Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213734.roa
File:                     AS213734.roa (raw, json)
Hash identifier:          VDiNKwFQhJO/1tBEPyb38WnxzUz+bxU2HStjw5vam18=
Subject key identifier:   36:A5:66:9C:2B:2B:A1:C4:54:F5:69:1C:F0:BB:D5:B0:88:E8:F4:B7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1B9F5D4E949F5499AFDC77F95D1FB3984025C273
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213734.roa
Signing time:             Fri 05 Jun 2026 09:32:31 +0000
ROA not before:           Fri 05 Jun 2026 09:27:31 +0000
ROA not after:            Fri 04 Jun 2027 09:32:31 +0000
asID:                     213734
IP address blocks:        82.39.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:9f:5d:4e:94:9f:54:99:af:dc:77:f9:5d:1f:b3:98:40:25:c2:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  5 09:27:31 2026 GMT
            Not After : Jun  4 09:32:31 2027 GMT
        Subject: CN=36A5669C2B2BA1C454F5691CF0BBD5B088E8F4B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d6:a9:3e:13:1b:41:5d:9b:0e:53:75:17:41:
                    21:ba:13:8f:6d:b5:88:5b:14:fa:f8:68:95:97:cf:
                    65:05:c1:49:bd:1c:76:97:cc:6a:d2:8a:37:56:75:
                    43:a1:bf:3d:5e:e0:7e:5b:89:f9:9c:ac:14:1d:cd:
                    1a:a8:f8:52:2c:d7:77:73:e1:3d:53:e4:a2:38:c1:
                    eb:a6:19:92:3a:c5:0e:9a:dc:82:c0:a5:f3:db:bb:
                    6e:d0:b2:4e:63:86:97:03:dd:3c:03:53:72:19:83:
                    18:03:4b:22:aa:01:f1:75:38:9f:2c:5c:b4:8f:18:
                    0e:01:00:6e:74:d9:61:41:00:62:47:d9:33:eb:c1:
                    dd:56:ea:3d:ee:20:fd:1a:b5:15:43:d9:52:91:c1:
                    88:3b:96:3d:99:5c:a5:6b:b2:2f:d8:1b:2c:61:d0:
                    77:25:da:f2:34:33:36:9a:f2:1a:8a:26:08:fa:81:
                    ab:48:cc:ec:e4:67:6c:98:62:1a:70:2e:16:97:f3:
                    22:9b:ba:24:25:f4:01:22:e6:d4:ac:82:7b:24:8f:
                    df:b5:cd:f0:de:f5:88:10:96:69:fa:f1:a0:8c:b7:
                    db:19:83:85:af:76:95:44:9f:11:c2:4e:31:6b:03:
                    a9:4e:b2:c3:f5:ee:e9:55:e2:c1:04:93:de:d3:75:
                    14:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A5:66:9C:2B:2B:A1:C4:54:F5:69:1C:F0:BB:D5:B0:88:E8:F4:B7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:3a:a7:33:9a:3f:9c:59:3a:58:94:30:ca:45:b7:c5:07:55:
         0d:5d:cf:30:c9:d9:cc:43:f7:85:b2:67:c0:45:51:70:e4:fd:
         50:6e:df:c1:e1:c8:8c:09:f4:6b:52:75:96:51:d7:8b:a9:82:
         18:30:e6:8e:13:bd:a9:a2:ac:0d:d6:20:05:0d:70:33:e1:72:
         c7:13:31:7f:25:3a:75:76:4b:38:80:1f:48:27:6d:a1:18:31:
         b0:d9:25:46:96:b4:dc:96:39:8a:4c:e3:de:79:b2:73:a9:b5:
         a7:82:b9:05:e2:67:34:a9:53:0e:4b:07:0b:29:17:ce:d2:d7:
         09:4c:5e:ca:29:8c:60:28:8c:8b:5b:93:24:1b:ca:7d:ec:77:
         10:82:1f:d5:40:46:6d:6d:d3:47:22:b4:44:5b:54:39:cc:f3:
         24:b8:5e:8a:c6:dc:65:01:e7:65:7e:e4:ae:c7:75:c3:7a:02:
         38:ca:8b:43:0b:55:ad:9a:2a:5e:4f:d9:b5:3d:83:48:22:f7:
         cf:74:0a:3a:1f:fd:9a:7f:fd:fe:b5:9d:85:65:1d:dc:5a:97:
         41:fe:0b:9f:cd:3d:e6:42:94:8e:c5:76:1e:c2:45:07:5b:46:
         3d:d3:51:ae:d0:29:9b:d6:a3:36:2a:1a:c8:ec:09:28:62:d6:
         d4:30:11:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUG59dTpSfVJmv3Hf5XR+zmEAlwnMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDUwOTI3MzFaFw0yNzA2MDQwOTMyMzFaMDMxMTAvBgNV
BAMTKDM2QTU2NjlDMkIyQkExQzQ1NEY1NjkxQ0YwQkJENUIwODhFOEY0QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK1qk+ExtBXZsOU3UXQSG6E49t
tYhbFPr4aJWXz2UFwUm9HHaXzGrSijdWdUOhvz1e4H5bifmcrBQdzRqo+FIs13dz
4T1T5KI4weumGZI6xQ6a3ILApfPbu27Qsk5jhpcD3TwDU3IZgxgDSyKqAfF1OJ8s
XLSPGA4BAG502WFBAGJH2TPrwd1W6j3uIP0atRVD2VKRwYg7lj2ZXKVrsi/YGyxh
0Hcl2vI0Mzaa8hqKJgj6gatIzOzkZ2yYYhpwLhaX8yKbuiQl9AEi5tSsgnskj9+1
zfDe9YgQlmn68aCMt9sZg4WvdpVEnxHCTjFrA6lOssP17ulV4sEEk97TdRQFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNqVmnCsrocRU9Wkc8LvVsIjo9LcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNzM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUieB
MA0GCSqGSIb3DQEBCwUAA4IBAQAaOqczmj+cWTpYlDDKRbfFB1UNXc8wydnMQ/eF
smfARVFw5P1Qbt/B4ciMCfRrUnWWUdeLqYIYMOaOE72poqwN1iAFDXAz4XLHEzF/
JTp1dks4gB9IJ22hGDGw2SVGlrTcljmKTOPeebJzqbWngrkF4mc0qVMOSwcLKRfO
0tcJTF7KKYxgKIyLW5MkG8p97HcQgh/VQEZtbdNHIrREW1Q5zPMkuF6KxtxlAedl
fuSux3XDegI4yotDC1WtmipeT9m1PYNIIvfPdAo6H/2af/3+tZ2FZR3cWpdB/guf
zT3mQpSOxXYewkUHW0Y901Gu0Cmb1qM2KhrI7AkoYtbUMBEe
-----END CERTIFICATE-----