Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401322.roa
File:                     AS401322.roa (raw, json)
Hash identifier:          S3E0IblnL1E5yfa6VHmEupdejFGUKRGus9IbMPk9CPE=
Subject key identifier:   0B:32:31:B7:D1:57:A7:84:87:19:CA:04:70:A9:F1:65:0C:FD:D1:E5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       17F8A05002E20322D1739E7919E275E055DB6B9B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401322.roa
Signing time:             Thu 05 Feb 2026 06:04:06 +0000
ROA not before:           Thu 05 Feb 2026 05:59:06 +0000
ROA not after:            Thu 04 Feb 2027 06:04:06 +0000
asID:                     401322
IP address blocks:        82.21.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:f8:a0:50:02:e2:03:22:d1:73:9e:79:19:e2:75:e0:55:db:6b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  5 05:59:06 2026 GMT
            Not After : Feb  4 06:04:06 2027 GMT
        Subject: CN=0B3231B7D157A7848719CA0470A9F1650CFDD1E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:af:ad:a7:4f:03:b4:e5:13:a5:bf:f8:1c:f4:
                    d4:58:6d:74:82:72:e8:5a:12:d6:f7:6a:25:17:b3:
                    8a:82:ae:7a:88:d2:59:f4:49:ea:60:11:4d:94:61:
                    b8:67:92:e8:68:56:f7:ae:69:bf:9f:df:72:5e:a3:
                    c5:18:14:83:74:da:28:22:30:56:ea:64:44:2b:35:
                    0a:00:33:53:96:5f:7c:98:26:f8:4a:22:f4:56:b6:
                    80:ad:76:02:f0:f8:d9:48:89:d4:7a:dc:ab:96:46:
                    a9:f8:47:48:96:9d:69:06:62:e3:90:32:be:28:aa:
                    32:6b:59:53:6e:c4:08:7d:77:68:94:cf:74:ec:34:
                    c4:c8:d0:f5:4f:80:09:55:8a:74:6f:a9:92:10:65:
                    9c:82:87:21:91:51:e4:16:16:1c:a2:37:c0:0a:d5:
                    28:2e:15:ac:34:5a:f3:c8:7f:2b:44:6e:89:c4:b6:
                    f3:de:56:44:9d:96:92:5c:a5:e5:fb:59:8a:96:3f:
                    8a:d7:ea:c7:10:2b:e5:a4:f4:ab:58:7d:01:71:a8:
                    dd:4d:dc:32:d1:93:7b:20:15:99:68:13:f8:13:61:
                    a7:70:63:bc:73:9a:98:96:bb:e0:06:26:56:3b:45:
                    bb:ee:3d:31:fd:a8:72:5b:89:2e:2c:64:75:78:5a:
                    6f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:32:31:B7:D1:57:A7:84:87:19:CA:04:70:A9:F1:65:0C:FD:D1:E5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401322.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:64:85:f7:c4:8d:5d:66:ae:e6:59:19:d0:3f:e9:4e:91:ed:
         72:d9:c5:6e:e5:30:ba:40:bb:67:73:ea:90:f9:cb:5d:6a:b6:
         c8:28:c9:db:d7:13:d8:9c:6e:3c:89:b5:2f:e9:a0:a3:f6:ee:
         06:6b:b0:96:0f:7c:40:0f:d0:a5:6c:b6:2d:2e:d6:a8:07:70:
         88:3c:28:c2:3e:4c:d6:a6:87:54:4c:d1:d4:ce:85:7e:37:5f:
         ab:0a:47:65:d3:d2:e7:f4:de:9c:df:d3:17:d4:eb:17:e7:d7:
         d6:52:1c:f6:ba:79:9a:8d:f8:a5:89:09:a3:03:99:54:63:e8:
         2e:79:d3:bf:51:cb:c5:a8:16:27:04:31:0b:45:5c:81:0c:ab:
         1c:96:61:65:d7:de:6a:66:00:e9:26:3f:be:b1:2f:24:da:a0:
         c0:85:f7:46:34:6a:0f:2a:34:aa:83:3b:61:c0:5f:dc:87:b2:
         50:8e:33:e7:78:14:4f:7f:13:5f:82:1d:b7:4c:6e:fc:ee:ba:
         5d:b0:8a:34:12:18:42:b4:93:f8:65:a9:fb:14:bc:c7:1c:a9:
         0c:e8:d3:28:9f:85:10:ca:6c:16:3b:18:d6:86:84:f9:e8:72:
         09:8b:e5:3a:b6:da:0b:80:93:69:d6:f9:56:4e:10:43:21:3e:
         b1:33:be:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUF/igUALiAyLRc555GeJ14FXba5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDUwNTU5MDZaFw0yNzAyMDQwNjA0MDZaMDMxMTAvBgNV
BAMTKDBCMzIzMUI3RDE1N0E3ODQ4NzE5Q0EwNDcwQTlGMTY1MENGREQxRTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCir62nTwO05ROlv/gc9NRYbXSC
cuhaEtb3aiUXs4qCrnqI0ln0SepgEU2UYbhnkuhoVveuab+f33Jeo8UYFIN02igi
MFbqZEQrNQoAM1OWX3yYJvhKIvRWtoCtdgLw+NlIidR63KuWRqn4R0iWnWkGYuOQ
Mr4oqjJrWVNuxAh9d2iUz3TsNMTI0PVPgAlVinRvqZIQZZyChyGRUeQWFhyiN8AK
1SguFaw0WvPIfytEbonEtvPeVkSdlpJcpeX7WYqWP4rX6scQK+Wk9KtYfQFxqN1N
3DLRk3sgFZloE/gTYadwY7xzmpiWu+AGJlY7RbvuPTH9qHJbiS4sZHV4Wm9bAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCzIxt9FXp4SHGcoEcKnxZQz90eUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAxMzIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhVU
MA0GCSqGSIb3DQEBCwUAA4IBAQBcZIX3xI1dZq7mWRnQP+lOke1y2cVu5TC6QLtn
c+qQ+ctdarbIKMnb1xPYnG48ibUv6aCj9u4Ga7CWD3xAD9ClbLYtLtaoB3CIPCjC
PkzWpodUTNHUzoV+N1+rCkdl09Ln9N6c39MX1OsX59fWUhz2unmajfiliQmjA5lU
Y+guedO/UcvFqBYnBDELRVyBDKsclmFl195qZgDpJj++sS8k2qDAhfdGNGoPKjSq
gzthwF/ch7JQjjPneBRPfxNfgh23TG787rpdsIo0EhhCtJP4Zan7FLzHHKkM6NMo
n4UQymwWOxjWhoT56HIJi+U6ttoLgJNp1vlWThBDIT6xM74P
-----END CERTIFICATE-----