Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214285.roa
File:                     AS214285.roa (raw, json)
Hash identifier:          4kQIsUwj/QUDlMFz89IB2HtCdWyilPOCPQONCSm25ig=
Subject key identifier:   AC:DB:B2:FE:49:53:D9:44:C7:DF:22:01:67:69:82:29:59:57:03:85
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2AD1206AC48B311B1F0716C2EA768DDB398E93C2
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214285.roa
Signing time:             Fri 31 Oct 2025 17:11:11 +0000
ROA not before:           Fri 31 Oct 2025 17:06:11 +0000
ROA not after:            Fri 30 Oct 2026 17:11:11 +0000
asID:                     214285
IP address blocks:        82.26.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:d1:20:6a:c4:8b:31:1b:1f:07:16:c2:ea:76:8d:db:39:8e:93:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 31 17:06:11 2025 GMT
            Not After : Oct 30 17:11:11 2026 GMT
        Subject: CN=ACDBB2FE4953D944C7DF22016769822959570385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d4:48:38:06:f1:3a:28:f1:b8:e7:82:5a:b5:
                    51:52:35:a3:0d:72:0c:1b:37:aa:18:45:ab:81:83:
                    0d:52:65:97:b3:3e:57:69:d7:0b:3d:e8:99:6c:64:
                    86:1d:3d:b6:2e:38:61:d9:c8:ce:87:90:fe:cd:de:
                    ab:76:ba:80:19:bb:56:96:d3:da:24:94:f9:18:47:
                    2e:79:61:fa:29:d1:ca:5f:e8:1c:73:1f:84:56:d8:
                    0c:a8:10:68:89:99:88:ae:b8:cc:05:1d:86:e8:df:
                    9a:84:3a:74:a9:ef:0c:ad:8b:31:67:5a:cd:33:c3:
                    9f:85:eb:a1:64:72:a2:af:ea:b1:18:f4:99:2a:99:
                    67:d5:a7:df:3e:f0:d6:23:3f:51:df:b3:7a:c2:48:
                    9e:ad:54:cb:34:89:c9:2b:cc:b0:a0:98:e7:e0:01:
                    2d:a2:64:86:f7:6d:c7:10:e5:3f:b1:0e:53:9d:6e:
                    ce:e0:e8:6e:11:c9:19:ee:2b:fe:fd:dd:70:a9:d1:
                    92:07:af:ae:08:17:ce:ef:3b:df:49:28:28:e6:fe:
                    25:d4:59:ac:b0:1c:e3:aa:a0:bc:64:62:d3:7e:21:
                    28:82:1c:29:3b:ff:15:f9:92:82:cb:43:e6:bc:73:
                    b6:b3:72:35:52:d8:72:3c:6d:c6:8b:ec:c9:8b:02:
                    28:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DB:B2:FE:49:53:D9:44:C7:DF:22:01:67:69:82:29:59:57:03:85
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214285.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:b1:c3:2a:93:bb:90:d5:53:83:12:ca:6e:3e:b9:fb:f9:e9:
         6a:13:57:bb:dc:15:b6:10:fb:8d:a5:c6:92:32:db:1a:10:9c:
         11:b1:15:aa:eb:30:7e:c3:37:e0:a8:2f:30:70:fb:72:f3:3c:
         05:b1:43:00:b9:cb:33:e4:6a:f9:00:87:85:87:28:88:b3:13:
         9e:09:83:1c:e0:84:57:48:bb:68:b7:35:2d:3b:d5:e3:bb:d5:
         42:69:ac:ec:29:be:3b:00:d0:48:e1:bd:52:51:f2:6d:7d:04:
         74:1d:f5:75:0d:0c:1a:31:b7:f8:8f:5f:cf:a3:8e:51:87:6d:
         7a:e0:60:66:79:9a:8a:1e:b6:ff:22:0b:5e:f6:a2:79:14:9e:
         98:7e:ec:22:19:81:14:6e:62:e4:d0:0f:e4:1d:2b:fb:c6:fa:
         20:8b:fd:99:ae:1c:77:17:2e:71:80:6d:d0:bc:bc:4e:2b:71:
         1a:ba:73:b7:06:b7:4f:23:e2:49:b7:7a:3e:3a:d0:19:5c:02:
         50:3e:0d:d5:f0:40:7f:8b:a5:d0:ea:1f:49:45:ac:af:11:a2:
         5b:e6:08:31:a6:c3:22:70:07:c3:cb:73:be:7e:2e:2b:ab:83:
         3f:49:56:05:12:d0:58:69:28:b8:be:5b:13:5a:38:63:ff:31:
         fc:11:f8:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKtEgasSLMRsfBxbC6naN2zmOk8IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMzExNzA2MTFaFw0yNjEwMzAxNzExMTFaMDMxMTAvBgNV
BAMTKEFDREJCMkZFNDk1M0Q5NDRDN0RGMjIwMTY3Njk4MjI5NTk1NzAzODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU1Eg4BvE6KPG454JatVFSNaMN
cgwbN6oYRauBgw1SZZezPldp1ws96JlsZIYdPbYuOGHZyM6HkP7N3qt2uoAZu1aW
09oklPkYRy55Yfop0cpf6BxzH4RW2AyoEGiJmYiuuMwFHYbo35qEOnSp7wytizFn
Ws0zw5+F66FkcqKv6rEY9JkqmWfVp98+8NYjP1Hfs3rCSJ6tVMs0ickrzLCgmOfg
AS2iZIb3bccQ5T+xDlOdbs7g6G4RyRnuK/793XCp0ZIHr64IF87vO99JKCjm/iXU
WaywHOOqoLxkYtN+ISiCHCk7/xX5koLLQ+a8c7azcjVS2HI8bcaL7MmLAijtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUrNuy/klT2UTH3yIBZ2mCKVlXA4UwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0Mjg1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhqJ
MA0GCSqGSIb3DQEBCwUAA4IBAQADscMqk7uQ1VODEspuPrn7+elqE1e73BW2EPuN
pcaSMtsaEJwRsRWq6zB+wzfgqC8wcPty8zwFsUMAucsz5Gr5AIeFhyiIsxOeCYMc
4IRXSLtotzUtO9Xju9VCaazsKb47ANBI4b1SUfJtfQR0HfV1DQwaMbf4j1/Po45R
h2164GBmeZqKHrb/Igte9qJ5FJ6YfuwiGYEUbmLk0A/kHSv7xvogi/2Zrhx3Fy5x
gG3QvLxOK3EaunO3BrdPI+JJt3o+OtAZXAJQPg3V8EB/i6XQ6h9JRayvEaJb5ggx
psMicAfDy3O+fi4rq4M/SVYFEtBYaSi4vlsTWjhj/zH8Efir
-----END CERTIFICATE-----