Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401322.roa
File:                     AS401322.roa (raw, json)
Hash identifier:          beUKZNkJl9pQ/gAAiRU3n7huFMHcBOTEg1qVN2IkPGA=
Subject key identifier:   3C:C9:05:D4:5E:40:98:17:D1:04:9A:44:2D:DE:82:1C:C4:7C:27:61
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4CCD86FB091E654408F1658B7DF0D892EAB5FC25
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401322.roa
Signing time:             Mon 13 Apr 2026 13:07:09 +0000
ROA not before:           Mon 13 Apr 2026 13:02:09 +0000
ROA not after:            Mon 12 Apr 2027 13:07:09 +0000
asID:                     401322
IP address blocks:        82.21.84.0/24 maxlen: 24
                          82.23.14.0/24 maxlen: 24
                          82.27.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:cd:86:fb:09:1e:65:44:08:f1:65:8b:7d:f0:d8:92:ea:b5:fc:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 13 13:02:09 2026 GMT
            Not After : Apr 12 13:07:09 2027 GMT
        Subject: CN=3CC905D45E409817D1049A442DDE821CC47C2761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:53:f4:41:a0:05:f6:28:7f:5e:ab:d2:8f:25:
                    a6:17:1a:3d:e1:45:35:83:50:cc:35:cf:08:48:6b:
                    6f:8f:1e:53:b1:55:79:a1:91:aa:41:b6:6e:96:7b:
                    f8:66:fd:83:d2:88:a1:8d:8d:44:ff:d0:18:18:4b:
                    2b:3c:92:8e:08:f1:d6:00:00:09:9c:7c:73:12:d9:
                    3d:30:e0:7a:f5:8e:89:0f:54:85:53:36:9f:8e:a8:
                    e2:99:4d:10:83:70:ad:46:16:51:27:94:d0:3f:b3:
                    af:70:78:45:d5:b3:62:38:9b:a3:1c:e2:e8:0a:23:
                    63:df:ec:53:d2:d9:23:12:3f:96:3f:49:9e:a6:fb:
                    e1:7d:f2:5e:0d:76:58:d5:0f:2b:e5:1f:b3:d3:e9:
                    d4:78:2d:19:6a:54:99:5e:92:a4:e8:89:63:56:c0:
                    49:78:65:16:e7:e2:0a:3a:70:51:33:6a:81:88:9b:
                    a7:c9:64:46:a1:f4:83:0a:04:2a:89:79:0a:20:1e:
                    7c:2c:a9:88:cb:0e:76:db:bf:3c:f2:d2:24:0d:d0:
                    79:d2:02:b0:f8:88:c1:e7:4b:7c:16:67:1c:74:e4:
                    e3:8e:37:ea:bc:a5:04:96:87:f7:25:21:5c:3c:e5:
                    81:65:81:79:1a:22:63:43:c2:32:66:e2:9f:dc:85:
                    45:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C9:05:D4:5E:40:98:17:D1:04:9A:44:2D:DE:82:1C:C4:7C:27:61
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401322.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.84.0/24
                  82.23.14.0/24
                  82.27.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:86:4f:6e:8e:dd:1a:75:f9:1c:2b:97:25:30:a7:64:39:23:
         a5:64:8d:9c:7d:9a:9e:9c:e7:f4:1a:b3:26:d7:3f:da:f2:7a:
         c5:9a:16:50:05:96:72:12:06:15:ae:ce:dc:3c:32:7f:4c:19:
         1a:06:27:8c:13:d2:91:c6:99:77:98:a7:68:57:6b:7b:fd:e2:
         ae:5a:12:71:3d:0d:ee:ff:9c:a3:7e:61:35:41:2a:2c:0c:fe:
         55:bd:ab:55:0e:70:35:18:6c:6d:e1:33:45:fc:1b:97:f9:6c:
         27:65:8f:11:16:c6:81:3c:90:29:ab:f1:40:6f:13:65:93:75:
         df:eb:5e:41:fb:ec:36:7c:2b:e6:4b:eb:1b:27:26:3d:92:5b:
         c1:da:0c:fe:39:ff:d0:c9:59:3c:5c:0b:ec:65:62:04:da:ec:
         44:f8:ac:ba:8e:92:12:64:87:3b:4d:db:84:29:a2:78:d3:99:
         59:16:01:c0:ba:f2:82:c0:79:6f:72:15:80:97:26:01:37:52:
         ed:24:4a:9c:b4:63:42:4b:c4:fd:00:7a:8a:90:c3:42:01:02:
         a0:7a:03:1b:de:d3:0c:b5:01:19:f0:9e:25:2c:63:df:24:99:
         78:2b:58:6b:be:74:5a:d9:db:27:a3:c1:68:82:92:c1:14:ad:
         c7:2d:86:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUTM2G+wkeZUQI8WWLffDYkuq1/CUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTMxMzAyMDlaFw0yNzA0MTIxMzA3MDlaMDMxMTAvBgNV
BAMTKDNDQzkwNUQ0NUU0MDk4MTdEMTA0OUE0NDJEREU4MjFDQzQ3QzI3NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCU/RBoAX2KH9eq9KPJaYXGj3h
RTWDUMw1zwhIa2+PHlOxVXmhkapBtm6We/hm/YPSiKGNjUT/0BgYSys8ko4I8dYA
AAmcfHMS2T0w4Hr1jokPVIVTNp+OqOKZTRCDcK1GFlEnlNA/s69weEXVs2I4m6Mc
4ugKI2Pf7FPS2SMSP5Y/SZ6m++F98l4NdljVDyvlH7PT6dR4LRlqVJlekqToiWNW
wEl4ZRbn4go6cFEzaoGIm6fJZEah9IMKBCqJeQogHnwsqYjLDnbbvzzy0iQN0HnS
ArD4iMHnS3wWZxx05OOON+q8pQSWh/clIVw85YFlgXkaImNDwjJm4p/chUXrAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUPMkF1F5AmBfRBJpELd6CHMR8J2EwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAxMzIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUhVU
AwQAUhcOAwQAUhteMA0GCSqGSIb3DQEBCwUAA4IBAQByhk9ujt0adfkcK5clMKdk
OSOlZI2cfZqenOf0GrMm1z/a8nrFmhZQBZZyEgYVrs7cPDJ/TBkaBieME9KRxpl3
mKdoV2t7/eKuWhJxPQ3u/5yjfmE1QSosDP5VvatVDnA1GGxt4TNF/BuX+WwnZY8R
FsaBPJApq/FAbxNlk3Xf615B++w2fCvmS+sbJyY9klvB2gz+Of/QyVk8XAvsZWIE
2uxE+Ky6jpISZIc7TduEKaJ405lZFgHAuvKCwHlvchWAlyYBN1LtJEqctGNCS8T9
AHqKkMNCAQKgegMb3tMMtQEZ8J4lLGPfJJl4K1hrvnRa2dsno8FogpLBFK3HLYaQ
-----END CERTIFICATE-----