Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa
File:                     AS203054.roa (raw, json)
Hash identifier:          om45eGayTvQFyYEewNGBV4/r2dMAhvobw/LlODsLdPM=
Subject key identifier:   2D:98:AC:92:D6:73:18:CE:0A:94:1C:E3:15:E4:87:C3:D9:E0:6E:46
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3C514C61660A93E961C6647DA092489E95F63728
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa
Signing time:             Mon 01 Jun 2026 12:57:34 +0000
ROA not before:           Mon 01 Jun 2026 12:52:34 +0000
ROA not after:            Mon 31 May 2027 12:57:34 +0000
asID:                     203054
IP address blocks:        168.222.48.0/24 maxlen: 24
                          168.222.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 01:42:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:51:4c:61:66:0a:93:e9:61:c6:64:7d:a0:92:48:9e:95:f6:37:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  1 12:52:34 2026 GMT
            Not After : May 31 12:57:34 2027 GMT
        Subject: CN=2D98AC92D67318CE0A941CE315E487C3D9E06E46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:37:9f:38:03:13:df:df:94:dd:07:fe:6f:93:
                    d7:bb:1c:d2:0d:76:f1:13:da:12:38:13:ab:f3:b8:
                    8b:1d:e3:cb:9e:51:df:a8:40:22:1c:a3:d2:0c:26:
                    71:56:4c:06:56:a5:6f:c5:10:09:52:f5:15:95:75:
                    bf:85:eb:a8:5b:50:b7:37:2a:17:8b:8b:c8:92:4e:
                    b2:5c:56:26:21:a5:57:1f:45:44:c6:c5:d0:f4:5b:
                    8f:a9:29:75:2f:b5:e6:57:94:56:63:18:91:40:16:
                    88:9a:93:6b:a9:cd:58:7f:2a:3a:0e:eb:2b:ff:aa:
                    35:64:19:4c:5b:5e:43:b4:65:55:b9:e5:7c:e3:cc:
                    79:cb:d5:4d:28:4b:a6:85:ba:04:4c:44:d7:a4:bc:
                    f5:ee:6b:7d:61:92:1d:61:92:91:03:cf:5c:7c:96:
                    e8:81:89:21:94:ff:b9:ab:d7:d9:05:70:4b:0a:26:
                    a9:5d:fb:99:9a:10:b2:8e:05:6d:7c:55:ff:c0:45:
                    30:8a:f0:19:aa:05:60:81:8f:c4:be:7a:39:31:20:
                    f9:96:c9:95:ca:e6:d4:d6:bd:95:fa:45:fd:87:17:
                    d9:e6:11:d5:ba:ca:8e:bc:3a:8d:e2:72:19:9c:1c:
                    d0:b7:8a:7b:b6:97:2e:53:fc:ee:c5:46:c5:0b:d2:
                    4b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:98:AC:92:D6:73:18:CE:0A:94:1C:E3:15:E4:87:C3:D9:E0:6E:46
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.48.0/24
                  168.222.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a4:03:d9:c6:e6:9d:f7:62:97:00:45:40:97:18:3d:e9:41:
         6f:db:24:fc:1f:bb:95:4e:84:d6:b3:29:a5:fe:38:0b:43:ec:
         df:ef:19:fc:2c:38:d2:10:ed:fb:83:94:3c:aa:a7:20:fe:1e:
         73:64:d5:94:d4:3d:b6:60:da:a0:fd:d2:9c:e9:f6:30:a3:7f:
         c5:de:89:0e:5a:a4:34:b1:ec:96:44:bc:ce:ae:8b:92:c4:27:
         a4:e2:15:07:21:dc:62:00:4a:95:97:ab:bd:cc:00:cb:bb:45:
         3d:38:76:af:8f:44:bc:72:51:15:e0:a0:f9:5e:64:70:4e:2e:
         0c:b8:32:1f:db:98:03:8e:4d:77:d9:1a:14:6a:f4:03:d1:f2:
         9b:47:b5:fe:66:41:d9:2e:d1:bf:21:e6:ec:b1:17:a0:90:24:
         b0:3c:c4:86:c1:c7:df:71:84:23:d7:4f:73:fe:47:ba:ca:eb:
         8b:e5:6c:e6:7c:bd:7e:dd:a9:09:2a:3b:2a:2e:82:fe:ae:52:
         bf:73:f3:e8:49:06:b6:ce:d0:e0:44:af:6a:17:0b:21:0f:15:
         57:aa:a6:37:1b:50:64:47:7f:2a:82:13:ae:ff:e0:ad:85:dd:
         d7:f6:ed:f4:73:5b:7d:0d:84:11:dc:f3:73:5f:a7:a6:e7:fb:
         61:4a:0d:5d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUPFFMYWYKk+lhxmR9oJJInpX2NygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDExMjUyMzRaFw0yNzA1MzExMjU3MzRaMDMxMTAvBgNV
BAMTKDJEOThBQzkyRDY3MzE4Q0UwQTk0MUNFMzE1RTQ4N0MzRDlFMDZFNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChN584AxPf35TdB/5vk9e7HNIN
dvET2hI4E6vzuIsd48ueUd+oQCIco9IMJnFWTAZWpW/FEAlS9RWVdb+F66hbULc3
KheLi8iSTrJcViYhpVcfRUTGxdD0W4+pKXUvteZXlFZjGJFAFoiak2upzVh/KjoO
6yv/qjVkGUxbXkO0ZVW55XzjzHnL1U0oS6aFugRMRNekvPXua31hkh1hkpEDz1x8
luiBiSGU/7mr19kFcEsKJqld+5maELKOBW18Vf/ARTCK8BmqBWCBj8S+ejkxIPmW
yZXK5tTWvZX6Rf2HF9nmEdW6yo68Oo3ichmcHNC3inu2ly5T/O7FRsUL0kutAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQULZisktZzGM4KlBzjFeSHw9ngbkYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMDU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqN4w
AwQAqN5RMA0GCSqGSIb3DQEBCwUAA4IBAQAnpAPZxuad92KXAEVAlxg96UFv2yT8
H7uVToTWsyml/jgLQ+zf7xn8LDjSEO37g5Q8qqcg/h5zZNWU1D22YNqg/dKc6fYw
o3/F3okOWqQ0seyWRLzOrouSxCek4hUHIdxiAEqVl6u9zADLu0U9OHavj0S8clEV
4KD5XmRwTi4MuDIf25gDjk132RoUavQD0fKbR7X+ZkHZLtG/IebssRegkCSwPMSG
wcffcYQj109z/ke6yuuL5WzmfL1+3akJKjsqLoL+rlK/c/PoSQa2ztDgRK9qFwsh
DxVXqqY3G1BkR38qghOu/+Cthd3X9u30c1t9DYQR3PNzX6em5/thSg1d
-----END CERTIFICATE-----