Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          AYFw5riAUstJdS/y0LF20U5OAVo/5nB1xyviXNMcmhQ=
Subject key identifier:   0E:EE:44:64:F1:CB:F6:18:2B:F7:9D:DE:FF:D8:E3:55:08:5F:10:30
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       100EBF89A8415C16AA2D5C7C9A5F7A06B6440925
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
Signing time:             Fri 01 Aug 2025 07:55:37 +0000
ROA not before:           Fri 01 Aug 2025 07:50:37 +0000
ROA not after:            Fri 31 Jul 2026 07:55:37 +0000
asID:                     21840
IP address blocks:        82.22.124.0/24 maxlen: 24
                          82.26.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:0e:bf:89:a8:41:5c:16:aa:2d:5c:7c:9a:5f:7a:06:b6:44:09:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  1 07:50:37 2025 GMT
            Not After : Jul 31 07:55:37 2026 GMT
        Subject: CN=0EEE4464F1CBF6182BF79DDEFFD8E355085F1030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:aa:c8:df:90:81:71:58:62:25:48:11:34:81:
                    df:9f:74:89:32:90:6c:07:66:70:2b:be:fb:ee:f0:
                    9b:70:6e:ee:86:1d:00:a7:d8:83:61:69:73:ee:86:
                    ab:b8:30:33:1b:cf:08:4d:4c:70:02:26:17:d7:5b:
                    a7:ed:57:60:af:d8:e6:45:7f:e2:34:63:2d:30:47:
                    fa:fb:60:fa:70:5f:bd:b4:b2:a5:74:5d:91:91:f4:
                    e5:cf:4f:cc:52:0b:ef:d0:0c:7e:e6:1c:e4:c9:54:
                    d7:4f:18:a8:2a:be:ec:31:63:7b:b9:b4:0b:b3:be:
                    a9:3c:b9:27:20:d1:ef:bd:d4:18:75:04:4d:65:0e:
                    e5:d3:62:09:31:ba:04:2b:61:e2:a6:86:f6:e7:b1:
                    d3:3a:6f:49:93:e5:c4:c1:2d:2b:7d:d9:3c:4b:5b:
                    3c:bf:f6:33:f7:e2:30:c0:82:72:8a:15:70:a4:e7:
                    d8:72:81:07:75:b9:af:b9:f7:9d:44:68:6c:4d:cd:
                    4a:0c:5a:6e:bb:47:a7:1c:5c:fb:f0:ce:a8:5c:a8:
                    14:f4:4f:89:51:cc:46:00:f6:0f:d3:2c:f1:b2:85:
                    fa:49:a6:ff:82:28:e2:d1:2b:47:59:23:b4:3d:b7:
                    53:35:3a:98:11:7c:f4:9d:f7:48:29:8b:e8:98:54:
                    7c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:EE:44:64:F1:CB:F6:18:2B:F7:9D:DE:FF:D8:E3:55:08:5F:10:30
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.124.0/24
                  82.26.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:fb:f1:5b:c6:9e:80:7b:1c:0d:f3:57:6f:b4:42:48:50:7d:
         fd:1e:f6:82:ff:60:e5:4f:9d:fa:3d:d7:35:18:b4:9a:2e:f3:
         56:0f:23:60:7c:b1:5c:8a:50:7b:1a:4f:ab:3a:00:62:1b:cd:
         2c:5d:57:eb:79:af:68:79:01:d6:ff:40:93:5a:47:47:fb:a7:
         0e:74:b9:13:c2:c7:88:06:bc:31:db:3a:a1:50:c9:45:31:11:
         2c:df:1d:75:a8:05:ee:c4:4f:89:11:31:03:ec:f4:3a:c6:17:
         d0:f9:f6:65:2f:a5:eb:05:6c:e7:b9:c7:45:6c:08:38:f7:fc:
         b6:6e:71:5d:12:90:e3:63:0d:c4:59:b5:69:65:fb:25:5b:c3:
         e1:05:2b:05:86:b8:2d:37:f8:9c:ce:61:76:d8:4c:c5:a5:58:
         ae:d6:96:0d:11:98:05:fc:1d:b0:21:1f:ee:61:22:b4:a5:46:
         15:ec:57:27:36:e8:0c:5f:dc:4a:bc:ad:cc:5f:ad:61:ef:a7:
         d8:f8:c0:f9:06:c8:fe:1c:2e:1a:fe:a4:64:87:f2:82:1f:9f:
         42:cb:91:d7:89:4d:aa:44:af:81:77:da:c3:28:4d:3d:85:74:
         96:1c:1a:44:00:42:2f:6f:b5:41:40:34:11:f7:95:eb:03:e8:
         11:02:36:02
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUEA6/iahBXBaqLVx8ml96BrZECSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDEwNzUwMzdaFw0yNjA3MzEwNzU1MzdaMDMxMTAvBgNV
BAMTKDBFRUU0NDY0RjFDQkY2MTgyQkY3OURERUZGRDhFMzU1MDg1RjEwMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2qsjfkIFxWGIlSBE0gd+fdIky
kGwHZnArvvvu8Jtwbu6GHQCn2INhaXPuhqu4MDMbzwhNTHACJhfXW6ftV2Cv2OZF
f+I0Yy0wR/r7YPpwX720sqV0XZGR9OXPT8xSC+/QDH7mHOTJVNdPGKgqvuwxY3u5
tAuzvqk8uScg0e+91Bh1BE1lDuXTYgkxugQrYeKmhvbnsdM6b0mT5cTBLSt92TxL
Wzy/9jP34jDAgnKKFXCk59hygQd1ua+5951EaGxNzUoMWm67R6ccXPvwzqhcqBT0
T4lRzEYA9g/TLPGyhfpJpv+CKOLRK0dZI7Q9t1M1OpgRfPSd90gpi+iYVHwnAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUDu5EZPHL9hgr953e/9jjVQhfEDAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFnwD
BABSGqAwDQYJKoZIhvcNAQELBQADggEBAIj78VvGnoB7HA3zV2+0QkhQff0e9oL/
YOVPnfo91zUYtJou81YPI2B8sVyKUHsaT6s6AGIbzSxdV+t5r2h5Adb/QJNaR0f7
pw50uRPCx4gGvDHbOqFQyUUxESzfHXWoBe7ET4kRMQPs9DrGF9D59mUvpesFbOe5
x0VsCDj3/LZucV0SkONjDcRZtWll+yVbw+EFKwWGuC03+JzOYXbYTMWlWK7Wlg0R
mAX8HbAhH+5hIrSlRhXsVyc26Axf3Eq8rcxfrWHvp9j4wPkGyP4cLhr+pGSH8oIf
n0LLkdeJTapEr4F32sMoTT2FdJYcGkQAQi9vtUFANBH3lesD6BECNgI=
-----END CERTIFICATE-----