Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          Pu/NewFUt+hRWre+srMh2avV1fKRxs9qxgQqkOToVp8=
Subject key identifier:   DF:F5:D4:CB:BD:A6:91:06:AB:61:EC:5E:12:FB:AC:7F:07:23:48:01
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6BFD0328EE656627A797DF6E4D39C58BAF8DF85C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214025.roa
Signing time:             Tue 28 Oct 2025 05:19:52 +0000
ROA not before:           Tue 28 Oct 2025 05:14:52 +0000
ROA not after:            Tue 27 Oct 2026 05:19:52 +0000
asID:                     214025
IP address blocks:        82.21.3.0/24 maxlen: 24
                          82.22.187.0/24 maxlen: 24
                          82.26.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:fd:03:28:ee:65:66:27:a7:97:df:6e:4d:39:c5:8b:af:8d:f8:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 28 05:14:52 2025 GMT
            Not After : Oct 27 05:19:52 2026 GMT
        Subject: CN=DFF5D4CBBDA69106AB61EC5E12FBAC7F07234801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b7:8d:6a:1b:ef:58:2f:2d:f8:8f:df:ba:b3:
                    ec:30:e9:3e:9f:fe:4d:55:13:1a:47:cf:e3:b7:9a:
                    a2:8a:68:bc:47:d3:25:be:cc:35:3b:c7:3f:43:31:
                    be:bd:92:e1:48:9a:d4:c1:f2:6f:1d:8b:27:ed:25:
                    02:eb:ec:89:47:c2:f9:d3:3e:c8:a2:09:4f:81:f5:
                    a2:17:f8:a2:d5:c1:e1:5e:a8:15:a2:2a:94:53:d2:
                    83:ab:fe:e0:ca:ff:62:4c:7d:a1:7f:d6:0f:c1:07:
                    65:84:d8:32:07:35:64:d9:12:08:e9:92:36:75:61:
                    ae:b4:8d:eb:de:ed:65:60:92:11:28:33:e6:a7:48:
                    7b:4e:3b:01:20:16:1a:80:71:ec:51:de:78:fd:88:
                    d6:5a:32:b5:a6:8b:b1:c5:18:04:d9:bc:7c:f4:74:
                    66:0c:00:e9:d6:09:6a:54:2e:86:34:7a:fb:f8:f6:
                    a6:fe:21:2b:fc:f3:54:38:f6:26:3f:c0:96:06:0b:
                    ab:28:dc:c7:bb:35:35:9c:0b:98:a0:24:c5:d2:dd:
                    99:19:f9:32:b3:18:a0:0f:ae:51:58:fb:48:4f:6a:
                    06:35:e8:46:ec:57:e0:04:e3:be:4c:e3:2a:9d:f5:
                    19:af:ef:c7:dc:4f:7a:19:fd:f9:20:94:70:e5:c8:
                    85:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F5:D4:CB:BD:A6:91:06:AB:61:EC:5E:12:FB:AC:7F:07:23:48:01
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.3.0/24
                  82.22.187.0/24
                  82.26.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:80:ed:2d:a3:ce:62:da:d9:0e:b5:39:f2:18:8b:85:9f:33:
         66:14:36:b2:b5:06:51:df:20:08:e5:b1:c3:03:bb:fe:52:67:
         95:4b:fd:72:c5:a5:9b:38:1d:b8:39:a0:d3:56:0c:a4:75:dc:
         8f:28:d4:7f:19:b6:b4:58:be:fa:4e:a4:54:59:03:27:ec:13:
         60:18:26:a6:e3:6c:b7:55:81:f1:fc:2d:4e:22:fb:66:b7:13:
         c2:a1:ef:eb:75:1f:d9:77:cf:15:01:79:1a:6e:44:c5:2c:88:
         a3:f7:a3:f8:55:13:d0:b2:77:b5:47:e8:4e:5a:41:03:7d:34:
         cc:f4:36:17:15:2b:2e:b4:d8:ad:60:31:98:a6:14:be:de:e6:
         22:48:f7:a7:96:20:47:ce:d6:05:6b:3a:d2:c8:b2:38:b8:f0:
         c8:79:09:c2:dc:9e:1d:12:41:b4:e6:27:5a:aa:25:2c:e9:2a:
         f7:00:04:f3:97:e8:63:05:22:d0:ad:b0:76:6d:7c:43:9a:f8:
         71:ce:e1:92:3f:95:16:bb:9c:ed:a4:e1:ed:44:15:c8:e5:ff:
         25:82:8a:bf:4d:60:28:d4:ae:d1:8b:2a:b2:c7:20:68:39:77:
         38:20:1c:60:5f:3d:fe:88:b0:67:06:47:1d:05:69:4c:5d:a1:
         bb:c1:51:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUa/0DKO5lZienl99uTTnFi6+N+FwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjgwNTE0NTJaFw0yNjEwMjcwNTE5NTJaMDMxMTAvBgNV
BAMTKERGRjVENENCQkRBNjkxMDZBQjYxRUM1RTEyRkJBQzdGMDcyMzQ4MDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDt41qG+9YLy34j9+6s+ww6T6f
/k1VExpHz+O3mqKKaLxH0yW+zDU7xz9DMb69kuFImtTB8m8diyftJQLr7IlHwvnT
PsiiCU+B9aIX+KLVweFeqBWiKpRT0oOr/uDK/2JMfaF/1g/BB2WE2DIHNWTZEgjp
kjZ1Ya60jeve7WVgkhEoM+anSHtOOwEgFhqAcexR3nj9iNZaMrWmi7HFGATZvHz0
dGYMAOnWCWpULoY0evv49qb+ISv881Q49iY/wJYGC6so3Me7NTWcC5igJMXS3ZkZ
+TKzGKAPrlFY+0hPagY16EbsV+AE475M4yqd9Rmv78fcT3oZ/fkglHDlyIXHAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU3/XUy72mkQarYexeEvusfwcjSAEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUhUD
AwQAUha7AwQAUhqIMA0GCSqGSIb3DQEBCwUAA4IBAQCfgO0to85i2tkOtTnyGIuF
nzNmFDaytQZR3yAI5bHDA7v+UmeVS/1yxaWbOB24OaDTVgykddyPKNR/Gba0WL76
TqRUWQMn7BNgGCam42y3VYHx/C1OIvtmtxPCoe/rdR/Zd88VAXkabkTFLIij96P4
VRPQsne1R+hOWkEDfTTM9DYXFSsutNitYDGYphS+3uYiSPenliBHztYFazrSyLI4
uPDIeQnC3J4dEkG05idaqiUs6Sr3AATzl+hjBSLQrbB2bXxDmvhxzuGSP5UWu5zt
pOHtRBXI5f8lgoq/TWAo1K7RiyqyxyBoOXc4IBxgXz3+iLBnBkcdBWlMXaG7wVEB
-----END CERTIFICATE-----