Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213896.roa
File:                     AS213896.roa (raw, json)
Hash identifier:          DuMWj03Q1rnEOvnUQkQeine8pnEyKNv2Cq7E43NrqyE=
Subject key identifier:   22:58:02:98:E3:1F:D5:01:72:E6:7F:DA:43:5D:15:17:85:08:BF:62
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       584B4C84E99A97807E26134ED51D0244E59F5D24
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213896.roa
Signing time:             Thu 04 Jun 2026 11:36:42 +0000
ROA not before:           Thu 04 Jun 2026 11:31:42 +0000
ROA not after:            Thu 03 Jun 2027 11:36:42 +0000
asID:                     213896
IP address blocks:        82.24.88.0/24 maxlen: 24
                          84.75.210.0/24 maxlen: 24
                          84.75.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:4b:4c:84:e9:9a:97:80:7e:26:13:4e:d5:1d:02:44:e5:9f:5d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  4 11:31:42 2026 GMT
            Not After : Jun  3 11:36:42 2027 GMT
        Subject: CN=22580298E31FD50172E67FDA435D15178508BF62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:31:fe:30:b2:f9:d6:4b:c4:26:b7:5a:94:61:
                    e1:2a:16:71:ed:53:52:44:62:9c:9f:52:82:ea:d3:
                    d7:4d:dc:4b:d6:b2:d7:70:1a:53:41:88:15:0a:be:
                    83:ed:71:c0:ea:ad:db:e7:f9:a4:e3:55:4a:cb:e8:
                    98:05:41:ca:f5:87:1f:48:82:8b:6a:db:f1:0b:25:
                    00:9c:2e:3b:9c:27:85:eb:b8:bb:e9:83:45:7e:96:
                    e6:48:a4:db:f1:a6:12:43:88:55:a3:1b:8a:f1:a6:
                    f9:bb:68:6c:c1:27:2e:2e:0a:5a:1c:f8:c3:09:26:
                    93:d4:e0:9c:fa:5e:c2:c2:cd:e1:e3:df:df:d1:71:
                    98:28:51:69:be:9b:3c:ed:df:d4:8b:7f:55:72:29:
                    ec:f8:4e:54:05:58:2b:41:b7:ac:1b:52:3f:82:81:
                    16:3e:e1:52:13:70:72:f6:69:14:bf:50:f3:26:2c:
                    74:3f:aa:13:ba:31:c8:05:45:17:de:1d:f0:96:12:
                    d4:d8:e8:4b:42:62:2f:bf:31:58:73:75:91:8d:33:
                    01:d3:4c:67:4b:51:8c:be:5b:c4:5d:22:8a:6e:9e:
                    56:60:2a:4a:ba:bd:78:06:3d:4b:fa:24:61:34:ca:
                    bb:1b:e2:bf:11:1a:d7:57:7f:a2:98:fd:54:0f:eb:
                    b5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:58:02:98:E3:1F:D5:01:72:E6:7F:DA:43:5D:15:17:85:08:BF:62
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213896.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.88.0/24
                  84.75.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:45:af:45:83:ef:ff:e1:9f:2d:19:e4:e8:7f:d4:53:87:c8:
         e3:8f:80:5c:c9:b3:f7:27:84:cb:8d:8a:9d:e6:b8:c5:9b:b9:
         64:fe:0c:94:ad:8f:5b:2e:26:fe:17:bb:dd:cd:1e:e5:dc:ba:
         69:4d:a4:42:6e:50:95:86:bb:f0:b8:a8:8c:1f:d4:0b:5b:dc:
         27:11:e7:f1:a8:52:42:9a:3a:db:8f:c3:ed:c7:0a:d2:c1:05:
         ab:01:3e:c8:d9:cd:ec:dc:a2:c6:9e:0a:51:8e:74:57:f3:00:
         be:e1:cf:64:56:9a:db:6b:94:0e:8f:56:95:d9:07:3b:e6:83:
         c7:25:b8:15:98:ee:52:d5:85:23:e8:67:88:38:b2:e7:29:6a:
         ba:18:71:3c:65:5e:d9:16:2a:8f:3a:3a:a8:d1:05:14:b3:e0:
         b0:fc:60:46:5d:d4:64:d9:e8:2f:58:be:3d:e4:67:84:a1:d2:
         28:ad:39:bd:22:39:b7:d1:cc:8d:f6:54:1f:eb:0b:57:d1:88:
         a3:fb:7e:a3:99:63:43:81:1c:bb:bb:73:18:09:53:8e:74:e1:
         30:ed:db:a7:46:30:9f:03:d8:e6:fe:51:89:ef:ad:47:de:e2:
         92:46:99:74:5b:f4:23:29:f4:44:9e:d6:b2:58:64:79:62:18:
         4f:b8:51:c8
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUWEtMhOmal4B+JhNO1R0CROWfXSQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDQxMTMxNDJaFw0yNzA2MDMxMTM2NDJaMDMxMTAvBgNV
BAMTKDIyNTgwMjk4RTMxRkQ1MDE3MkU2N0ZEQTQzNUQxNTE3ODUwOEJGNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkMf4wsvnWS8Qmt1qUYeEqFnHt
U1JEYpyfUoLq09dN3EvWstdwGlNBiBUKvoPtccDqrdvn+aTjVUrL6JgFQcr1hx9I
gotq2/ELJQCcLjucJ4XruLvpg0V+luZIpNvxphJDiFWjG4rxpvm7aGzBJy4uCloc
+MMJJpPU4Jz6XsLCzeHj39/RcZgoUWm+mzzt39SLf1VyKez4TlQFWCtBt6wbUj+C
gRY+4VITcHL2aRS/UPMmLHQ/qhO6McgFRRfeHfCWEtTY6EtCYi+/MVhzdZGNMwHT
TGdLUYy+W8RdIopunlZgKkq6vXgGPUv6JGE0yrsb4r8RGtdXf6KY/VQP67UBAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUIlgCmOMf1QFy5n/aQ10VF4UIv2IwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzODk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhhY
AwQBVEvSMA0GCSqGSIb3DQEBCwUAA4IBAQBvRa9Fg+//4Z8tGeTof9RTh8jjj4Bc
ybP3J4TLjYqd5rjFm7lk/gyUrY9bLib+F7vdzR7l3LppTaRCblCVhrvwuKiMH9QL
W9wnEefxqFJCmjrbj8PtxwrSwQWrAT7I2c3s3KLGngpRjnRX8wC+4c9kVprba5QO
j1aV2Qc75oPHJbgVmO5S1YUj6GeIOLLnKWq6GHE8ZV7ZFiqPOjqo0QUUs+Cw/GBG
XdRk2egvWL495GeEodIorTm9Ijm30cyN9lQf6wtX0Yij+36jmWNDgRy7u3MYCVOO
dOEw7dunRjCfA9jm/lGJ761H3uKSRpl0W/QjKfREntayWGR5YhhPuFHI
-----END CERTIFICATE-----