Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS398547.roa
File:                     AS398547.roa (raw, json)
Hash identifier:          tmH8eabfNZp8tV6wfxuJSaJmQ0RQk1eysaq/cC8oZPA=
Subject key identifier:   79:9A:55:93:FE:E8:35:8E:7D:4F:70:B0:47:C0:4C:21:22:2A:CC:37
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1F00BA4BAF317E13C92945102F3F2CEBAC527D36
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS398547.roa
Signing time:             Fri 13 Feb 2026 11:12:02 +0000
ROA not before:           Fri 13 Feb 2026 11:07:02 +0000
ROA not after:            Fri 12 Feb 2027 11:12:02 +0000
asID:                     398547
IP address blocks:        82.22.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:00:ba:4b:af:31:7e:13:c9:29:45:10:2f:3f:2c:eb:ac:52:7d:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 13 11:07:02 2026 GMT
            Not After : Feb 12 11:12:02 2027 GMT
        Subject: CN=799A5593FEE8358E7D4F70B047C04C21222ACC37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e1:c6:c8:a2:90:03:3a:bc:88:17:73:63:14:
                    85:81:f7:8f:bd:d3:4b:a9:b5:3b:45:83:b9:da:0d:
                    11:0c:f9:62:87:f3:ad:f5:71:39:2a:53:22:ff:43:
                    98:00:72:54:22:f0:a3:1a:66:ae:1d:19:19:5b:9e:
                    c1:73:6b:c7:a3:ca:d7:ed:24:1c:00:02:70:bf:c4:
                    db:90:27:6e:c5:b9:40:6f:6d:3b:02:b0:c1:f4:05:
                    a0:4f:a8:22:c6:d1:01:9b:78:84:22:49:1d:13:e0:
                    e7:34:60:ff:16:b5:f8:96:a0:77:f1:84:9e:3c:ca:
                    a4:ec:6f:28:26:de:15:aa:cc:1b:44:2e:3c:ed:05:
                    1f:c1:81:4f:fb:3a:da:fa:c9:d0:52:fd:65:c6:bc:
                    95:c9:ce:8e:94:d7:7a:a2:af:9b:27:2a:47:68:b9:
                    e1:04:2d:84:2c:6f:e6:06:af:28:4b:69:f4:94:9d:
                    fc:0c:0e:46:d4:0d:7e:b6:1a:3c:bb:c4:fe:97:2f:
                    80:1d:48:af:e4:69:cc:ed:10:2a:73:77:5c:09:eb:
                    dc:29:28:c6:41:13:02:49:6a:40:3d:5d:6f:e9:47:
                    2a:49:b3:2a:af:b7:90:1f:be:08:ad:91:25:25:e8:
                    44:78:af:e2:1c:ee:28:9d:b6:4e:cd:4d:1a:16:64:
                    d7:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9A:55:93:FE:E8:35:8E:7D:4F:70:B0:47:C0:4C:21:22:2A:CC:37
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS398547.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:db:a2:f7:1b:a3:f6:74:8d:c6:81:8b:69:3c:f7:12:d3:04:
         61:66:68:27:69:fd:cb:c3:bf:33:68:0c:d1:98:e8:e1:f3:cb:
         74:7c:2a:7a:2f:01:b3:02:3f:91:3a:99:f9:ab:50:f3:ed:a5:
         03:2f:cf:b6:e7:ff:1d:79:72:7b:ff:4d:c1:da:5f:40:3a:22:
         bc:73:fe:9e:f7:bb:bf:70:76:f4:23:02:10:d0:cb:78:ee:3c:
         19:42:fe:de:71:b8:d6:b1:22:36:b4:30:11:9a:ea:03:62:a3:
         dc:45:bc:de:a0:9e:80:9b:a3:f9:89:b5:72:c3:cb:cb:e8:5d:
         21:71:da:54:86:d8:66:0d:73:ed:03:5e:cc:84:af:91:bb:b6:
         1c:87:05:39:7f:87:f2:75:1c:13:e6:2c:b0:b0:20:f2:ab:36:
         34:e1:20:53:de:4c:ae:cf:4c:12:bb:51:f0:f9:96:8d:bb:f0:
         d2:3e:ee:05:3f:04:ec:61:ca:d2:8b:a9:0a:3f:ba:de:8e:9a:
         9d:0f:ad:17:d9:ae:2c:35:3e:eb:bb:ce:50:6a:f4:08:c9:05:
         eb:62:8d:99:0e:4b:36:57:53:a8:5c:21:73:3c:e4:8e:39:e0:
         aa:60:11:cf:62:53:82:be:7c:92:74:b8:30:bd:5c:db:33:23:
         2d:2d:09:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHwC6S68xfhPJKUUQLz8s66xSfTYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMTMxMTA3MDJaFw0yNzAyMTIxMTEyMDJaMDMxMTAvBgNV
BAMTKDc5OUE1NTkzRkVFODM1OEU3RDRGNzBCMDQ3QzA0QzIxMjIyQUNDMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU4cbIopADOryIF3NjFIWB94+9
00uptTtFg7naDREM+WKH8631cTkqUyL/Q5gAclQi8KMaZq4dGRlbnsFza8ejytft
JBwAAnC/xNuQJ27FuUBvbTsCsMH0BaBPqCLG0QGbeIQiSR0T4Oc0YP8WtfiWoHfx
hJ48yqTsbygm3hWqzBtELjztBR/BgU/7Otr6ydBS/WXGvJXJzo6U13qir5snKkdo
ueEELYQsb+YGryhLafSUnfwMDkbUDX62Gjy7xP6XL4AdSK/kacztECpzd1wJ69wp
KMZBEwJJakA9XW/pRypJsyqvt5AfvgitkSUl6ER4r+Ic7iidtk7NTRoWZNezAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeZpVk/7oNY59T3CwR8BMISIqzDcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk4NTQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhYn
MA0GCSqGSIb3DQEBCwUAA4IBAQAo26L3G6P2dI3GgYtpPPcS0wRhZmgnaf3Lw78z
aAzRmOjh88t0fCp6LwGzAj+ROpn5q1Dz7aUDL8+25/8deXJ7/03B2l9AOiK8c/6e
97u/cHb0IwIQ0Mt47jwZQv7ecbjWsSI2tDARmuoDYqPcRbzeoJ6Am6P5ibVyw8vL
6F0hcdpUhthmDXPtA17MhK+Ru7YchwU5f4fydRwT5iywsCDyqzY04SBT3kyuz0wS
u1Hw+ZaNu/DSPu4FPwTsYcrSi6kKP7rejpqdD60X2a4sNT7ru85QavQIyQXrYo2Z
Dks2V1OoXCFzPOSOOeCqYBHPYlOCvnySdLgwvVzbMyMtLQkT
-----END CERTIFICATE-----