Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203057.roa
File:                     AS203057.roa (raw, json)
Hash identifier:          itvr4dAJ0HWipASJeMLahTXHnFQCmWKfEaGUbfhzaY8=
Subject key identifier:   83:0F:E2:29:B1:BC:52:F9:8D:BF:46:46:14:A9:23:AE:93:08:FB:E6
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2F24EDBBF188F5457250710C40DBA6AC583BFD47
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203057.roa
Signing time:             Mon 30 Mar 2026 11:18:04 +0000
ROA not before:           Mon 30 Mar 2026 11:13:04 +0000
ROA not after:            Mon 29 Mar 2027 11:18:04 +0000
asID:                     203057
IP address blocks:        143.14.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Apr 2026 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:24:ed:bb:f1:88:f5:45:72:50:71:0c:40:db:a6:ac:58:3b:fd:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 30 11:13:04 2026 GMT
            Not After : Mar 29 11:18:04 2027 GMT
        Subject: CN=830FE229B1BC52F98DBF464614A923AE9308FBE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2e:2e:a3:8d:f3:12:9d:8c:4f:b4:48:73:cb:
                    8d:55:58:46:c2:c1:17:11:fe:e8:1f:89:e9:13:f7:
                    fd:7b:62:1e:52:ff:db:6d:92:26:0b:5d:c3:ee:e4:
                    cf:be:e3:42:f2:54:87:03:3c:b2:77:55:bb:42:1a:
                    9f:f9:de:fb:98:4c:78:29:6d:47:03:9e:68:b1:a2:
                    c3:6e:51:34:66:5f:05:a8:21:a8:ff:03:c7:f4:d6:
                    d4:2c:9b:05:c6:84:16:38:e8:18:54:0c:0a:65:cf:
                    ac:92:10:f7:f8:be:86:d9:4f:dc:b3:9c:dd:41:4a:
                    05:f4:6e:13:95:4b:6e:f3:99:b1:bf:2c:2a:d6:ad:
                    b8:2a:dd:47:eb:01:a6:6b:3b:14:7c:c6:0e:3a:dc:
                    e8:7e:71:2c:77:b4:29:2f:61:b2:20:da:99:d2:47:
                    94:d0:c9:ee:be:41:cb:28:20:02:92:e0:5f:52:51:
                    15:ba:4b:60:65:0d:ce:25:88:c2:05:cb:8c:d5:a4:
                    50:e5:89:9c:5a:c2:7a:59:ea:95:04:0f:aa:2a:c8:
                    da:e5:37:25:10:1e:c4:f7:ac:d2:e1:4d:ba:5a:8e:
                    f5:1d:da:33:67:24:7e:7b:0c:3f:8a:0a:cd:ce:4f:
                    35:47:d2:cb:29:a8:ac:cb:63:09:f7:82:50:3d:a3:
                    8a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0F:E2:29:B1:BC:52:F9:8D:BF:46:46:14:A9:23:AE:93:08:FB:E6
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203057.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:80:30:29:15:cf:c0:17:a4:31:ef:cd:98:0c:6f:b0:a2:ae:
         d6:77:16:0b:0a:c6:3f:3e:41:f2:f5:e9:f8:e4:cb:01:7a:b3:
         51:52:0d:00:de:a0:54:bd:0d:d0:7d:92:ed:b2:59:cc:ee:e6:
         4f:29:04:3b:a7:ff:c7:e1:a3:dc:3c:ef:97:07:fc:f1:10:ca:
         f0:f0:7a:d2:46:25:1e:ae:77:7c:cf:c6:25:f0:b0:bc:dc:81:
         1a:1f:e5:68:65:2a:f7:a0:56:c6:7a:3c:a6:0d:45:42:af:b4:
         b4:ce:9c:35:d6:b1:1e:87:88:8b:f7:f9:be:0c:38:ee:cc:14:
         b0:f5:45:45:d4:3b:ed:f3:9f:3e:9d:13:44:9b:fb:c9:3a:4f:
         e1:be:91:98:87:de:6f:20:db:1e:cf:95:97:3a:94:80:d0:d6:
         9e:b8:4c:5d:58:31:6e:f2:1e:1b:d2:ef:60:1b:0a:b5:e2:54:
         ba:04:78:2f:6e:82:4a:e0:71:3b:b7:ec:5d:32:47:33:68:06:
         85:a9:37:c0:57:b2:c5:2d:49:9b:cc:2e:07:b0:40:e6:ca:db:
         37:65:b0:57:71:fd:a0:9f:9a:9a:75:cf:01:38:c8:06:cf:24:
         ff:24:ec:3a:78:ac:0d:24:71:25:b8:d7:ed:9d:38:81:84:c1:
         f1:1a:95:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULyTtu/GI9UVyUHEMQNumrFg7/UcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMzAxMTEzMDRaFw0yNzAzMjkxMTE4MDRaMDMxMTAvBgNV
BAMTKDgzMEZFMjI5QjFCQzUyRjk4REJGNDY0NjE0QTkyM0FFOTMwOEZCRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Li6jjfMSnYxPtEhzy41VWEbC
wRcR/ugfiekT9/17Yh5S/9ttkiYLXcPu5M++40LyVIcDPLJ3VbtCGp/53vuYTHgp
bUcDnmixosNuUTRmXwWoIaj/A8f01tQsmwXGhBY46BhUDAplz6ySEPf4vobZT9yz
nN1BSgX0bhOVS27zmbG/LCrWrbgq3UfrAaZrOxR8xg463Oh+cSx3tCkvYbIg2pnS
R5TQye6+QcsoIAKS4F9SURW6S2BlDc4liMIFy4zVpFDliZxawnpZ6pUED6oqyNrl
NyUQHsT3rNLhTbpajvUd2jNnJH57DD+KCs3OTzVH0sspqKzLYwn3glA9o4rxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgw/iKbG8UvmNv0ZGFKkjrpMI++YwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMDU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw6m
MA0GCSqGSIb3DQEBCwUAA4IBAQB3gDApFc/AF6Qx782YDG+woq7WdxYLCsY/PkHy
9en45MsBerNRUg0A3qBUvQ3QfZLtslnM7uZPKQQ7p//H4aPcPO+XB/zxEMrw8HrS
RiUernd8z8Yl8LC83IEaH+VoZSr3oFbGejymDUVCr7S0zpw11rEeh4iL9/m+DDju
zBSw9UVF1Dvt858+nRNEm/vJOk/hvpGYh95vINsez5WXOpSA0NaeuExdWDFu8h4b
0u9gGwq14lS6BHgvboJK4HE7t+xdMkczaAaFqTfAV7LFLUmbzC4HsEDmyts3ZbBX
cf2gn5qadc8BOMgGzyT/JOw6eKwNJHEluNftnTiBhMHxGpVf
-----END CERTIFICATE-----