Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214481.roa
File:                     AS214481.roa (raw, json)
Hash identifier:          g8PTuW9GWP3ugOZMFWswrQhxNhX2pwpMKvgFceAChes=
Subject key identifier:   30:49:36:DB:89:D6:A4:1A:66:E8:00:E3:82:5F:4A:9B:64:66:3A:AD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       20FBD600D7D1D422EC3D78B04B45943D94F75FB7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214481.roa
Signing time:             Tue 10 Jun 2025 14:56:09 +0000
ROA not before:           Tue 10 Jun 2025 14:51:09 +0000
ROA not after:            Tue 09 Jun 2026 14:56:09 +0000
asID:                     214481
IP address blocks:        82.24.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:fb:d6:00:d7:d1:d4:22:ec:3d:78:b0:4b:45:94:3d:94:f7:5f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 10 14:51:09 2025 GMT
            Not After : Jun  9 14:56:09 2026 GMT
        Subject: CN=304936DB89D6A41A66E800E3825F4A9B64663AAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7b:8f:91:9f:a1:96:52:47:d0:b1:df:96:0f:
                    4b:bc:3b:63:3b:53:0d:53:23:91:f4:6e:3f:03:5f:
                    7a:ff:78:39:60:bb:13:64:c0:35:da:fe:23:af:db:
                    f1:83:98:2c:f3:d6:92:4a:f5:a0:d3:72:72:03:2b:
                    c5:52:dd:48:a7:65:89:a2:fc:21:49:f1:0b:f2:9c:
                    87:c4:49:e1:c3:66:06:47:b8:6d:94:68:ca:f6:7b:
                    fa:99:c3:53:0d:4c:e9:ce:89:11:bb:ea:de:d6:e0:
                    f0:23:91:6a:68:b5:b6:d4:d7:9c:ee:cb:58:a8:27:
                    df:ba:87:20:a3:5f:71:64:04:6f:e5:b9:7c:fa:81:
                    89:3a:27:3d:55:cc:85:da:76:b9:73:a0:99:73:85:
                    71:3f:55:6b:02:63:1a:e8:6b:fe:22:50:ce:81:a9:
                    89:5f:73:b6:da:4a:20:e6:fe:c5:b9:63:72:96:92:
                    98:30:2c:0f:0b:c9:ec:8f:0b:3a:4d:b3:15:1c:09:
                    a7:6e:b2:47:cf:13:29:b6:cc:33:7f:2b:b8:14:a5:
                    26:b8:4a:4e:5c:6e:b7:1c:2a:43:2c:a6:dd:4e:a7:
                    44:4b:c5:57:52:58:9a:91:9b:f2:16:a5:a7:2f:ba:
                    3d:47:58:40:5a:14:ec:46:0f:35:f0:a5:b0:4a:44:
                    03:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:49:36:DB:89:D6:A4:1A:66:E8:00:E3:82:5F:4A:9B:64:66:3A:AD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:21:41:91:5e:fb:11:3f:59:be:d1:8d:89:a6:79:49:bc:eb:
         23:09:06:86:5a:6b:c3:51:51:0d:65:4d:11:ea:12:74:4d:c3:
         df:d0:23:5d:1b:dc:eb:7c:d2:f7:62:06:72:b3:9a:a9:30:50:
         08:c3:9a:c4:25:7d:ce:c4:54:46:cb:e2:eb:21:7d:bf:29:b9:
         23:89:14:81:e0:3a:47:1d:9b:2e:b9:d5:0d:22:8e:63:f7:35:
         4d:99:be:0e:56:1f:e4:49:84:08:29:0b:64:4b:bc:38:fd:d8:
         1d:d0:92:6d:ed:23:33:40:e9:72:7e:61:47:24:8c:41:2f:3f:
         cd:f9:b6:42:fc:7c:b3:aa:4a:67:4f:af:98:9c:04:6f:a1:37:
         66:47:17:f7:dc:04:f8:0c:d0:58:97:0c:95:5e:67:01:cf:15:
         7e:19:f6:e8:ca:b0:b4:0d:15:f3:14:db:57:36:7a:d2:66:4b:
         16:11:3b:79:6b:22:89:b1:f4:5b:70:68:de:23:f7:9f:18:f5:
         3f:06:f9:77:d0:0d:54:87:ab:df:a9:a1:7b:54:fc:20:ac:1c:
         99:11:d6:88:e8:1f:59:b7:05:98:cf:2c:f8:88:1b:97:3d:71:
         19:c2:c2:69:00:c9:52:84:a0:e8:84:13:05:6a:36:9f:29:4c:
         0c:7b:5a:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIPvWANfR1CLsPXiwS0WUPZT3X7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTAxNDUxMDlaFw0yNjA2MDkxNDU2MDlaMDMxMTAvBgNV
BAMTKDMwNDkzNkRCODlENkE0MUE2NkU4MDBFMzgyNUY0QTlCNjQ2NjNBQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+e4+Rn6GWUkfQsd+WD0u8O2M7
Uw1TI5H0bj8DX3r/eDlguxNkwDXa/iOv2/GDmCzz1pJK9aDTcnIDK8VS3UinZYmi
/CFJ8QvynIfESeHDZgZHuG2UaMr2e/qZw1MNTOnOiRG76t7W4PAjkWpotbbU15zu
y1ioJ9+6hyCjX3FkBG/luXz6gYk6Jz1VzIXadrlzoJlzhXE/VWsCYxroa/4iUM6B
qYlfc7baSiDm/sW5Y3KWkpgwLA8LyeyPCzpNsxUcCaduskfPEym2zDN/K7gUpSa4
Sk5cbrccKkMspt1Op0RLxVdSWJqRm/IWpacvuj1HWEBaFOxGDzXwpbBKRAPnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMEk224nWpBpm6ADjgl9Km2RmOq0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NDgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhhT
MA0GCSqGSIb3DQEBCwUAA4IBAQCFIUGRXvsRP1m+0Y2JpnlJvOsjCQaGWmvDUVEN
ZU0R6hJ0TcPf0CNdG9zrfNL3YgZys5qpMFAIw5rEJX3OxFRGy+LrIX2/KbkjiRSB
4DpHHZsuudUNIo5j9zVNmb4OVh/kSYQIKQtkS7w4/dgd0JJt7SMzQOlyfmFHJIxB
Lz/N+bZC/HyzqkpnT6+YnARvoTdmRxf33AT4DNBYlwyVXmcBzxV+GfboyrC0DRXz
FNtXNnrSZksWETt5ayKJsfRbcGjeI/efGPU/Bvl30A1Uh6vfqaF7VPwgrByZEdaI
6B9ZtwWYzyz4iBuXPXEZwsJpAMlShKDohBMFajafKUwMe1pN
-----END CERTIFICATE-----