Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          m79AhPRyNNCOsYMhxyBS9h87/1T66xA3cdgaxw+gpiQ=
Subject key identifier:   F5:0A:2B:15:AF:27:BE:4C:8D:C9:8D:B6:60:F2:EF:88:E4:DC:56:A0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7D7F5BBBBBFB4A324EDFFEF0E23341E697A6C56E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
Signing time:             Mon 03 Nov 2025 09:54:39 +0000
ROA not before:           Mon 03 Nov 2025 09:49:39 +0000
ROA not after:            Mon 02 Nov 2026 09:54:39 +0000
asID:                     21840
IP address blocks:        82.22.39.0/24 maxlen: 24
                          82.24.33.0/24 maxlen: 24
                          82.26.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:7f:5b:bb:bb:fb:4a:32:4e:df:fe:f0:e2:33:41:e6:97:a6:c5:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov  3 09:49:39 2025 GMT
            Not After : Nov  2 09:54:39 2026 GMT
        Subject: CN=F50A2B15AF27BE4C8DC98DB660F2EF88E4DC56A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:88:cf:f8:a2:02:c0:4f:e3:e9:16:58:ae:b5:
                    66:16:70:b0:f9:a4:24:46:4b:f0:b3:c0:be:cf:8a:
                    1b:ff:c8:46:3f:1f:57:ae:58:1a:59:17:a6:8d:2b:
                    5e:32:0f:b5:ef:89:ea:7c:5d:9b:aa:e1:38:ff:68:
                    a5:b5:a8:23:eb:b8:f0:b5:10:b0:74:17:88:31:6d:
                    ef:9c:45:3c:40:8d:1e:ba:da:cf:4e:8a:3a:18:4e:
                    bf:23:c0:a9:eb:e1:84:bc:06:b5:28:c0:c5:5a:3f:
                    38:69:ef:4b:71:ca:4c:b6:ea:c4:54:29:f3:a2:be:
                    31:22:7e:22:64:23:82:91:7a:b4:63:f8:0e:77:7f:
                    e9:55:dc:e3:32:58:06:e0:00:17:c3:82:b1:47:bc:
                    5f:f8:5c:55:b2:81:dc:ce:16:dd:18:1d:91:42:a4:
                    0e:17:4d:ff:fb:54:2f:56:e9:43:38:02:33:1c:d7:
                    6e:09:8e:03:d5:e6:5b:a1:e9:ea:b2:01:3e:8d:3b:
                    48:75:3d:c2:67:17:5d:50:5d:9a:3f:e7:62:8e:b2:
                    7f:3c:fa:7c:09:57:fb:2b:e1:e6:d9:10:ae:d8:48:
                    cc:d3:09:d1:2d:6b:78:86:5f:be:82:84:a6:17:b5:
                    bf:5a:4d:17:cb:79:f4:79:f0:90:a3:2d:fd:01:52:
                    65:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:0A:2B:15:AF:27:BE:4C:8D:C9:8D:B6:60:F2:EF:88:E4:DC:56:A0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.39.0/24
                  82.24.33.0/24
                  82.26.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:41:a3:1e:e0:31:ec:36:57:00:91:14:3e:f9:39:13:fb:92:
         24:b7:d4:c5:f9:66:80:d8:18:8b:33:ba:3d:a5:45:b7:86:28:
         49:54:c6:d7:b7:9b:52:00:bf:5c:46:5f:45:3c:b1:f9:58:88:
         42:36:74:68:95:6e:3f:a8:18:7b:2f:31:f8:9c:11:00:1b:de:
         c0:a5:86:9a:aa:3f:66:f6:e3:d3:fe:b6:3e:4c:75:ea:a4:1d:
         65:cc:38:89:31:41:67:c0:ee:f5:6f:ec:04:6d:b9:fb:b1:98:
         8e:90:aa:d1:3a:31:b7:f9:b3:64:40:19:76:a4:d0:e3:bd:99:
         dd:7c:ba:2f:57:0e:fe:9b:90:12:3d:69:0e:cb:df:e3:11:cc:
         20:2b:be:40:1b:28:9e:96:de:43:e1:03:a4:70:f5:de:75:1e:
         40:f6:ba:cd:17:1a:84:27:c0:02:80:20:9c:02:1f:07:a1:62:
         fa:0d:fb:9e:49:04:0a:9e:fe:c3:f2:03:bb:10:6c:62:de:0a:
         fd:a3:26:ff:8d:96:17:0a:ad:90:3d:93:97:c1:d5:25:50:8d:
         b4:97:a0:33:46:bf:36:85:a7:3c:0c:33:7e:3f:12:2e:db:b8:
         10:c9:92:5d:21:a3:30:36:ac:7d:91:f6:af:a3:4b:22:f9:fb:
         65:a1:bd:a9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUfX9bu7v7SjJO3/7w4jNB5pemxW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMDMwOTQ5MzlaFw0yNjExMDIwOTU0MzlaMDMxMTAvBgNV
BAMTKEY1MEEyQjE1QUYyN0JFNEM4REM5OERCNjYwRjJFRjg4RTREQzU2QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbiM/4ogLAT+PpFliutWYWcLD5
pCRGS/CzwL7Pihv/yEY/H1euWBpZF6aNK14yD7Xviep8XZuq4Tj/aKW1qCPruPC1
ELB0F4gxbe+cRTxAjR662s9OijoYTr8jwKnr4YS8BrUowMVaPzhp70txyky26sRU
KfOivjEifiJkI4KRerRj+A53f+lV3OMyWAbgABfDgrFHvF/4XFWygdzOFt0YHZFC
pA4XTf/7VC9W6UM4AjMc124JjgPV5luh6eqyAT6NO0h1PcJnF11QXZo/52KOsn88
+nwJV/sr4ebZEK7YSMzTCdEta3iGX76ChKYXtb9aTRfLefR58JCjLf0BUmU/AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU9QorFa8nvkyNyY22YPLviOTcVqAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABSFicD
BABSGCEDBABSGqAwDQYJKoZIhvcNAQELBQADggEBABBBox7gMew2VwCRFD75ORP7
kiS31MX5ZoDYGIszuj2lRbeGKElUxte3m1IAv1xGX0U8sflYiEI2dGiVbj+oGHsv
MficEQAb3sClhpqqP2b249P+tj5MdeqkHWXMOIkxQWfA7vVv7ARtufuxmI6QqtE6
Mbf5s2RAGXak0OO9md18ui9XDv6bkBI9aQ7L3+MRzCArvkAbKJ6W3kPhA6Rw9d51
HkD2us0XGoQnwAKAIJwCHwehYvoN+55JBAqe/sPyA7sQbGLeCv2jJv+NlhcKrZA9
k5fB1SVQjbSXoDNGvzaFpzwMM34/Ei7buBDJkl0hozA2rH2R9q+jSyL5+2Whvak=
-----END CERTIFICATE-----