Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          Z9EzcAINSapHAMPGl87vZ9Ak0/mzsm8sS6MwMSLY4dc=
Subject key identifier:   AB:B3:B2:F4:BC:1A:86:C2:D9:A5:3F:91:0A:1F:89:AF:F7:E0:8B:AF
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0BB71AF53F57BD2B2A5F5CC8D4774FE0002CB63E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
Signing time:             Tue 03 Feb 2026 06:25:01 +0000
ROA not before:           Tue 03 Feb 2026 06:20:01 +0000
ROA not after:            Tue 02 Feb 2027 06:25:01 +0000
asID:                     21840
IP address blocks:        82.22.11.0/24 maxlen: 24
                          82.26.160.0/24 maxlen: 24
                          178.83.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:b7:1a:f5:3f:57:bd:2b:2a:5f:5c:c8:d4:77:4f:e0:00:2c:b6:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  3 06:20:01 2026 GMT
            Not After : Feb  2 06:25:01 2027 GMT
        Subject: CN=ABB3B2F4BC1A86C2D9A53F910A1F89AFF7E08BAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:40:66:8a:07:92:c3:df:9f:d9:d0:61:12:48:
                    eb:87:f3:81:29:2c:32:93:e0:8a:ca:22:10:b7:e6:
                    21:30:60:54:d5:ae:20:0f:85:c3:03:69:c5:c2:37:
                    83:dc:b8:6d:13:e3:c7:28:73:b7:4f:59:d7:7a:ac:
                    0d:62:e7:87:fb:b1:16:4c:f7:ff:af:8e:13:97:a1:
                    91:90:98:1a:2b:0f:0a:85:3c:a5:74:71:1a:8d:96:
                    f0:07:89:40:a8:90:5f:1e:f0:13:89:aa:f6:19:59:
                    1c:46:8a:e5:00:bf:6b:90:6f:37:3e:6f:ae:b3:99:
                    c9:33:64:6e:82:93:60:e2:eb:61:dc:3f:46:c5:88:
                    21:05:f5:b4:33:5f:fc:2b:cf:4e:86:e5:21:5c:a4:
                    65:b5:01:3e:e2:b6:ed:f1:d7:4a:99:11:5a:20:31:
                    1e:81:dc:f6:58:84:88:3a:81:b6:e1:e3:a5:8e:dc:
                    8b:37:68:61:30:2f:00:09:b6:c6:d1:a8:15:b0:1b:
                    b6:62:c7:0a:c8:3b:52:1e:b4:c2:dc:4d:1d:3e:1d:
                    78:fc:89:cc:b3:07:d5:f6:f0:a5:39:4b:40:13:e2:
                    cb:c6:a8:e0:9e:ad:cf:b3:a9:98:ff:45:21:2b:df:
                    49:92:55:6f:fa:2b:ff:5e:83:98:2e:5e:b5:d4:a4:
                    36:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B3:B2:F4:BC:1A:86:C2:D9:A5:3F:91:0A:1F:89:AF:F7:E0:8B:AF
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.11.0/24
                  82.26.160.0/24
                  178.83.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:5a:40:22:d7:14:41:95:a3:8b:e2:b8:1e:c8:83:27:f5:54:
         1e:ed:cc:e1:6e:2e:1f:70:7b:5e:ce:51:41:cf:13:6f:90:31:
         5b:c3:8f:7f:ec:36:dc:b5:0b:86:30:8e:fc:c8:33:ba:eb:4f:
         38:41:8e:79:c6:c7:1c:cf:2f:fa:a6:c8:7e:9d:b6:4c:c1:11:
         d3:ed:07:5e:11:50:74:a5:d2:0f:aa:0c:59:d1:41:b9:a7:9d:
         66:09:cb:ba:9e:81:78:d6:de:8b:a6:2a:18:54:a6:75:63:42:
         8c:b0:45:c3:6f:74:32:02:f8:07:10:38:6f:3d:b0:50:6d:69:
         9a:40:ff:c5:51:9a:e3:7c:21:e7:3d:9c:f2:8a:7c:a5:ae:cb:
         6d:e2:b4:0f:e8:fd:b2:dd:9c:2a:05:ef:e1:a3:13:69:47:e5:
         3c:6b:2d:71:86:ba:a6:6a:85:b5:df:a9:a4:ae:f7:1e:ae:77:
         b5:f8:33:2f:2a:8f:63:76:a0:13:3c:45:52:5b:62:90:71:05:
         12:47:e1:41:76:b7:00:23:54:b0:eb:79:77:5d:d6:ec:88:45:
         75:e5:1f:03:7c:31:5d:38:be:52:11:7a:0e:4d:ae:04:fd:11:
         0b:82:d7:17:3e:09:77:91:b1:ac:85:6d:62:aa:b8:e2:fd:12:
         39:aa:53:36
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUC7ca9T9XvSsqX1zI1HdP4AAstj4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDMwNjIwMDFaFw0yNzAyMDIwNjI1MDFaMDMxMTAvBgNV
BAMTKEFCQjNCMkY0QkMxQTg2QzJEOUE1M0Y5MTBBMUY4OUFGRjdFMDhCQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwQGaKB5LD35/Z0GESSOuH84Ep
LDKT4IrKIhC35iEwYFTVriAPhcMDacXCN4PcuG0T48coc7dPWdd6rA1i54f7sRZM
9/+vjhOXoZGQmBorDwqFPKV0cRqNlvAHiUCokF8e8BOJqvYZWRxGiuUAv2uQbzc+
b66zmckzZG6Ck2Di62HcP0bFiCEF9bQzX/wrz06G5SFcpGW1AT7itu3x10qZEVog
MR6B3PZYhIg6gbbh46WO3Is3aGEwLwAJtsbRqBWwG7ZixwrIO1IetMLcTR0+HXj8
icyzB9X28KU5S0AT4svGqOCerc+zqZj/RSEr30mSVW/6K/9eg5guXrXUpDYnAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUq7Oy9LwahsLZpT+RCh+Jr/fgi68wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABSFgsD
BABSGqADBACyU54wDQYJKoZIhvcNAQELBQADggEBAKFaQCLXFEGVo4viuB7Igyf1
VB7tzOFuLh9we17OUUHPE2+QMVvDj3/sNty1C4YwjvzIM7rrTzhBjnnGxxzPL/qm
yH6dtkzBEdPtB14RUHSl0g+qDFnRQbmnnWYJy7qegXjW3oumKhhUpnVjQoywRcNv
dDIC+AcQOG89sFBtaZpA/8VRmuN8Iec9nPKKfKWuy23itA/o/bLdnCoF7+GjE2lH
5TxrLXGGuqZqhbXfqaSu9x6ud7X4My8qj2N2oBM8RVJbYpBxBRJH4UF2twAjVLDr
eXdd1uyIRXXlHwN8MV04vlIReg5NrgT9EQuC1xc+CXeRsayFbWKquOL9EjmqUzY=
-----END CERTIFICATE-----