Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208328.roa
File:                     AS208328.roa (raw, json)
Hash identifier:          +cxgRy2QJjVIxGLGJptSL6mMk4cJ3qERFOoloDcO2BE=
Subject key identifier:   A1:81:92:EB:20:34:97:D6:92:FC:AA:1B:E2:1E:1E:85:E4:DC:E2:9B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       05260F4236868B3C5338DA58945C1326D5B80DD7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208328.roa
Signing time:             Fri 13 Feb 2026 00:37:33 +0000
ROA not before:           Fri 13 Feb 2026 00:32:33 +0000
ROA not after:            Fri 12 Feb 2027 00:37:33 +0000
asID:                     208328
IP address blocks:        82.22.2.0/24 maxlen: 24
                          2a13:9500:4b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:26:0f:42:36:86:8b:3c:53:38:da:58:94:5c:13:26:d5:b8:0d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 13 00:32:33 2026 GMT
            Not After : Feb 12 00:37:33 2027 GMT
        Subject: CN=A18192EB203497D692FCAA1BE21E1E85E4DCE29B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:15:c0:6d:21:28:fa:ca:0b:8b:d0:7a:4c:72:
                    90:75:69:78:8e:b0:bf:39:7e:2d:96:c8:b3:45:cd:
                    76:94:df:94:9e:73:ff:a9:83:4d:54:a2:79:fa:ac:
                    3f:2f:c7:54:bb:81:7d:ec:63:26:f9:fb:33:63:a7:
                    60:4d:70:45:0b:3e:40:93:7c:09:22:3b:6d:7e:ba:
                    18:c9:5b:e3:66:0d:45:96:03:ea:74:ca:3f:a7:66:
                    c9:79:3a:1c:bf:59:31:16:aa:6f:0a:fd:4a:e2:24:
                    07:32:17:82:3f:51:f0:82:98:c7:08:27:d2:fa:19:
                    3a:a9:68:27:37:ff:0c:b7:b8:a5:3c:0b:2a:b6:03:
                    55:e4:81:2c:ac:7d:2e:43:34:22:55:3b:5f:dc:05:
                    03:09:f1:e7:05:76:d2:ad:0f:76:b8:01:84:f1:ce:
                    d4:43:2b:55:75:9b:25:53:b6:0f:10:99:cd:27:01:
                    96:49:cc:15:8f:c3:26:ad:02:b7:09:c2:7c:3e:8f:
                    05:eb:cf:1c:8b:00:ec:88:ea:8d:c0:4d:e9:2e:46:
                    69:36:43:07:0a:f5:3e:86:73:84:5f:32:a2:f5:92:
                    02:10:7f:bd:1c:de:08:5f:e2:75:43:e9:2b:e4:7b:
                    59:d0:b1:56:f4:56:05:57:65:32:58:c7:ab:ea:05:
                    3c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:81:92:EB:20:34:97:D6:92:FC:AA:1B:E2:1E:1E:85:E4:DC:E2:9B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208328.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.2.0/24
                IPv6:
                  2a13:9500:4b::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:9d:0a:1c:99:19:28:47:7b:54:db:f0:57:6b:68:bc:b9:03:
         e8:4f:b7:29:c1:3c:23:bc:a9:20:79:9a:0d:2d:52:64:b2:16:
         94:aa:62:8d:41:c4:bb:9c:c8:84:bb:c1:bb:71:7a:c2:3c:bf:
         12:d4:27:7a:73:36:2f:63:c1:40:32:bc:8d:1e:f8:f9:25:e3:
         e6:1e:76:1a:10:2c:4a:3b:2a:16:5b:94:7a:3d:82:72:c8:d3:
         76:02:f8:f1:1c:67:66:12:8e:cf:ea:f2:b5:48:59:f7:07:be:
         5b:72:1e:b8:da:0f:7f:44:ef:d7:0c:e8:60:1d:50:31:29:4d:
         4f:52:11:16:a1:08:ab:f1:34:b9:6c:9b:af:6a:48:1e:cb:bd:
         e5:93:04:b6:ab:56:37:24:ee:d8:18:f7:0b:dc:05:f9:62:e2:
         f7:b4:23:37:7c:48:83:bc:a4:1e:85:68:7a:52:1d:e3:7d:44:
         18:58:38:9d:01:db:d1:83:89:2b:f3:19:b6:d0:99:a3:fa:42:
         39:da:1e:22:f6:2b:17:0e:18:da:03:30:c0:47:b9:d5:6c:d0:
         22:1f:5e:dc:32:39:07:f1:13:be:44:1e:44:63:cc:7a:d1:57:
         a9:4a:59:e7:7d:04:56:fc:a7:f8:d8:a9:ec:f9:8d:7b:b7:7b:
         c5:a6:01:c8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUBSYPQjaGizxTONpYlFwTJtW4DdcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMTMwMDMyMzNaFw0yNzAyMTIwMDM3MzNaMDMxMTAvBgNV
BAMTKEExODE5MkVCMjAzNDk3RDY5MkZDQUExQkUyMUUxRTg1RTREQ0UyOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9FcBtISj6yguL0HpMcpB1aXiO
sL85fi2WyLNFzXaU35Sec/+pg01Uonn6rD8vx1S7gX3sYyb5+zNjp2BNcEULPkCT
fAkiO21+uhjJW+NmDUWWA+p0yj+nZsl5Ohy/WTEWqm8K/UriJAcyF4I/UfCCmMcI
J9L6GTqpaCc3/wy3uKU8Cyq2A1XkgSysfS5DNCJVO1/cBQMJ8ecFdtKtD3a4AYTx
ztRDK1V1myVTtg8Qmc0nAZZJzBWPwyatArcJwnw+jwXrzxyLAOyI6o3ATekuRmk2
QwcK9T6Gc4RfMqL1kgIQf70c3ghf4nVD6Svke1nQsVb0VgVXZTJYx6vqBTzdAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUoYGS6yA0l9aS/Kob4h4eheTc4pswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA4MzI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhYC
MA8EAgACMAkDBwAqE5UAAEswDQYJKoZIhvcNAQELBQADggEBAHydChyZGShHe1Tb
8FdraLy5A+hPtynBPCO8qSB5mg0tUmSyFpSqYo1BxLucyIS7wbtxesI8vxLUJ3pz
Ni9jwUAyvI0e+Pkl4+YedhoQLEo7KhZblHo9gnLI03YC+PEcZ2YSjs/q8rVIWfcH
vltyHrjaD39E79cM6GAdUDEpTU9SERahCKvxNLlsm69qSB7LveWTBLarVjck7tgY
9wvcBfli4ve0Izd8SIO8pB6FaHpSHeN9RBhYOJ0B29GDiSvzGbbQmaP6QjnaHiL2
KxcOGNoDMMBHudVs0CIfXtwyOQfxE75EHkRjzHrRV6lKWed9BFb8p/jYqez5jXu3
e8WmAcg=
-----END CERTIFICATE-----