Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201907.roa
File:                     AS201907.roa (raw, json)
Hash identifier:          ON4A6L6QK+wK29TFu6ClmHZwJvo8hwN9XYzvQ9sY0+c=
Subject key identifier:   FC:4B:FD:61:EE:5E:A5:17:6C:3C:59:2A:3B:00:CD:A9:D2:58:51:D2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3155327BF8F03E0205A34B65B7CD846BCE9A9000
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201907.roa
Signing time:             Tue 26 May 2026 08:40:14 +0000
ROA not before:           Tue 26 May 2026 08:35:14 +0000
ROA not after:            Tue 25 May 2027 08:40:14 +0000
asID:                     201907
IP address blocks:        143.14.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:55:32:7b:f8:f0:3e:02:05:a3:4b:65:b7:cd:84:6b:ce:9a:90:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 26 08:35:14 2026 GMT
            Not After : May 25 08:40:14 2027 GMT
        Subject: CN=FC4BFD61EE5EA5176C3C592A3B00CDA9D25851D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:14:11:d5:1f:20:f2:c7:58:b1:7e:05:30:9c:
                    5c:a5:f5:b3:80:b3:86:70:63:3a:c9:4c:5e:f5:c3:
                    e4:07:33:a1:13:61:ae:97:63:fd:da:78:69:97:c0:
                    17:62:66:3c:fd:0c:5a:6e:72:f8:0c:e3:12:4b:b8:
                    02:79:00:b6:df:5e:8e:64:bb:2c:81:6c:91:06:62:
                    be:0b:e5:d3:a2:03:0b:d9:ef:73:e1:51:fb:1e:34:
                    c3:60:55:61:51:d5:85:5e:89:bd:e2:98:70:3c:d9:
                    63:1b:88:0c:c3:e5:5c:0e:33:ae:cd:9e:f4:ae:b1:
                    2d:08:b9:68:57:e2:2c:e8:0f:86:18:b9:b4:97:26:
                    bc:6e:61:8e:50:65:63:68:a9:fd:c5:2c:ca:99:1f:
                    ad:ff:60:fb:8b:96:e1:46:b5:55:1c:59:5c:3d:23:
                    5f:fd:fd:39:ed:0d:2c:b9:47:37:ca:60:d4:97:58:
                    ca:ae:00:1a:43:7a:c9:3d:13:fc:51:f3:b8:38:00:
                    e0:c2:42:f7:24:24:cd:4c:a1:96:40:cd:8e:29:85:
                    53:83:68:a7:94:f2:5f:bc:9e:09:6c:48:46:8a:d7:
                    17:cf:c6:b1:6a:36:f8:fa:8d:41:a0:b7:be:90:f1:
                    7d:4e:4e:a1:f7:44:4c:c6:8d:ea:a8:23:3f:1a:7a:
                    b1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:4B:FD:61:EE:5E:A5:17:6C:3C:59:2A:3B:00:CD:A9:D2:58:51:D2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201907.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:fa:5a:84:02:f6:d8:d9:0a:21:2e:dd:b1:5f:a6:70:59:8b:
         b7:93:b4:d3:90:c7:5a:83:fd:0a:93:42:7a:1c:82:7d:1e:89:
         e1:38:b1:d7:b2:c2:3d:1c:7b:13:4f:21:97:c8:ce:9a:fe:9c:
         ef:79:a6:e2:5c:d1:fd:94:24:e8:cb:54:4a:66:c8:5e:81:94:
         97:00:3a:eb:4a:30:b1:90:32:57:94:5f:11:49:f3:0d:7d:65:
         66:23:32:d3:2c:15:2f:ce:8a:bc:c0:17:83:11:aa:45:c4:44:
         46:e8:59:a5:b8:9b:bd:bc:20:09:b9:bc:1d:e0:d1:2d:cf:07:
         b0:e9:7c:f7:bc:bd:d1:72:a1:60:ed:65:b6:ee:02:b6:4d:70:
         a8:ba:58:37:d8:dd:97:5f:c6:61:46:fa:d7:42:b0:a6:14:3c:
         78:45:7a:7f:d9:54:77:68:f0:4d:03:ec:c2:da:c2:a6:17:c2:
         03:23:a5:7b:35:cc:65:6c:ef:b8:25:9c:70:b2:6e:21:cf:ac:
         d5:d6:1b:e4:28:27:76:4b:28:d8:06:0e:12:7a:59:10:3b:55:
         c4:cc:ad:11:c5:d6:d7:72:54:a1:bb:98:a4:e5:f3:63:b1:6e:
         5f:20:73:46:b9:c5:97:b2:77:82:db:20:09:65:78:12:14:f0:
         dd:51:7d:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMVUye/jwPgIFo0tlt82Ea86akAAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjYwODM1MTRaFw0yNzA1MjUwODQwMTRaMDMxMTAvBgNV
BAMTKEZDNEJGRDYxRUU1RUE1MTc2QzNDNTkyQTNCMDBDREE5RDI1ODUxRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPFBHVHyDyx1ixfgUwnFyl9bOA
s4ZwYzrJTF71w+QHM6ETYa6XY/3aeGmXwBdiZjz9DFpucvgM4xJLuAJ5ALbfXo5k
uyyBbJEGYr4L5dOiAwvZ73PhUfseNMNgVWFR1YVeib3imHA82WMbiAzD5VwOM67N
nvSusS0IuWhX4izoD4YYubSXJrxuYY5QZWNoqf3FLMqZH63/YPuLluFGtVUcWVw9
I1/9/TntDSy5RzfKYNSXWMquABpDesk9E/xR87g4AODCQvckJM1MoZZAzY4phVOD
aKeU8l+8nglsSEaK1xfPxrFqNvj6jUGgt76Q8X1OTqH3REzGjeqoIz8aerHlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/Ev9Ye5epRdsPFkqOwDNqdJYUdIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxOTA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw5R
MA0GCSqGSIb3DQEBCwUAA4IBAQCA+lqEAvbY2QohLt2xX6ZwWYu3k7TTkMdag/0K
k0J6HIJ9HonhOLHXssI9HHsTTyGXyM6a/pzveabiXNH9lCToy1RKZshegZSXADrr
SjCxkDJXlF8RSfMNfWVmIzLTLBUvzoq8wBeDEapFxERG6FmluJu9vCAJubwd4NEt
zwew6Xz3vL3RcqFg7WW27gK2TXCoulg32N2XX8ZhRvrXQrCmFDx4RXp/2VR3aPBN
A+zC2sKmF8IDI6V7NcxlbO+4JZxwsm4hz6zV1hvkKCd2SyjYBg4SelkQO1XEzK0R
xdbXclShu5ik5fNjsW5fIHNGucWXsneC2yAJZXgSFPDdUX2P
-----END CERTIFICATE-----