Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS53850.roa
File:                     AS53850.roa (raw, json)
Hash identifier:          +siL4Ds/XjXf9QH25rXaoTJdtilJSsHI4lKO+gjbvLA=
Subject key identifier:   2B:5A:22:D5:0F:54:2D:71:14:52:DA:62:55:42:87:A9:99:95:4B:AA
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       55B82228244113E1B021E24BA3F3024BD8A5A147
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS53850.roa
Signing time:             Sat 07 Jun 2025 11:36:09 +0000
ROA not before:           Sat 07 Jun 2025 11:31:09 +0000
ROA not after:            Sat 06 Jun 2026 11:36:09 +0000
asID:                     53850
IP address blocks:        82.21.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:b8:22:28:24:41:13:e1:b0:21:e2:4b:a3:f3:02:4b:d8:a5:a1:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  7 11:31:09 2025 GMT
            Not After : Jun  6 11:36:09 2026 GMT
        Subject: CN=2B5A22D50F542D711452DA62554287A999954BAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:95:e6:21:54:a3:43:26:c8:d2:7e:63:cb:1a:
                    28:fc:f8:63:6d:86:6c:ed:69:b5:a6:8e:34:a4:f6:
                    c9:2d:49:82:3e:df:de:f8:01:07:ec:3c:19:40:36:
                    0e:e2:8e:c9:66:48:ee:a9:d8:1a:34:13:6c:35:0f:
                    d9:30:56:77:2c:35:05:c8:cb:fb:75:b3:f6:13:de:
                    a1:5b:f3:79:a4:6e:3f:29:1f:22:51:83:d9:0c:bd:
                    b3:b4:70:40:96:09:c2:ef:21:d9:59:94:39:83:db:
                    72:e3:12:f3:c0:e7:e8:05:4c:e2:04:30:0d:d4:98:
                    61:30:43:21:a6:7a:e6:cc:b6:3a:35:14:85:8e:ea:
                    3a:6b:59:03:69:8e:a6:07:4f:ae:7c:03:12:53:e4:
                    69:9b:b1:e2:20:01:18:f3:cd:f1:7c:64:d3:57:30:
                    b9:98:cb:49:03:10:2c:18:40:c1:e9:2b:54:6b:31:
                    d6:9a:a1:83:47:fd:03:43:4c:ed:6f:fc:95:54:65:
                    c2:a0:85:9c:95:08:28:86:43:31:36:d8:32:6e:76:
                    8f:69:e1:d3:cd:39:c5:3e:13:33:78:c0:80:da:2f:
                    55:65:0e:76:5c:71:d6:89:43:5c:fe:54:54:b5:4a:
                    f5:d7:05:f1:28:5c:c0:61:57:2c:36:4f:72:87:fe:
                    4f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:5A:22:D5:0F:54:2D:71:14:52:DA:62:55:42:87:A9:99:95:4B:AA
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS53850.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:fa:d9:ba:ef:9b:6c:ca:f0:4d:2c:d3:6d:af:c3:46:40:e5:
         1b:42:40:26:02:34:f3:b8:00:28:85:ae:02:64:d8:a4:ec:b2:
         37:59:0f:88:b1:b9:65:58:aa:97:28:66:01:d0:82:40:71:2d:
         38:5b:dc:8d:15:39:2d:71:2e:55:ec:db:85:10:d8:28:09:9c:
         9a:13:b1:7e:23:3f:c8:db:70:11:65:6f:19:b0:7f:60:28:7c:
         f8:5d:19:06:59:6d:51:4b:35:45:dc:f8:ca:2d:03:f4:96:5a:
         40:29:0e:18:13:da:43:55:31:e4:7a:b3:a0:b5:38:02:a9:5a:
         2c:4c:74:ff:87:6a:84:46:73:e2:ee:73:1b:5c:e5:29:03:b2:
         f5:c8:e7:27:f6:1c:66:5c:90:d1:9c:c1:d6:ca:94:59:3d:85:
         cb:e2:d1:7e:fd:1f:eb:a5:0e:51:c5:a3:74:08:07:d7:ce:22:
         b4:71:52:c4:69:ce:48:6f:9c:bc:37:68:a3:6f:e2:a6:ca:49:
         29:e3:6b:04:91:b7:d1:7d:3e:c0:9a:b0:af:f6:4f:f8:21:d6:
         3d:2a:23:44:53:94:cb:5b:9b:7f:3b:b7:0e:b8:ab:44:0b:51:
         58:a5:16:6d:7b:4a:35:8a:50:04:a2:63:68:84:e2:c5:76:f0:
         f6:8c:01:43
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVbgiKCRBE+GwIeJLo/MCS9iloUcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDcxMTMxMDlaFw0yNjA2MDYxMTM2MDlaMDMxMTAvBgNV
BAMTKDJCNUEyMkQ1MEY1NDJENzExNDUyREE2MjU1NDI4N0E5OTk5NTRCQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1leYhVKNDJsjSfmPLGij8+GNt
hmztabWmjjSk9sktSYI+3974AQfsPBlANg7ijslmSO6p2Bo0E2w1D9kwVncsNQXI
y/t1s/YT3qFb83mkbj8pHyJRg9kMvbO0cECWCcLvIdlZlDmD23LjEvPA5+gFTOIE
MA3UmGEwQyGmeubMtjo1FIWO6jprWQNpjqYHT658AxJT5GmbseIgARjzzfF8ZNNX
MLmYy0kDECwYQMHpK1RrMdaaoYNH/QNDTO1v/JVUZcKghZyVCCiGQzE22DJudo9p
4dPNOcU+EzN4wIDaL1VlDnZccdaJQ1z+VFS1SvXXBfEoXMBhVyw2T3KH/k/RAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUK1oi1Q9ULXEUUtpiVUKHqZmVS6owHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTM4NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFQYw
DQYJKoZIhvcNAQELBQADggEBAEX62brvm2zK8E0s022vw0ZA5RtCQCYCNPO4ACiF
rgJk2KTssjdZD4ixuWVYqpcoZgHQgkBxLThb3I0VOS1xLlXs24UQ2CgJnJoTsX4j
P8jbcBFlbxmwf2AofPhdGQZZbVFLNUXc+MotA/SWWkApDhgT2kNVMeR6s6C1OAKp
WixMdP+HaoRGc+Lucxtc5SkDsvXI5yf2HGZckNGcwdbKlFk9hcvi0X79H+ulDlHF
o3QIB9fOIrRxUsRpzkhvnLw3aKNv4qbKSSnjawSRt9F9PsCasK/2T/gh1j0qI0RT
lMtbm387tw64q0QLUVilFm17SjWKUASiY2iE4sV28PaMAUM=
-----END CERTIFICATE-----