Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          lVIiRCNkuU2QI5h9Sij9ytfETIJyitUfyXhBfAW824g=
Subject key identifier:   D2:8A:53:85:4C:B0:6E:F3:AA:C1:67:45:63:BF:2A:F2:CE:32:30:C3
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6A5EE5F2B35648146A2F2F36172D0FCDB3F5129E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
Signing time:             Sat 31 May 2025 00:02:03 +0000
ROA not before:           Fri 30 May 2025 23:57:03 +0000
ROA not after:            Sat 30 May 2026 00:02:03 +0000
asID:                     20326
IP address blocks:        96.62.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:5e:e5:f2:b3:56:48:14:6a:2f:2f:36:17:2d:0f:cd:b3:f5:12:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 30 23:57:03 2025 GMT
            Not After : May 30 00:02:03 2026 GMT
        Subject: CN=D28A53854CB06EF3AAC1674563BF2AF2CE3230C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:dd:ac:14:d0:1a:24:82:9c:7e:21:42:10:66:
                    3c:0c:61:ea:d5:2c:18:ea:41:9d:0f:9f:29:6c:c3:
                    a9:69:16:35:eb:e3:c8:29:0b:fe:6b:7c:a8:f3:67:
                    3c:dc:f5:00:99:07:61:a1:80:d7:a6:17:b0:cb:37:
                    68:c9:7f:65:63:a3:ab:f2:d6:a9:9b:57:35:b8:3c:
                    06:ab:41:04:72:de:2c:95:76:0e:ec:5e:0e:6d:ef:
                    1a:ee:64:5e:b1:b0:d0:c3:4b:dd:14:b4:6a:bd:d4:
                    8f:92:c4:3b:f9:0f:9f:62:4f:6c:d0:7a:d1:17:7e:
                    06:7d:fc:ef:96:a2:de:84:1f:ee:d3:06:e1:60:64:
                    64:3a:5a:da:55:d5:0a:da:80:c5:92:6c:96:8b:fa:
                    61:7d:f8:41:3b:c2:63:58:4e:77:75:44:ac:a5:7c:
                    5a:69:09:19:40:ec:7c:b9:4e:a2:07:40:b2:51:8e:
                    fa:57:c7:70:4a:c0:f4:00:df:a6:dc:d8:94:38:fa:
                    66:95:3d:cf:8e:af:6c:4f:4f:fb:a7:03:cd:f7:f9:
                    ce:81:f4:f5:1d:a6:95:3f:39:e3:5a:07:f9:e1:f8:
                    24:44:58:9a:34:40:5e:bd:66:46:05:3f:62:27:81:
                    52:0f:f6:e3:9e:c3:9e:63:81:d2:99:e2:7e:08:e0:
                    51:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8A:53:85:4C:B0:6E:F3:AA:C1:67:45:63:BF:2A:F2:CE:32:30:C3
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:ba:9e:2e:86:ab:d4:fc:49:5d:82:63:38:66:60:ff:dd:4d:
         83:a8:3a:54:10:54:78:81:f6:b6:e9:80:4b:35:69:f3:8c:46:
         57:37:3b:1d:e1:0f:90:c3:6f:47:8a:45:7d:3d:3e:35:04:eb:
         e0:05:23:fb:ef:6d:80:1f:e6:fe:b7:41:5f:b3:2e:62:50:2a:
         62:3d:b6:67:c1:00:08:fe:61:32:27:3d:f3:c3:00:47:95:61:
         75:ab:a6:2e:d6:b5:5e:4e:78:63:dd:86:bf:db:b4:f2:d9:04:
         76:15:9f:37:51:db:3e:fb:e6:a0:22:8b:63:fd:ba:79:f7:97:
         71:db:75:99:a7:a8:90:a6:2c:9b:5e:04:be:08:38:74:98:a4:
         77:eb:f8:72:43:ab:af:99:c8:50:30:3d:19:7c:d1:58:98:cf:
         64:08:df:48:63:ba:c9:ec:bc:11:24:be:c1:51:10:50:af:55:
         a4:34:4e:a5:40:28:a1:fc:90:fc:38:4a:3b:92:74:f1:60:fd:
         3a:72:cc:49:90:f7:d6:b8:61:7c:5c:2c:1b:ef:86:47:7a:cf:
         e3:da:ec:33:71:9a:a8:fa:68:42:31:1c:df:fe:e8:9b:8f:10:
         00:a1:c6:d8:43:d4:36:87:3e:4b:3d:bf:fc:db:12:ec:c1:05:
         bf:fd:8d:49
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUal7l8rNWSBRqLy82Fy0PzbP1Ep4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MzAyMzU3MDNaFw0yNjA1MzAwMDAyMDNaMDMxMTAvBgNV
BAMTKEQyOEE1Mzg1NENCMDZFRjNBQUMxNjc0NTYzQkYyQUYyQ0UzMjMwQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC13awU0Bokgpx+IUIQZjwMYerV
LBjqQZ0Pnylsw6lpFjXr48gpC/5rfKjzZzzc9QCZB2GhgNemF7DLN2jJf2Vjo6vy
1qmbVzW4PAarQQRy3iyVdg7sXg5t7xruZF6xsNDDS90UtGq91I+SxDv5D59iT2zQ
etEXfgZ9/O+Wot6EH+7TBuFgZGQ6WtpV1QragMWSbJaL+mF9+EE7wmNYTnd1RKyl
fFppCRlA7Hy5TqIHQLJRjvpXx3BKwPQA36bc2JQ4+maVPc+Or2xPT/unA833+c6B
9PUdppU/OeNaB/nh+CREWJo0QF69ZkYFP2IngVIP9uOew55jgdKZ4n4I4FFzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU0opThUywbvOqwWdFY78q8s4yMMMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANgPsgw
DQYJKoZIhvcNAQELBQADggEBAGS6ni6Gq9T8SV2CYzhmYP/dTYOoOlQQVHiB9rbp
gEs1afOMRlc3Ox3hD5DDb0eKRX09PjUE6+AFI/vvbYAf5v63QV+zLmJQKmI9tmfB
AAj+YTInPfPDAEeVYXWrpi7WtV5OeGPdhr/btPLZBHYVnzdR2z775qAii2P9unn3
l3HbdZmnqJCmLJteBL4IOHSYpHfr+HJDq6+ZyFAwPRl80ViYz2QI30hjusnsvBEk
vsFREFCvVaQ0TqVAKKH8kPw4SjuSdPFg/TpyzEmQ99a4YXxcLBvvhkd6z+Pa7DNx
mqj6aEIxHN/+6JuPEAChxthD1DaHPks9v/zbEuzBBb/9jUk=
-----END CERTIFICATE-----