Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS24940.roa
File:                     AS24940.roa (raw, json)
Hash identifier:          DqGAQdiATtwvJSEkgP58MUBaLMn443RMZLg14No1XQA=
Subject key identifier:   1D:65:2A:C1:DD:59:46:C5:3D:C4:42:3D:9F:12:D7:0D:4E:4E:4C:DF
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6DDA188624256535E3F030E4594E85B9B94A7901
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS24940.roa
Signing time:             Thu 22 Jan 2026 10:55:42 +0000
ROA not before:           Thu 22 Jan 2026 10:50:42 +0000
ROA not after:            Thu 21 Jan 2027 10:55:42 +0000
asID:                     24940
IP address blocks:        82.39.175.0/24 maxlen: 24
                          2a13:9500:12c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:da:18:86:24:25:65:35:e3:f0:30:e4:59:4e:85:b9:b9:4a:79:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 22 10:50:42 2026 GMT
            Not After : Jan 21 10:55:42 2027 GMT
        Subject: CN=1D652AC1DD5946C53DC4423D9F12D70D4E4E4CDF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:75:d4:e8:88:86:b1:78:5f:2f:ce:91:1f:06:
                    4a:1c:01:2a:97:23:76:dc:27:94:97:d7:f3:6a:8b:
                    41:e8:c2:04:3b:35:00:89:60:41:e1:ca:1b:6d:82:
                    e7:81:dd:0b:2f:31:e0:c5:73:e8:a9:b4:36:ce:de:
                    86:68:46:c0:62:d4:64:a2:29:a6:c5:b9:7d:36:77:
                    0b:77:f7:1b:a0:6f:a6:2b:a5:d7:4c:c2:c2:43:1d:
                    26:be:5d:24:02:08:b2:ab:23:7a:3b:b0:95:4c:b3:
                    77:a7:f7:5b:80:87:ff:e3:da:0e:97:6d:bb:2b:1a:
                    6f:04:8d:41:f4:3d:f8:13:5e:6b:6c:1d:0e:4e:0c:
                    72:25:cc:fa:70:27:a8:23:5a:49:18:10:b4:af:3e:
                    5d:e0:9c:ce:59:2f:31:5c:f6:be:5f:a2:21:db:67:
                    80:cb:67:8d:59:43:5a:f3:83:ed:60:99:f6:4d:d5:
                    e6:de:61:fa:04:c1:03:bc:ff:7a:8a:d2:e5:1c:a0:
                    d7:3a:a1:55:60:25:43:d6:ed:b8:be:db:5c:cf:f8:
                    16:c2:67:63:84:d5:8b:bc:45:72:5a:8d:69:2f:26:
                    b9:f8:a2:8d:ab:3d:12:58:b5:28:d8:c2:80:1e:79:
                    a1:e3:10:9d:6e:b2:67:ce:ee:95:77:f3:3c:fc:76:
                    b6:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:65:2A:C1:DD:59:46:C5:3D:C4:42:3D:9F:12:D7:0D:4E:4E:4C:DF
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS24940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.175.0/24
                IPv6:
                  2a13:9500:12c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:62:f7:f8:a0:93:ca:e0:6b:49:e9:ab:90:1a:ed:d8:2c:9d:
         fd:34:ec:04:bb:04:35:41:13:d7:25:b0:5e:e4:5f:98:45:c9:
         5b:b4:9b:db:d3:59:08:23:b9:50:18:0e:79:77:32:6f:fe:8a:
         47:49:ce:ab:87:63:bd:a9:10:49:f0:e5:34:c9:54:ff:a2:9e:
         cd:28:33:a5:43:49:cc:e4:07:fd:bf:79:81:30:25:ff:16:d0:
         f2:88:d3:f7:f5:30:d3:f0:f2:79:c0:9c:da:0e:83:ea:df:c3:
         71:42:bc:d5:b8:12:3a:ea:5b:a0:dd:df:a4:6f:8c:53:f4:89:
         0f:10:d0:9c:ba:04:30:e2:2c:01:fe:58:07:c1:c2:fb:4e:75:
         f4:75:48:5f:e1:0a:c5:c0:0f:89:83:f7:bd:78:b4:7e:e8:4f:
         d8:de:5a:34:d0:7b:0f:d8:02:0e:e1:34:df:cb:b3:82:46:d2:
         6f:12:5a:3d:d6:71:88:e1:dc:8e:60:c5:e3:17:84:a3:fc:90:
         85:28:7f:02:28:9e:42:16:58:d1:ec:6a:96:4f:94:e6:78:55:
         10:d9:98:87:a3:5f:68:22:70:5f:6f:8c:02:ad:55:7f:be:d0:
         8c:63:56:bf:3b:97:e1:66:a7:72:7b:d8:8e:a4:6f:0e:78:cb:
         29:9e:19:1f
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIUbdoYhiQlZTXj8DDkWU6FublKeQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMjIxMDUwNDJaFw0yNzAxMjExMDU1NDJaMDMxMTAvBgNV
BAMTKDFENjUyQUMxREQ1OTQ2QzUzREM0NDIzRDlGMTJENzBENEU0RTRDREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNddToiIaxeF8vzpEfBkocASqX
I3bcJ5SX1/Nqi0HowgQ7NQCJYEHhyhttgueB3QsvMeDFc+iptDbO3oZoRsBi1GSi
KabFuX02dwt39xugb6YrpddMwsJDHSa+XSQCCLKrI3o7sJVMs3en91uAh//j2g6X
bbsrGm8EjUH0PfgTXmtsHQ5ODHIlzPpwJ6gjWkkYELSvPl3gnM5ZLzFc9r5foiHb
Z4DLZ41ZQ1rzg+1gmfZN1ebeYfoEwQO8/3qK0uUcoNc6oVVgJUPW7bi+21zP+BbC
Z2OE1Yu8RXJajWkvJrn4oo2rPRJYtSjYwoAeeaHjEJ1usmfO7pV38zz8draJAgMB
AAGjggIaMIICFjAdBgNVHQ4EFgQUHWUqwd1ZRsU9xEI9nxLXDU5OTN8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjQ5NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBABSJ68w
DwQCAAIwCQMHACoTlQABLDANBgkqhkiG9w0BAQsFAAOCAQEAWmL3+KCTyuBrSemr
kBrt2Cyd/TTsBLsENUET1yWwXuRfmEXJW7Sb29NZCCO5UBgOeXcyb/6KR0nOq4dj
vakQSfDlNMlU/6KezSgzpUNJzOQH/b95gTAl/xbQ8ojT9/Uw0/DyecCc2g6D6t/D
cUK81bgSOupboN3fpG+MU/SJDxDQnLoEMOIsAf5YB8HC+0519HVIX+EKxcAPiYP3
vXi0fuhP2N5aNNB7D9gCDuE038uzgkbSbxJaPdZxiOHcjmDF4xeEo/yQhSh/Aiie
QhZY0exqlk+U5nhVENmYh6NfaCJwX2+MAq1Vf77QjGNWvzuX4WancnvYjqRvDnjL
KZ4ZHw==
-----END CERTIFICATE-----