78fo0LGDZa5
ecvQU6YjBJJgldYQtM5hSvTPjY/J/tLiKokoqxuuSEcgUKBvj2oqPcof7nnD+Fzj
sLVFYQUboQMkx70LDkphoTAJ14I2JC4L0M9TM1Ql5S/ZyG0Y
-----END CERTIFICATE-----