Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42093.roa
File:                     AS42093.roa (raw, json)
Hash identifier:          2owqnbQiGYWtVaBDe/8Lzktr2XqTpXv4EeHJboyLqRc=
Subject key identifier:   5D:26:3B:BF:C2:38:F4:26:CC:FA:3C:74:3A:CB:A1:15:D6:7B:65:E2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       085B9C579F66B33553E6C23ABD90EC4645BC2E1E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42093.roa
Signing time:             Wed 11 Jun 2025 13:57:39 +0000
ROA not before:           Wed 11 Jun 2025 13:52:39 +0000
ROA not after:            Wed 10 Jun 2026 13:57:39 +0000
asID:                     42093
IP address blocks:        82.24.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:5b:9c:57:9f:66:b3:35:53:e6:c2:3a:bd:90:ec:46:45:bc:2e:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 11 13:52:39 2025 GMT
            Not After : Jun 10 13:57:39 2026 GMT
        Subject: CN=5D263BBFC238F426CCFA3C743ACBA115D67B65E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2a:2a:4e:ba:b0:91:b4:34:fb:6a:70:e0:1b:
                    13:a5:53:35:1e:5f:b6:1f:b5:af:be:05:99:74:4a:
                    ed:0e:60:16:a8:9a:45:ad:97:2f:e6:0f:29:ef:7b:
                    35:40:ce:08:42:ec:48:20:db:53:b7:b6:d8:15:a6:
                    3c:ee:4b:83:91:21:4c:af:7d:12:14:9c:40:92:ef:
                    c9:6f:90:94:42:33:04:fc:aa:30:eb:e1:18:f1:59:
                    aa:14:d8:f8:73:d7:4b:b4:1d:29:f0:55:6e:6d:95:
                    64:c4:27:73:8e:97:34:99:bc:5f:b8:e6:5a:37:42:
                    1f:76:ec:60:c0:f7:0b:c9:15:eb:24:22:ea:84:9f:
                    38:b1:db:2c:ef:2e:24:e3:4f:80:db:53:1a:8b:b8:
                    86:32:e3:b0:e9:f8:ba:1e:b4:a6:10:27:2c:e3:a6:
                    4b:ea:4d:ac:9a:98:15:bb:46:74:5a:ec:1f:d8:fb:
                    d6:c8:52:63:95:0d:98:8b:75:13:65:e2:21:e4:7f:
                    fa:05:ea:66:53:6a:0e:cd:17:73:4a:4d:4a:81:ad:
                    67:14:40:03:a5:d4:ff:2d:31:ee:b4:5e:af:5f:bd:
                    8b:56:8e:ab:eb:97:7c:45:63:a3:17:19:93:e3:d0:
                    d5:6e:90:de:a6:fc:ff:58:a1:18:80:4c:82:f1:19:
                    b6:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:26:3B:BF:C2:38:F4:26:CC:FA:3C:74:3A:CB:A1:15:D6:7B:65:E2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42093.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:df:39:a0:18:b0:34:e9:39:d4:f3:e5:27:28:29:fc:eb:7e:
         ad:9a:da:91:4e:8f:83:21:1f:a1:db:98:f1:d9:da:b5:b8:9e:
         8e:b8:0e:3c:b7:2a:0e:ad:58:91:ff:3c:1e:5b:e3:25:c8:43:
         7d:a5:74:88:7a:bf:16:46:74:0a:db:7e:9d:38:69:d7:c6:32:
         a4:98:03:25:ff:ce:1f:55:0a:bd:f1:1e:01:4c:0b:f5:e1:ac:
         f8:5e:f7:00:12:03:d4:98:12:ad:ab:70:4c:0b:46:2c:ac:cd:
         85:2f:fc:8c:b6:c5:78:43:53:cf:48:35:6e:32:14:fc:2b:8e:
         eb:bf:ef:6d:e0:93:82:a7:c2:e7:cb:65:77:71:66:2c:62:6d:
         c1:df:81:01:d4:74:dd:81:62:a0:2a:24:36:a2:3b:e2:d5:8f:
         c2:1c:f8:fd:06:a7:d6:df:6a:9a:1e:16:f8:7e:14:da:21:5a:
         a0:4d:21:e9:e6:b1:37:9a:d4:57:9a:4d:65:16:02:1a:e4:ba:
         7e:84:ca:7f:93:d5:0b:14:c6:78:f7:6c:df:f4:22:95:70:c8:
         43:21:84:99:11:49:be:49:4f:3d:68:af:a4:99:9a:39:54:23:
         3f:63:4a:43:8d:cb:48:92:ac:a8:42:48:11:4c:02:8e:8d:4e:
         68:a0:e3:60
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCFucV59mszVT5sI6vZDsRkW8Lh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTExMzUyMzlaFw0yNjA2MTAxMzU3MzlaMDMxMTAvBgNV
BAMTKDVEMjYzQkJGQzIzOEY0MjZDQ0ZBM0M3NDNBQ0JBMTE1RDY3QjY1RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgKipOurCRtDT7anDgGxOlUzUe
X7Yfta++BZl0Su0OYBaomkWtly/mDynvezVAzghC7Egg21O3ttgVpjzuS4ORIUyv
fRIUnECS78lvkJRCMwT8qjDr4RjxWaoU2Phz10u0HSnwVW5tlWTEJ3OOlzSZvF+4
5lo3Qh927GDA9wvJFeskIuqEnzix2yzvLiTjT4DbUxqLuIYy47Dp+LoetKYQJyzj
pkvqTayamBW7RnRa7B/Y+9bIUmOVDZiLdRNl4iHkf/oF6mZTag7NF3NKTUqBrWcU
QAOl1P8tMe60Xq9fvYtWjqvrl3xFY6MXGZPj0NVukN6m/P9YoRiATILxGbalAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUXSY7v8I49CbM+jx0OsuhFdZ7ZeIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDIwOTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGFsw
DQYJKoZIhvcNAQELBQADggEBAAHfOaAYsDTpOdTz5ScoKfzrfq2a2pFOj4MhH6Hb
mPHZ2rW4no64Djy3Kg6tWJH/PB5b4yXIQ32ldIh6vxZGdArbfp04adfGMqSYAyX/
zh9VCr3xHgFMC/XhrPhe9wASA9SYEq2rcEwLRiyszYUv/Iy2xXhDU89INW4yFPwr
juu/723gk4KnwufLZXdxZixibcHfgQHUdN2BYqAqJDaiO+LVj8Ic+P0Gp9bfapoe
Fvh+FNohWqBNIenmsTea1FeaTWUWAhrkun6Eyn+T1QsUxnj3bN/0IpVwyEMhhJkR
Sb5JTz1or6SZmjlUIz9jSkONy0iSrKhCSBFMAo6NTmig42A=
-----END CERTIFICATE-----