Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213734.roa
File:                     AS213734.roa (raw, json)
Hash identifier:          Vz+2UKAuROJxR3U01ydLIlUEgUisnlluZPw8gwdJJ9k=
Subject key identifier:   3C:00:61:C9:62:F2:B0:B2:4B:3E:8D:AF:79:72:C3:02:54:A5:0F:71
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3D3BEE26471C38A798ECDA32228A2BE8AF37597C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213734.roa
Signing time:             Fri 31 Oct 2025 17:13:30 +0000
ROA not before:           Fri 31 Oct 2025 17:08:30 +0000
ROA not after:            Fri 30 Oct 2026 17:13:30 +0000
asID:                     213734
IP address blocks:        82.38.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:3b:ee:26:47:1c:38:a7:98:ec:da:32:22:8a:2b:e8:af:37:59:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 31 17:08:30 2025 GMT
            Not After : Oct 30 17:13:30 2026 GMT
        Subject: CN=3C0061C962F2B0B24B3E8DAF7972C30254A50F71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b2:3e:58:9a:6d:c9:ab:51:19:dd:b6:75:66:
                    d2:0c:f1:0d:f2:3c:d9:73:13:f9:8d:39:64:38:68:
                    ab:3c:72:df:30:38:c6:48:5c:46:0f:b5:0c:80:a0:
                    6f:24:ac:dc:43:ae:83:a3:bf:8c:37:b5:91:20:58:
                    55:b2:bb:50:9c:4b:37:5c:f6:ab:cc:57:6e:0f:a7:
                    4c:8b:25:11:b1:71:fc:6a:9f:5e:64:d2:ac:d3:ee:
                    61:f4:52:c6:0e:23:fa:39:21:27:6d:cc:e8:4e:84:
                    21:16:7f:f5:7c:f7:35:94:fd:82:41:f2:72:23:29:
                    73:c4:a9:73:66:8b:98:2e:29:fb:0b:d0:de:ef:a2:
                    dc:a0:80:66:f5:14:d5:a2:b5:c2:54:ab:92:74:82:
                    82:18:a3:91:d0:98:f7:de:85:f2:ed:4b:f5:23:e9:
                    22:62:f8:63:ac:29:ea:b8:3e:1e:a3:7d:bf:66:6e:
                    3d:2a:fb:65:4c:86:a7:ef:19:8e:95:f8:8c:65:39:
                    b3:ce:41:0f:2e:97:11:9f:e7:6d:b2:3a:4c:e1:84:
                    87:c3:97:14:2f:e1:c9:9e:80:c7:e0:02:6f:a8:71:
                    66:81:4e:b1:a9:1f:0b:82:b5:51:81:ac:55:c1:d7:
                    fd:0a:0c:38:63:91:96:5e:2d:68:db:e3:10:43:cd:
                    84:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:00:61:C9:62:F2:B0:B2:4B:3E:8D:AF:79:72:C3:02:54:A5:0F:71
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:04:71:fe:e8:c3:7f:73:a6:6e:d5:74:0b:57:d5:58:07:f1:
         33:ee:46:60:95:18:ad:94:b9:14:57:25:ab:81:d0:f4:33:65:
         b4:27:8f:64:b8:c4:ac:06:29:37:8c:0d:3b:21:f1:a2:3e:82:
         20:77:32:71:16:58:cb:63:91:7d:c9:27:3d:03:54:60:fb:12:
         39:3f:95:2a:98:00:7d:5b:ad:47:6a:6a:9e:f6:3c:e2:92:24:
         a8:52:8e:ef:84:88:96:87:fd:08:11:df:9f:af:82:6d:bb:c7:
         30:96:f5:8b:3f:35:86:8a:bc:e6:b7:fd:de:53:d0:c5:b3:b2:
         b3:14:2e:6a:4a:89:79:98:78:9f:fb:df:aa:ec:f5:d2:63:be:
         8c:8c:79:39:c8:02:96:08:ac:56:e5:03:73:72:f0:c0:e9:22:
         cc:aa:0f:5e:66:aa:b7:ce:37:58:86:8a:46:5e:68:19:1c:d4:
         52:50:75:8f:67:5c:03:43:02:26:f1:0e:2c:f1:e9:47:56:97:
         0e:c0:d5:50:29:6b:e6:18:5c:1d:d5:ab:d0:d4:54:9f:18:fe:
         26:a8:d7:17:e5:e1:f2:35:3b:01:bf:c6:5d:26:f8:a3:a9:aa:
         1f:5e:91:7e:30:88:08:c3:27:28:9b:80:9d:b8:69:74:33:07:
         86:f4:36:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPTvuJkccOKeY7NoyIoor6K83WXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMzExNzA4MzBaFw0yNjEwMzAxNzEzMzBaMDMxMTAvBgNV
BAMTKDNDMDA2MUM5NjJGMkIwQjI0QjNFOERBRjc5NzJDMzAyNTRBNTBGNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRsj5Ymm3Jq1EZ3bZ1ZtIM8Q3y
PNlzE/mNOWQ4aKs8ct8wOMZIXEYPtQyAoG8krNxDroOjv4w3tZEgWFWyu1CcSzdc
9qvMV24Pp0yLJRGxcfxqn15k0qzT7mH0UsYOI/o5ISdtzOhOhCEWf/V89zWU/YJB
8nIjKXPEqXNmi5guKfsL0N7votyggGb1FNWitcJUq5J0goIYo5HQmPfehfLtS/Uj
6SJi+GOsKeq4Ph6jfb9mbj0q+2VMhqfvGY6V+IxlObPOQQ8ulxGf522yOkzhhIfD
lxQv4cmegMfgAm+ocWaBTrGpHwuCtVGBrFXB1/0KDDhjkZZeLWjb4xBDzYRXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPABhyWLysLJLPo2veXLDAlSlD3EwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNzM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUiYj
MA0GCSqGSIb3DQEBCwUAA4IBAQA/BHH+6MN/c6Zu1XQLV9VYB/Ez7kZglRitlLkU
VyWrgdD0M2W0J49kuMSsBik3jA07IfGiPoIgdzJxFljLY5F9ySc9A1Rg+xI5P5Uq
mAB9W61Hamqe9jzikiSoUo7vhIiWh/0IEd+fr4Jtu8cwlvWLPzWGirzmt/3eU9DF
s7KzFC5qSol5mHif+9+q7PXSY76MjHk5yAKWCKxW5QNzcvDA6SLMqg9eZqq3zjdY
hopGXmgZHNRSUHWPZ1wDQwIm8Q4s8elHVpcOwNVQKWvmGFwd1avQ1FSfGP4mqNcX
5eHyNTsBv8ZdJvijqaofXpF+MIgIwycom4CduGl0MweG9DaE
-----END CERTIFICATE-----