Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213394.roa
File:                     AS213394.roa (raw, json)
Hash identifier:          0bbQEJOqX44fomSR+kmMuK13TcfxSAhd4RyCLkHmjwc=
Subject key identifier:   1B:45:1C:C8:C4:C6:C6:85:78:B1:18:73:2F:D9:3F:6F:30:C6:3F:82
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5AFAD69A9BF970C4CB96B1909213AF4C6E358178
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213394.roa
Signing time:             Wed 15 Apr 2026 14:23:08 +0000
ROA not before:           Wed 15 Apr 2026 14:18:08 +0000
ROA not after:            Wed 14 Apr 2027 14:23:08 +0000
asID:                     213394
IP address blocks:        82.47.250.0/24 maxlen: 24
                          82.47.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:fa:d6:9a:9b:f9:70:c4:cb:96:b1:90:92:13:af:4c:6e:35:81:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 15 14:18:08 2026 GMT
            Not After : Apr 14 14:23:08 2027 GMT
        Subject: CN=1B451CC8C4C6C68578B118732FD93F6F30C63F82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4d:2a:2d:43:53:16:9b:f9:2d:31:56:4e:07:
                    33:56:a7:37:cb:e2:7d:0d:47:d9:cb:84:b7:56:3d:
                    b8:44:c2:0e:df:48:dd:1e:04:b7:c8:af:a8:ae:b6:
                    e7:39:f3:fa:b6:36:d8:e1:7e:89:8b:c3:d1:b2:47:
                    2c:ae:b5:be:6e:89:c8:fd:36:81:ca:97:5e:cd:42:
                    cb:36:27:dd:46:8c:0d:1b:cb:3c:8c:e9:9e:e1:99:
                    87:ef:8d:9d:62:42:5d:63:e1:2b:6e:a3:0e:03:ca:
                    2e:3d:60:f5:2c:b1:7e:43:67:5b:e2:fd:1e:6b:bf:
                    eb:4b:25:b7:d9:04:45:7e:b0:d0:86:23:69:4c:ee:
                    4e:64:9a:ab:52:ae:31:8e:d1:d2:6a:b1:02:ce:d9:
                    97:d4:a7:57:f2:93:a1:81:f0:cc:e8:2a:60:d5:78:
                    a4:49:90:d5:e8:5d:b6:ba:7d:6c:6a:0b:b9:81:70:
                    8e:d2:83:49:c1:bf:f6:16:a6:d5:4e:b8:3f:30:54:
                    0a:cc:2e:d0:75:e3:71:6c:86:6a:c1:6c:78:81:70:
                    1c:31:63:4c:21:88:cc:ae:57:ce:ed:26:45:0f:8b:
                    b3:8b:c6:7f:bc:70:03:0e:56:56:8a:ac:86:67:eb:
                    9c:d5:4e:de:41:64:27:79:78:e6:b6:5d:8d:87:73:
                    1a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:45:1C:C8:C4:C6:C6:85:78:B1:18:73:2F:D9:3F:6F:30:C6:3F:82
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213394.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:60:9c:ea:80:2a:da:8d:ce:4e:42:c0:4f:b0:c8:62:08:c9:
         ca:81:7c:41:d1:2b:ac:d4:2d:b0:08:a6:a3:a0:d5:fc:67:10:
         31:ab:3a:81:a0:47:bb:eb:39:c4:a7:61:20:a5:66:2d:c9:32:
         42:b9:12:0a:b0:97:a9:8e:a9:6d:28:ed:d7:e7:a3:41:fa:38:
         8f:b5:55:0a:ee:33:d5:ab:ff:90:69:70:e0:d3:e1:60:f3:e6:
         18:d1:36:3d:b6:bf:49:98:35:fe:a6:0b:4c:ff:3d:67:82:36:
         a4:e3:cb:f4:f0:bd:3d:e3:7b:52:d5:2a:4a:07:27:52:21:b2:
         c8:72:59:ad:0d:8f:7f:dd:53:e8:5a:05:ea:88:50:41:b9:d4:
         91:a1:19:20:0b:23:1c:63:1a:39:9d:92:cc:43:78:6a:b3:99:
         fb:64:ea:99:c4:0f:df:ae:f7:9b:82:7e:ee:69:4f:ca:d4:45:
         1d:01:ef:e2:43:98:1b:39:52:f6:7e:cb:c2:fb:7a:1e:53:74:
         93:eb:c2:50:54:e7:74:ba:a4:18:fb:89:f2:2d:d8:c3:79:0e:
         de:7c:93:c3:a0:5e:01:2b:f8:c8:13:c3:96:24:a0:b0:d3:22:
         44:36:82:2d:48:92:52:61:5a:1b:93:e5:67:97:9b:97:cb:13:
         3d:96:4f:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWvrWmpv5cMTLlrGQkhOvTG41gXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTUxNDE4MDhaFw0yNzA0MTQxNDIzMDhaMDMxMTAvBgNV
BAMTKDFCNDUxQ0M4QzRDNkM2ODU3OEIxMTg3MzJGRDkzRjZGMzBDNjNGODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrTSotQ1MWm/ktMVZOBzNWpzfL
4n0NR9nLhLdWPbhEwg7fSN0eBLfIr6iutuc58/q2NtjhfomLw9GyRyyutb5uicj9
NoHKl17NQss2J91GjA0byzyM6Z7hmYfvjZ1iQl1j4Stuow4Dyi49YPUssX5DZ1vi
/R5rv+tLJbfZBEV+sNCGI2lM7k5kmqtSrjGO0dJqsQLO2ZfUp1fyk6GB8MzoKmDV
eKRJkNXoXba6fWxqC7mBcI7Sg0nBv/YWptVOuD8wVArMLtB143FshmrBbHiBcBwx
Y0whiMyuV87tJkUPi7OLxn+8cAMOVlaKrIZn65zVTt5BZCd5eOa2XY2HcxqjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUG0UcyMTGxoV4sRhzL9k/bzDGP4IwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzMzk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUi/6
MA0GCSqGSIb3DQEBCwUAA4IBAQCBYJzqgCrajc5OQsBPsMhiCMnKgXxB0Sus1C2w
CKajoNX8ZxAxqzqBoEe76znEp2EgpWYtyTJCuRIKsJepjqltKO3X56NB+jiPtVUK
7jPVq/+QaXDg0+Fg8+YY0TY9tr9JmDX+pgtM/z1ngjak48v08L0943tS1SpKBydS
IbLIclmtDY9/3VPoWgXqiFBBudSRoRkgCyMcYxo5nZLMQ3hqs5n7ZOqZxA/frveb
gn7uaU/K1EUdAe/iQ5gbOVL2fsvC+3oeU3ST68JQVOd0uqQY+4nyLdjDeQ7efJPD
oF4BK/jIE8OWJKCw0yJENoItSJJSYVobk+Vnl5uXyxM9lk/l
-----END CERTIFICATE-----