Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213436.roa
File:                     AS213436.roa (raw, json)
Hash identifier:          EwpP2mdIy1JED48KREX7ln0idBwd1NRCuQgMOWHvVHE=
Subject key identifier:   FE:51:D0:96:CD:FE:74:AC:69:40:0E:9A:66:86:63:BA:7C:0B:AF:BF
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4DFFC8025BF2052E4AE3FFF988098E08AC9EF84F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213436.roa
Signing time:             Thu 16 Apr 2026 05:15:22 +0000
ROA not before:           Thu 16 Apr 2026 05:10:22 +0000
ROA not after:            Thu 15 Apr 2027 05:15:22 +0000
asID:                     213436
IP address blocks:        82.22.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:ff:c8:02:5b:f2:05:2e:4a:e3:ff:f9:88:09:8e:08:ac:9e:f8:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 16 05:10:22 2026 GMT
            Not After : Apr 15 05:15:22 2027 GMT
        Subject: CN=FE51D096CDFE74AC69400E9A668663BA7C0BAFBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4a:ae:70:6f:4f:2f:b8:20:3a:80:79:4c:db:
                    ce:44:1b:22:35:bf:56:eb:d1:4c:7d:45:ca:7f:39:
                    dc:2b:4c:69:03:a3:27:3a:b4:34:88:82:28:41:2f:
                    3d:3b:77:2f:3e:ed:a1:98:d0:df:9f:1c:0a:0a:5a:
                    a4:c3:0b:6e:a7:7a:dc:d5:22:01:78:8c:e5:18:50:
                    31:b5:b1:be:d8:e8:02:7e:d4:b7:d3:2c:4a:55:19:
                    16:32:f4:b3:38:b4:00:5c:6c:e7:a0:8d:5e:45:77:
                    65:69:b9:04:a6:c2:67:9d:ff:01:35:c0:d8:bf:d3:
                    69:91:7e:30:9e:ce:df:df:44:0a:90:db:90:b8:dd:
                    45:68:91:b0:b0:05:0c:44:9e:c1:1a:1d:13:4c:8e:
                    bb:70:a6:68:80:ea:6a:5e:55:99:23:08:bb:ce:c5:
                    6c:cb:3e:d5:92:b6:ff:3c:cb:64:b6:30:be:ac:50:
                    2a:6c:d4:41:77:88:55:b6:1a:e3:7a:0d:f3:b8:37:
                    c6:3d:1d:79:aa:a6:06:c8:d1:90:69:b4:22:b8:0f:
                    2b:91:b8:44:92:b4:9f:27:67:23:1d:a7:62:cf:fd:
                    7e:55:55:cb:5f:0b:51:f4:e0:fe:d9:16:2e:23:3c:
                    78:94:12:1b:96:70:b4:3b:71:18:19:89:d9:52:e7:
                    bb:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:51:D0:96:CD:FE:74:AC:69:40:0E:9A:66:86:63:BA:7C:0B:AF:BF
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:63:59:1b:da:15:6e:e5:f0:f5:a1:bb:f0:4c:b7:e4:4b:ea:
         5c:86:29:6c:67:1c:5a:9d:59:10:5e:46:df:fd:d1:69:4c:8f:
         5d:79:6f:e3:3e:07:81:2a:5c:1e:5c:1e:db:d6:bf:64:4c:67:
         dc:1e:0d:ce:95:f3:4d:97:1b:3e:ba:0b:54:92:db:07:73:c7:
         28:29:8a:40:28:04:d7:14:fa:e6:8d:9c:79:34:65:03:98:f7:
         ca:4f:1e:2a:7f:16:5e:3a:b7:a6:73:df:c1:ff:f0:18:22:02:
         61:71:44:d3:3d:86:8a:23:bb:2a:30:8c:1e:17:9a:84:56:1a:
         27:dc:18:69:57:07:ff:f6:79:4f:02:be:14:83:89:f2:e0:8d:
         c8:12:b3:db:1b:9e:eb:79:23:b8:9f:39:d6:60:bd:43:35:31:
         14:95:44:82:05:ce:14:a2:e4:73:de:ae:b5:87:d7:aa:94:07:
         3a:a1:9e:a4:ff:d5:c5:fd:6d:fb:22:7b:bc:64:e2:53:f3:69:
         0e:ef:88:35:ac:a8:ba:b4:32:08:77:0e:c1:25:b4:8b:46:64:
         0f:af:f9:c0:4c:87:60:25:ad:78:7e:0b:d2:b8:34:8d:20:5c:
         4a:cf:e1:75:5f:f7:ac:87:63:ef:bd:ec:46:a2:9f:5f:a9:9c:
         45:e8:e7:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTf/IAlvyBS5K4//5iAmOCKye+E8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTYwNTEwMjJaFw0yNzA0MTUwNTE1MjJaMDMxMTAvBgNV
BAMTKEZFNTFEMDk2Q0RGRTc0QUM2OTQwMEU5QTY2ODY2M0JBN0MwQkFGQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWSq5wb08vuCA6gHlM285EGyI1
v1br0Ux9Rcp/OdwrTGkDoyc6tDSIgihBLz07dy8+7aGY0N+fHAoKWqTDC26netzV
IgF4jOUYUDG1sb7Y6AJ+1LfTLEpVGRYy9LM4tABcbOegjV5Fd2VpuQSmwmed/wE1
wNi/02mRfjCezt/fRAqQ25C43UVokbCwBQxEnsEaHRNMjrtwpmiA6mpeVZkjCLvO
xWzLPtWStv88y2S2ML6sUCps1EF3iFW2GuN6DfO4N8Y9HXmqpgbI0ZBptCK4DyuR
uESStJ8nZyMdp2LP/X5VVctfC1H04P7ZFi4jPHiUEhuWcLQ7cRgZidlS57thAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/lHQls3+dKxpQA6aZoZjunwLr78wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNDM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhbN
MA0GCSqGSIb3DQEBCwUAA4IBAQCCY1kb2hVu5fD1obvwTLfkS+pchilsZxxanVkQ
Xkbf/dFpTI9deW/jPgeBKlweXB7b1r9kTGfcHg3OlfNNlxs+ugtUktsHc8coKYpA
KATXFPrmjZx5NGUDmPfKTx4qfxZeOremc9/B//AYIgJhcUTTPYaKI7sqMIweF5qE
Vhon3BhpVwf/9nlPAr4Ug4ny4I3IErPbG57reSO4nznWYL1DNTEUlUSCBc4UouRz
3q61h9eqlAc6oZ6k/9XF/W37Inu8ZOJT82kO74g1rKi6tDIIdw7BJbSLRmQPr/nA
TIdgJa14fgvSuDSNIFxKz+F1X/esh2PvvexGop9fqZxF6Oe7
-----END CERTIFICATE-----