Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273408.roa
File:                     AS273408.roa (raw, json)
Hash identifier:          IGlB4ed8JUJA7RmSNq45beXatQ1o0JisMfmvpFsJGw0=
Subject key identifier:   1F:12:14:97:78:7A:A8:0B:6F:3C:74:12:29:D3:10:AB:00:7F:1B:54
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       384C7AB6FFFF1DC4D3B3EFFF552789B038F2266C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273408.roa
Signing time:             Thu 12 Feb 2026 18:19:44 +0000
ROA not before:           Thu 12 Feb 2026 18:14:44 +0000
ROA not after:            Thu 11 Feb 2027 18:19:44 +0000
asID:                     273408
IP address blocks:        82.22.29.0/24 maxlen: 24
                          2a13:9500:112::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:4c:7a:b6:ff:ff:1d:c4:d3:b3:ef:ff:55:27:89:b0:38:f2:26:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 12 18:14:44 2026 GMT
            Not After : Feb 11 18:19:44 2027 GMT
        Subject: CN=1F121497787AA80B6F3C741229D310AB007F1B54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3b:a1:ed:a6:4a:dc:4f:34:5b:12:da:4f:aa:
                    19:db:ed:21:42:5e:b6:e3:04:db:8a:d8:27:c1:ae:
                    03:3b:ae:4e:56:32:01:26:ab:c7:ae:1d:6a:5c:93:
                    0c:03:5d:5e:2a:20:0d:81:68:56:c6:ad:74:28:0e:
                    46:b4:4d:03:4b:05:87:09:b6:1a:55:c8:06:36:1b:
                    42:90:2e:32:bf:05:f4:5d:9b:eb:b8:11:e7:3d:79:
                    1c:53:76:61:e7:e6:e9:d9:22:49:7d:99:1e:b6:dd:
                    1a:a1:1c:ca:e8:bb:a0:05:6a:27:61:c1:87:3d:f7:
                    5b:52:42:25:e7:1f:f8:ae:50:f4:ab:d0:a2:75:8b:
                    52:29:80:e0:a2:a9:91:0a:7f:e5:44:78:b6:53:43:
                    8c:65:7b:65:3f:d2:4d:df:f4:a6:97:d0:24:af:3d:
                    b8:68:af:26:47:fc:13:65:ac:9f:2c:2b:c8:31:6b:
                    e1:14:b9:fd:ae:e6:9e:5c:62:53:46:b1:9e:de:c1:
                    98:93:10:f2:06:69:61:8a:6f:ca:63:d0:66:35:22:
                    b3:8e:8c:82:ff:ce:e3:2c:37:07:2c:52:ce:70:e5:
                    1a:09:37:b8:f2:a2:7c:66:4d:ea:26:23:6d:b6:b8:
                    d3:aa:6e:e0:9e:7e:20:2a:ed:45:29:be:82:36:86:
                    5d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:12:14:97:78:7A:A8:0B:6F:3C:74:12:29:D3:10:AB:00:7F:1B:54
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273408.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.29.0/24
                IPv6:
                  2a13:9500:112::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:47:cb:6d:62:ba:00:2b:ec:e7:d8:57:54:94:fc:69:af:9f:
         f8:8f:46:ff:dc:ae:08:fb:91:ca:91:4c:2e:5c:e9:41:42:99:
         9d:16:d5:20:8e:62:74:6d:2d:a2:60:82:43:9b:8a:64:94:a3:
         09:e4:3a:81:d7:c1:17:8c:59:cb:9b:36:5a:36:b1:24:5c:be:
         31:6b:40:84:7c:21:42:65:ca:5b:00:ee:c6:81:67:a1:96:16:
         ef:2f:5e:7b:b0:a7:62:9f:63:62:69:58:44:fa:ce:10:05:e1:
         3a:95:28:4c:9e:4d:ce:f2:72:c7:fe:cf:32:85:59:62:6f:de:
         b3:62:d3:79:63:64:e5:b6:04:de:1d:27:06:e4:59:d4:68:23:
         dc:32:4e:0e:02:5d:50:f3:c2:26:5d:63:1c:68:40:ac:ab:4a:
         66:56:c6:af:9b:23:80:37:ec:39:64:d1:c6:f1:a9:e1:f7:fa:
         f3:d2:72:a0:58:bd:52:3d:ec:4f:3c:7f:fe:66:36:0c:2b:99:
         49:86:8e:b7:79:27:be:30:01:51:3a:a1:8f:79:af:b7:7e:81:
         f1:fc:e8:b9:56:22:fe:a7:d1:55:bc:9d:6c:52:3a:0e:2f:5b:
         67:c2:68:01:75:76:bb:dc:52:f4:d7:e9:cd:bc:db:09:6a:9f:
         20:a8:a4:03
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUOEx6tv//HcTTs+//VSeJsDjyJmwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMTIxODE0NDRaFw0yNzAyMTExODE5NDRaMDMxMTAvBgNV
BAMTKDFGMTIxNDk3Nzg3QUE4MEI2RjNDNzQxMjI5RDMxMEFCMDA3RjFCNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXO6HtpkrcTzRbEtpPqhnb7SFC
XrbjBNuK2CfBrgM7rk5WMgEmq8euHWpckwwDXV4qIA2BaFbGrXQoDka0TQNLBYcJ
thpVyAY2G0KQLjK/BfRdm+u4Eec9eRxTdmHn5unZIkl9mR623RqhHMrou6AFaidh
wYc991tSQiXnH/iuUPSr0KJ1i1IpgOCiqZEKf+VEeLZTQ4xle2U/0k3f9KaX0CSv
PbhoryZH/BNlrJ8sK8gxa+EUuf2u5p5cYlNGsZ7ewZiTEPIGaWGKb8pj0GY1IrOO
jIL/zuMsNwcsUs5w5RoJN7jyonxmTeomI222uNOqbuCefiAq7UUpvoI2hl3jAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUHxIUl3h6qAtvPHQSKdMQqwB/G1QwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjczNDA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhYd
MA8EAgACMAkDBwAqE5UAARIwDQYJKoZIhvcNAQELBQADggEBAFJHy21iugAr7OfY
V1SU/Gmvn/iPRv/crgj7kcqRTC5c6UFCmZ0W1SCOYnRtLaJggkObimSUownkOoHX
wReMWcubNlo2sSRcvjFrQIR8IUJlylsA7saBZ6GWFu8vXnuwp2KfY2JpWET6zhAF
4TqVKEyeTc7ycsf+zzKFWWJv3rNi03ljZOW2BN4dJwbkWdRoI9wyTg4CXVDzwiZd
YxxoQKyrSmZWxq+bI4A37Dlk0cbxqeH3+vPScqBYvVI97E88f/5mNgwrmUmGjrd5
J74wAVE6oY95r7d+gfH86LlWIv6n0VW8nWxSOg4vW2fCaAF1drvcUvTX6c282wlq
nyCopAM=
-----END CERTIFICATE-----