Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401818.roa
File:                     AS401818.roa (raw, json)
Hash identifier:          sKUJBw/+X/9koPmSrg/XuiOSekpTpEZbOlfQbxLdDHY=
Subject key identifier:   34:CB:10:BA:AD:99:6F:79:C4:5B:D4:1E:35:7D:F6:B6:F5:50:DD:E8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0DCF25C05861B874180CD8367EBBEF5396564625
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401818.roa
Signing time:             Thu 23 Oct 2025 19:41:40 +0000
ROA not before:           Thu 23 Oct 2025 19:36:40 +0000
ROA not after:            Thu 22 Oct 2026 19:41:40 +0000
asID:                     401818
IP address blocks:        82.22.32.0/24 maxlen: 24
                          2a13:9500:e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:cf:25:c0:58:61:b8:74:18:0c:d8:36:7e:bb:ef:53:96:56:46:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 23 19:36:40 2025 GMT
            Not After : Oct 22 19:41:40 2026 GMT
        Subject: CN=34CB10BAAD996F79C45BD41E357DF6B6F550DDE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:15:ab:83:7a:08:3f:48:3f:27:a2:e5:d3:52:
                    dc:ad:a8:be:b7:01:b6:85:f2:2d:6b:a5:46:72:aa:
                    e8:fe:4d:a7:5a:c3:55:07:0a:8b:00:95:45:a4:86:
                    d2:2b:e6:44:6a:88:14:3a:c8:c8:a7:d9:ae:5c:9f:
                    4d:73:45:83:a9:bb:ea:6b:0b:08:82:96:c4:2c:f9:
                    0b:c3:e9:b9:4e:c7:85:07:c1:5e:3a:8b:34:a5:8f:
                    2f:72:89:5f:7f:aa:89:1f:fb:2e:06:14:fa:d3:7c:
                    a9:13:37:b0:ae:6a:2c:2c:64:5a:f4:a6:0d:5d:39:
                    64:0b:f0:b8:eb:27:45:29:86:be:38:a4:8f:be:22:
                    34:88:4f:74:f8:7e:80:33:83:8b:8c:06:fb:4c:dc:
                    ce:ef:8a:f7:47:01:a1:0e:37:fa:b3:6d:b8:65:f9:
                    75:12:d9:da:00:eb:d1:67:58:f8:96:7a:48:5f:c9:
                    f2:9f:cd:99:ee:5c:dd:ed:c8:51:40:be:68:c7:38:
                    ba:ae:1b:8e:3f:a1:bf:5f:49:18:d2:2a:6d:84:13:
                    06:e0:37:ef:06:89:9e:d2:fa:25:d0:34:19:28:be:
                    47:f3:94:14:71:bb:8a:ed:37:1f:92:c5:4b:13:f9:
                    c2:aa:9d:79:e3:cd:96:7c:25:08:a5:7d:41:54:52:
                    c9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:CB:10:BA:AD:99:6F:79:C4:5B:D4:1E:35:7D:F6:B6:F5:50:DD:E8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401818.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.32.0/24
                IPv6:
                  2a13:9500:e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:44:06:8d:b2:fa:70:9f:51:fe:78:0f:90:74:e0:46:51:da:
         98:a0:6a:26:bf:a3:1e:bb:2d:4c:40:4c:c5:96:a6:c2:ac:09:
         b8:a0:81:e5:e1:04:da:8f:54:a6:68:76:d6:cb:dd:13:62:67:
         ab:f7:52:b4:04:05:6f:98:48:8d:ac:ba:8d:78:e8:60:37:8c:
         a0:89:8f:08:74:cd:96:a1:cd:7d:06:9f:01:dc:45:34:7a:cd:
         65:a0:d0:1a:7f:6f:79:96:89:93:15:c4:e9:53:8f:cc:b0:65:
         6e:5c:71:c3:55:23:3c:8b:9b:13:51:03:e2:07:bc:95:a0:b7:
         45:2e:78:36:5a:68:30:e9:35:2c:90:de:0b:3a:7d:b2:24:53:
         64:cb:d8:ef:a6:6d:62:a2:03:e0:6c:3f:fb:99:4d:d2:70:f7:
         9e:8d:31:3a:60:af:8e:eb:8d:d6:d9:01:04:b0:28:76:c3:89:
         8a:7c:eb:0b:63:3a:17:cc:48:a9:e6:a8:fa:3d:5d:c7:11:7c:
         c7:0b:d7:8d:a9:f2:48:6f:4c:dc:25:32:39:1a:8b:75:d6:4d:
         4f:66:d0:c8:a5:b4:e4:c4:48:bf:43:9d:b6:88:a1:d1:75:b3:
         20:b3:0d:54:95:96:1c:db:67:a5:bb:1b:35:50:92:ee:c5:22:
         1e:06:14:f2
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUDc8lwFhhuHQYDNg2frvvU5ZWRiUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjMxOTM2NDBaFw0yNjEwMjIxOTQxNDBaMDMxMTAvBgNV
BAMTKDM0Q0IxMEJBQUQ5OTZGNzlDNDVCRDQxRTM1N0RGNkI2RjU1MERERTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdFauDegg/SD8nouXTUtytqL63
AbaF8i1rpUZyquj+Tadaw1UHCosAlUWkhtIr5kRqiBQ6yMin2a5cn01zRYOpu+pr
CwiClsQs+QvD6blOx4UHwV46izSljy9yiV9/qokf+y4GFPrTfKkTN7CuaiwsZFr0
pg1dOWQL8LjrJ0Uphr44pI++IjSIT3T4foAzg4uMBvtM3M7vivdHAaEON/qzbbhl
+XUS2doA69FnWPiWekhfyfKfzZnuXN3tyFFAvmjHOLquG44/ob9fSRjSKm2EEwbg
N+8GiZ7S+iXQNBkovkfzlBRxu4rtNx+SxUsT+cKqnXnjzZZ8JQilfUFUUsn9AgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUNMsQuq2Zb3nEW9QeNX32tvVQ3egwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAxODE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhYg
MA8EAgACMAkDBwAqE5UAAOAwDQYJKoZIhvcNAQELBQADggEBAHBEBo2y+nCfUf54
D5B04EZR2pigaia/ox67LUxATMWWpsKsCbiggeXhBNqPVKZodtbL3RNiZ6v3UrQE
BW+YSI2suo146GA3jKCJjwh0zZahzX0GnwHcRTR6zWWg0Bp/b3mWiZMVxOlTj8yw
ZW5cccNVIzyLmxNRA+IHvJWgt0UueDZaaDDpNSyQ3gs6fbIkU2TL2O+mbWKiA+Bs
P/uZTdJw956NMTpgr47rjdbZAQSwKHbDiYp86wtjOhfMSKnmqPo9XccRfMcL142p
8khvTNwlMjkai3XWTU9m0MiltOTESL9DnbaIodF1syCzDVSVlhzbZ6W7GzVQku7F
Ih4GFPI=
-----END CERTIFICATE-----