Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212335.roa
File:                     AS212335.roa (raw, json)
Hash identifier:          56Ua7J4PMVBs6oaES6g+xnPekW8I1j3bnM87dg5OW64=
Subject key identifier:   DD:A4:DD:8C:30:D6:97:41:A5:98:EA:AB:AB:F0:BE:9F:B9:09:4E:71
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       229B30F489738E4A259FE17D803ECDE41AAF9F65
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212335.roa
Signing time:             Mon 13 Apr 2026 10:47:05 +0000
ROA not before:           Mon 13 Apr 2026 10:42:05 +0000
ROA not after:            Mon 12 Apr 2027 10:47:05 +0000
asID:                     212335
IP address blocks:        82.24.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:9b:30:f4:89:73:8e:4a:25:9f:e1:7d:80:3e:cd:e4:1a:af:9f:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 13 10:42:05 2026 GMT
            Not After : Apr 12 10:47:05 2027 GMT
        Subject: CN=DDA4DD8C30D69741A598EAABABF0BE9FB9094E71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3d:94:71:a9:bd:5a:d4:71:c6:f0:95:0f:a4:
                    99:8f:19:27:93:aa:b8:c8:ad:2d:0d:b7:5a:d5:64:
                    b2:44:e2:5b:5d:bf:ba:cc:64:a2:ed:88:c3:73:a7:
                    6c:cc:ef:7a:b1:14:09:27:49:23:9d:0e:1f:67:69:
                    74:e1:7a:ec:21:1a:2b:66:81:56:e3:d7:95:4a:ed:
                    e9:bb:c5:6f:62:71:a2:b9:21:a7:b0:a1:2e:5a:19:
                    16:ba:5e:7c:55:6b:50:fe:b1:56:2b:69:76:b3:e8:
                    19:61:67:ac:db:f4:5c:2b:7d:62:b7:66:61:a3:2c:
                    a3:a8:e8:ba:d7:dc:73:93:5e:66:89:ba:f7:0d:9a:
                    12:ad:41:e9:25:28:97:a7:63:07:57:07:1f:60:71:
                    d1:3d:ef:49:33:9a:e0:cc:c6:eb:62:5c:50:b0:47:
                    c0:12:77:6a:7c:42:a1:02:85:b9:dd:22:ed:ee:35:
                    ef:79:5f:17:12:9f:b7:58:d0:c9:8d:a3:56:9c:2b:
                    10:cb:3c:fa:75:ae:78:5c:f2:de:7f:69:32:69:f3:
                    14:21:95:fa:61:81:f9:d7:4c:0b:94:e5:71:80:a7:
                    db:83:21:02:ed:f2:f9:39:8e:6f:0c:45:89:81:3e:
                    ca:42:30:33:9f:ea:c5:4a:db:80:f5:6e:fa:2a:6c:
                    b8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A4:DD:8C:30:D6:97:41:A5:98:EA:AB:AB:F0:BE:9F:B9:09:4E:71
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:46:2e:78:35:f9:b5:93:3f:95:4e:b6:88:a0:12:c3:ed:58:
         13:4e:74:50:8b:b0:3f:0b:e2:1c:3b:c2:c8:96:c9:bf:8d:89:
         13:0a:e1:7b:8c:de:6f:aa:e8:69:91:0b:7f:bf:1a:ab:01:80:
         1b:fc:49:80:96:04:bb:a4:0a:0b:01:27:eb:2e:f5:01:fc:17:
         c3:41:4f:c8:2b:d2:d8:d9:79:1c:bb:9f:1c:34:e0:43:ac:ab:
         b5:c4:26:8a:e2:cd:ad:05:6a:5b:c0:22:f2:45:9c:02:22:48:
         00:d1:2f:e9:df:38:d3:a9:52:76:a9:8e:61:cb:4a:cf:2a:2f:
         36:1c:cd:1e:e3:85:ae:90:ce:88:52:3e:57:f1:27:f6:52:74:
         07:1d:92:72:14:5c:5f:85:8f:57:0e:31:ae:f6:90:ac:22:c9:
         88:76:d3:6a:b3:d3:b9:f9:ba:84:b8:89:b8:41:05:ad:bc:1d:
         12:3b:02:68:21:29:a4:87:00:aa:2b:ca:8b:f6:0a:16:da:f7:
         eb:1e:70:de:a1:bf:9c:13:9e:fb:68:9c:cc:41:f4:2b:ff:54:
         86:9e:50:6c:8f:4f:2d:33:2d:49:25:5d:e0:f5:a1:f1:76:7d:
         88:9d:de:db:43:c2:30:56:4c:c9:1b:ef:62:c1:4a:7d:39:4b:
         c7:41:00:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIpsw9Ilzjkoln+F9gD7N5Bqvn2UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTMxMDQyMDVaFw0yNzA0MTIxMDQ3MDVaMDMxMTAvBgNV
BAMTKEREQTRERDhDMzBENjk3NDFBNTk4RUFBQkFCRjBCRTlGQjkwOTRFNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPZRxqb1a1HHG8JUPpJmPGSeT
qrjIrS0Nt1rVZLJE4ltdv7rMZKLtiMNzp2zM73qxFAknSSOdDh9naXTheuwhGitm
gVbj15VK7em7xW9icaK5IaewoS5aGRa6XnxVa1D+sVYraXaz6BlhZ6zb9FwrfWK3
ZmGjLKOo6LrX3HOTXmaJuvcNmhKtQeklKJenYwdXBx9gcdE970kzmuDMxutiXFCw
R8ASd2p8QqEChbndIu3uNe95XxcSn7dY0MmNo1acKxDLPPp1rnhc8t5/aTJp8xQh
lfphgfnXTAuU5XGAp9uDIQLt8vk5jm8MRYmBPspCMDOf6sVK24D1bvoqbLjDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3aTdjDDWl0GlmOqrq/C+n7kJTnEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhjA
MA0GCSqGSIb3DQEBCwUAA4IBAQADRi54Nfm1kz+VTraIoBLD7VgTTnRQi7A/C+Ic
O8LIlsm/jYkTCuF7jN5vquhpkQt/vxqrAYAb/EmAlgS7pAoLASfrLvUB/BfDQU/I
K9LY2Xkcu58cNOBDrKu1xCaK4s2tBWpbwCLyRZwCIkgA0S/p3zjTqVJ2qY5hy0rP
Ki82HM0e44WukM6IUj5X8Sf2UnQHHZJyFFxfhY9XDjGu9pCsIsmIdtNqs9O5+bqE
uIm4QQWtvB0SOwJoISmkhwCqK8qL9goW2vfrHnDeob+cE577aJzMQfQr/1SGnlBs
j08tMy1JJV3g9aHxdn2Ind7bQ8IwVkzJG+9iwUp9OUvHQQBq
-----END CERTIFICATE-----