Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207101.roa
File:                     AS207101.roa (raw, json)
Hash identifier:          JDtnngJYrUS8nL8pI6NUmO5VkGgxMyvKZk5htWbNm5I=
Subject key identifier:   2D:36:DB:6B:7B:15:4C:03:4C:67:03:D7:4F:3E:1C:82:D2:A2:E7:AB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       58A2921CFF452014A619B7ABAAAD18EC678B3AFE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207101.roa
Signing time:             Wed 11 Jun 2025 14:58:10 +0000
ROA not before:           Wed 11 Jun 2025 14:53:10 +0000
ROA not after:            Wed 10 Jun 2026 14:58:10 +0000
asID:                     207101
IP address blocks:        82.21.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:a2:92:1c:ff:45:20:14:a6:19:b7:ab:aa:ad:18:ec:67:8b:3a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 11 14:53:10 2025 GMT
            Not After : Jun 10 14:58:10 2026 GMT
        Subject: CN=2D36DB6B7B154C034C6703D74F3E1C82D2A2E7AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:aa:51:2e:b9:be:29:f2:e8:c7:d9:06:5d:30:
                    e2:03:d5:b0:63:0c:6b:ee:c5:67:80:a4:a8:d5:45:
                    cf:0f:ed:43:4a:5e:81:22:f3:c3:0e:27:2a:f5:ae:
                    75:fe:73:f0:fb:ec:ed:95:67:01:26:e6:07:75:08:
                    52:a3:b4:15:c8:f2:e2:c6:e1:34:a9:bf:fb:af:81:
                    27:d7:57:3d:f3:25:1b:6e:24:06:bf:71:ce:eb:07:
                    91:0d:c5:96:ce:01:3c:dc:a4:32:15:82:88:be:bb:
                    00:00:bd:31:97:93:9c:df:85:d7:36:1d:34:c5:6b:
                    3b:d0:cf:62:08:dd:6e:72:79:72:1d:36:1c:bf:68:
                    e8:92:5f:d7:5d:2d:ca:72:6d:58:af:c4:64:8f:b9:
                    7d:f0:5b:c5:e4:d5:e2:4c:f6:4d:65:c0:44:dc:03:
                    3e:25:e7:9d:af:f1:de:34:33:26:5f:60:cc:4f:dd:
                    4e:b1:ee:bd:62:30:40:32:03:5d:38:ad:32:45:c9:
                    14:a1:f8:17:94:25:41:f0:9e:d6:aa:4f:77:a6:13:
                    cb:b0:93:70:00:f8:ab:fe:be:35:89:c0:91:c7:e1:
                    70:a1:ac:f6:83:07:24:dd:7f:c3:31:bf:42:a3:ab:
                    35:d9:9b:6a:17:22:38:cd:8e:83:68:ff:e2:ed:70:
                    ca:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:36:DB:6B:7B:15:4C:03:4C:67:03:D7:4F:3E:1C:82:D2:A2:E7:AB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207101.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f2:88:e5:11:56:0b:d5:50:bc:57:a7:c5:f5:1b:87:5a:19:
         40:19:65:b4:51:02:fe:25:23:b6:0b:5d:fc:d1:f7:48:03:67:
         0f:16:91:74:9a:b0:c1:74:b1:25:e6:e2:4a:24:2c:91:dd:35:
         0b:5d:e1:34:a3:2e:a5:0a:2c:76:4b:be:b5:44:51:ae:34:b3:
         f8:cc:4a:64:22:d8:f9:e0:90:92:11:86:81:73:4c:6c:c9:f2:
         7a:df:e4:d3:98:ce:c4:8d:05:af:4a:f8:ab:dc:3c:2e:cf:f4:
         cc:f1:98:da:a5:36:9c:2a:23:9d:ce:b5:d1:5a:d6:22:de:eb:
         f4:2b:bd:41:15:d7:34:a8:0b:68:20:e8:50:83:ce:bd:c6:c4:
         c5:aa:fd:97:52:6b:17:94:84:19:e3:cc:2d:e4:f8:75:f4:1e:
         3f:e8:4b:3b:5f:f1:7a:83:f7:e5:30:62:f7:fd:e5:06:71:e9:
         7d:04:b4:cb:38:c3:4e:bf:a7:05:70:fb:a8:56:b1:e0:cb:0b:
         04:30:84:a7:cd:75:0e:93:cb:bf:e1:73:15:7d:ea:d3:a3:1f:
         53:66:ad:bf:c1:7f:40:e3:4f:05:d4:8f:d5:1b:00:9f:60:bf:
         3c:82:d6:97:46:fe:11:dd:87:e4:7e:c6:d0:46:74:9a:0c:45:
         d1:56:1a:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWKKSHP9FIBSmGberqq0Y7GeLOv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTExNDUzMTBaFw0yNjA2MTAxNDU4MTBaMDMxMTAvBgNV
BAMTKDJEMzZEQjZCN0IxNTRDMDM0QzY3MDNENzRGM0UxQzgyRDJBMkU3QUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjqlEuub4p8ujH2QZdMOID1bBj
DGvuxWeApKjVRc8P7UNKXoEi88MOJyr1rnX+c/D77O2VZwEm5gd1CFKjtBXI8uLG
4TSpv/uvgSfXVz3zJRtuJAa/cc7rB5ENxZbOATzcpDIVgoi+uwAAvTGXk5zfhdc2
HTTFazvQz2II3W5yeXIdNhy/aOiSX9ddLcpybVivxGSPuX3wW8Xk1eJM9k1lwETc
Az4l552v8d40MyZfYMxP3U6x7r1iMEAyA104rTJFyRSh+BeUJUHwntaqT3emE8uw
k3AA+Kv+vjWJwJHH4XChrPaDByTdf8Mxv0KjqzXZm2oXIjjNjoNo/+LtcMqHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULTbba3sVTANMZwPXTz4cgtKi56swHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3MTAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhUA
MA0GCSqGSIb3DQEBCwUAA4IBAQBJ8ojlEVYL1VC8V6fF9RuHWhlAGWW0UQL+JSO2
C1380fdIA2cPFpF0mrDBdLEl5uJKJCyR3TULXeE0oy6lCix2S761RFGuNLP4zEpk
Itj54JCSEYaBc0xsyfJ63+TTmM7EjQWvSvir3Dwuz/TM8ZjapTacKiOdzrXRWtYi
3uv0K71BFdc0qAtoIOhQg869xsTFqv2XUmsXlIQZ48wt5Ph19B4/6Es7X/F6g/fl
MGL3/eUGcel9BLTLOMNOv6cFcPuoVrHgywsEMISnzXUOk8u/4XMVferTox9TZq2/
wX9A408F1I/VGwCfYL88gtaXRv4R3YfkfsbQRnSaDEXRVhr4
-----END CERTIFICATE-----