Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS53356.roa
File:                     AS53356.roa (raw, json)
Hash identifier:          DdNxta6h2Kf3prPRO96BbdzQm9FE/MovEnP6otiWiio=
Subject key identifier:   DF:C5:22:DE:83:EF:DA:70:55:04:54:89:5D:8F:49:77:48:00:BB:8B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       08242D748AF241F0B365CECF8FF631538ADE84CF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS53356.roa
Signing time:             Wed 30 Jul 2025 15:19:14 +0000
ROA not before:           Wed 30 Jul 2025 15:14:14 +0000
ROA not after:            Wed 29 Jul 2026 15:19:14 +0000
asID:                     53356
IP address blocks:        82.22.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:24:2d:74:8a:f2:41:f0:b3:65:ce:cf:8f:f6:31:53:8a:de:84:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 30 15:14:14 2025 GMT
            Not After : Jul 29 15:19:14 2026 GMT
        Subject: CN=DFC522DE83EFDA70550454895D8F49774800BB8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:17:69:0f:c2:fa:36:2e:3b:38:c8:03:e7:30:
                    78:af:9a:fd:6d:2f:de:3d:d2:3a:32:7d:35:66:d3:
                    b4:fe:00:55:4f:7e:ff:c2:ca:3c:81:2e:2e:3e:59:
                    87:bf:ca:cd:7d:cd:83:a4:49:20:01:77:43:d3:d1:
                    45:94:72:0e:ef:b2:92:0b:c3:e2:77:27:7d:7f:9a:
                    ed:13:64:ce:08:6e:7a:2f:d9:fe:4e:e4:c6:bc:08:
                    0e:9a:7b:d6:3a:b8:df:a2:aa:1b:1e:83:ec:59:e0:
                    28:eb:dc:3e:dc:37:4c:c4:13:1d:33:f6:c3:48:e4:
                    c5:d9:31:2f:3e:32:c1:db:6a:50:32:3d:d9:0b:a7:
                    40:de:22:e1:89:12:aa:bb:78:04:1f:32:71:76:2d:
                    66:98:ec:0e:0d:b5:88:ab:e7:83:ea:cd:78:63:ca:
                    f5:5d:04:eb:66:11:7d:da:6b:38:90:19:11:9b:7e:
                    ad:4a:7e:45:a3:f6:94:57:e4:3f:2a:ae:59:1a:cd:
                    9a:42:bb:8a:54:11:a2:fb:0d:6a:6d:58:12:e7:d5:
                    66:2e:9d:b2:17:62:91:6a:fd:7d:b2:df:8e:10:1a:
                    14:88:99:45:06:72:d6:09:c4:2c:f9:f5:64:72:1c:
                    42:13:2d:f3:df:9b:48:5e:2f:3d:40:e5:f9:ed:5b:
                    76:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C5:22:DE:83:EF:DA:70:55:04:54:89:5D:8F:49:77:48:00:BB:8B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS53356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:2a:dc:c6:1a:67:39:8d:a4:f7:c6:c9:f5:2c:e5:ae:c7:62:
         2b:2e:14:4e:7c:08:62:da:01:39:68:10:45:7e:1f:a1:29:6a:
         17:45:a1:de:1e:ec:8d:97:e5:1a:87:89:76:f5:b5:1d:a7:db:
         9c:dc:11:56:43:10:c0:f6:78:c7:7d:31:10:b0:18:16:c0:3c:
         16:13:f4:2e:b2:ba:27:90:f0:94:6c:39:b8:73:3b:be:3c:5b:
         06:2d:1e:f7:86:2e:ec:b6:f1:69:35:0c:c3:6d:88:a8:2e:86:
         1d:e1:b8:de:81:c5:40:a6:eb:6b:4c:87:73:17:40:70:ef:41:
         ce:65:cd:30:91:c8:c7:fe:60:8e:73:7e:a4:ab:07:14:3a:83:
         24:e2:88:57:7f:de:14:a8:9b:c1:4c:dc:60:9d:e1:f1:fa:c5:
         e6:25:9a:29:c4:d7:5e:25:10:6b:63:1a:5c:e8:0b:4a:71:be:
         a3:47:75:b0:08:18:50:a8:16:6c:b2:d1:dd:d2:e1:54:a9:09:
         2d:90:fa:cf:b3:7b:bf:5b:20:72:8a:21:67:8b:ab:1f:ea:66:
         c4:71:ac:6b:7e:d1:87:72:42:df:8f:e1:5f:5b:f7:54:af:0f:
         d4:fb:4d:57:3d:46:7e:1d:46:45:65:ce:3a:0f:01:ac:c8:f9:
         fd:fa:86:f3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCCQtdIryQfCzZc7Pj/YxU4rehM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MzAxNTE0MTRaFw0yNjA3MjkxNTE5MTRaMDMxMTAvBgNV
BAMTKERGQzUyMkRFODNFRkRBNzA1NTA0NTQ4OTVEOEY0OTc3NDgwMEJCOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaF2kPwvo2Ljs4yAPnMHivmv1t
L9490joyfTVm07T+AFVPfv/CyjyBLi4+WYe/ys19zYOkSSABd0PT0UWUcg7vspIL
w+J3J31/mu0TZM4Ibnov2f5O5Ma8CA6ae9Y6uN+iqhseg+xZ4Cjr3D7cN0zEEx0z
9sNI5MXZMS8+MsHbalAyPdkLp0DeIuGJEqq7eAQfMnF2LWaY7A4NtYir54PqzXhj
yvVdBOtmEX3aaziQGRGbfq1KfkWj9pRX5D8qrlkazZpCu4pUEaL7DWptWBLn1WYu
nbIXYpFq/X2y344QGhSImUUGctYJxCz59WRyHEITLfPfm0heLz1A5fntW3YnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU38Ui3oPv2nBVBFSJXY9Jd0gAu4swHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTMzNTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFn8w
DQYJKoZIhvcNAQELBQADggEBAEkq3MYaZzmNpPfGyfUs5a7HYisuFE58CGLaATlo
EEV+H6EpahdFod4e7I2X5RqHiXb1tR2n25zcEVZDEMD2eMd9MRCwGBbAPBYT9C6y
uieQ8JRsObhzO748WwYtHveGLuy28Wk1DMNtiKguhh3huN6BxUCm62tMh3MXQHDv
Qc5lzTCRyMf+YI5zfqSrBxQ6gyTiiFd/3hSom8FM3GCd4fH6xeYlminE114lEGtj
GlzoC0pxvqNHdbAIGFCoFmyy0d3S4VSpCS2Q+s+ze79bIHKKIWeLqx/qZsRxrGt+
0YdyQt+P4V9b91SvD9T7TVc9Rn4dRkVlzjoPAazI+f36hvM=
-----END CERTIFICATE-----